scottk/nDPId
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/nDPId.git synced 2025-11-02 11:17:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

nDPId: Added error event threshold to prevent event spamming which may be abused.

Browse Source 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
This commit is contained in:
Toni Uhlig
2022-10-16 23:02:52 +02:00
parent 6292102f93
commit 49352698a0
71 changed files with 1369 additions and 29332 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
config.h
View File

@@ -22,6 +22,8 @@
#define nDPId_MAX_FLOWS_PER_THREAD 4096u
#define nDPId_MAX_IDLE_FLOWS_PER_THREAD (nDPId_MAX_FLOWS_PER_THREAD / 32u)
#define nDPId_MAX_READER_THREADS 32u
#define nDPId_ERROR_EVENT_THRESHOLD_N 16u
#define nDPId_ERROR_EVENT_THRESHOLD_TIME TIME_S_TO_US(10u) /* 10 sec */
#define nDPId_DAEMON_STATUS_INTERVAL TIME_S_TO_US(600u) /* 600 sec */
#define nDPId_MEMORY_PROFILING_LOG_INTERVAL TIME_S_TO_US(5u) /* 5 sec */
#define nDPId_COMPRESSION_SCAN_INTERVAL TIME_S_TO_US(20u) /* 20 sec */

4
examples/py-flow-info/flow-info.py
View File

@@ -294,9 +294,9 @@ def onJsonLineRecvd(json_dict, instance, current_flow, global_user_data):
stats.printStatus()
return True
if 'error_event_id' in json_dict:
print('{}{}{} {}: {}'.format(timestamp, basic_daemon_event_prefix, instance_and_source,
print('{}{}{} {}: {} [{}/{}]'.format(timestamp, basic_daemon_event_prefix, instance_and_source,
prettifyEvent([TermColor.FAIL, TermColor.BLINK], 15, 'ERROR-EVENT'),
json_dict['error_event_name']))
json_dict['error_event_name'], json_dict['threshold_n'], json_dict['threshold_n_max']))
stats.printStatus()
return True
elif 'flow_event_id' not in json_dict:

174
nDPId.c
View File

@@ -251,10 +251,7 @@ struct nDPId_workflow
MT_VALUE(error_or_eof, uint8_t);
uint8_t is_pcap_file;
uint8_t max_flow_to_track_reached : 1;
uint8_t flow_allocation_already_failed : 1;
uint8_t reserved_00;
uint16_t error_count;
unsigned long long int packets_captured;
unsigned long long int packets_processed;
@@ -282,6 +279,7 @@ struct nDPId_workflow
uint64_t last_status_time;
uint64_t last_global_time;
uint64_t last_thread_time;
uint64_t last_error_time;
void ** ndpi_flows_active;
unsigned long long int max_active_flows;
@@ -484,6 +482,8 @@ static struct
unsigned long long int max_packets_per_flow_to_send;
unsigned long long int max_packets_per_flow_to_process;
unsigned long long int max_packets_per_flow_to_analyse;
unsigned long long int error_event_threshold_n;
unsigned long long int error_event_threshold_time;
} nDPId_options = {.pidfile = nDPId_PIDFILE,
.user = "nobody",
.collector_address = COLLECTOR_UNIX_SOCKET,
@@ -506,7 +506,9 @@ static struct
.tcp_max_post_end_flow_time = nDPId_TCP_POST_END_FLOW_TIME,
.max_packets_per_flow_to_send = nDPId_PACKETS_PER_FLOW_TO_SEND,
.max_packets_per_flow_to_process = nDPId_PACKETS_PER_FLOW_TO_PROCESS,
.max_packets_per_flow_to_analyse = nDPId_PACKETS_PER_FLOW_TO_ANALYZE};
.max_packets_per_flow_to_analyse = nDPId_PACKETS_PER_FLOW_TO_ANALYZE,
.error_event_threshold_n = nDPId_ERROR_EVENT_THRESHOLD_N,
.error_event_threshold_time = nDPId_ERROR_EVENT_THRESHOLD_TIME};
enum nDPId_subopts
{
@@ -530,6 +532,8 @@ enum nDPId_subopts
MAX_PACKETS_PER_FLOW_TO_SEND,
MAX_PACKETS_PER_FLOW_TO_PROCESS,
MAX_PACKETS_PER_FLOW_TO_ANALYZE,
ERROR_EVENT_THRESHOLD_N,
ERROR_EVENT_THRESHOLD_TIME,
};
static char * const subopt_token[] = {[MAX_FLOWS_PER_THREAD] = "max-flows-per-thread",
[MAX_IDLE_FLOWS_PER_THREAD] = "max-idle-flows-per-thread",
@@ -551,6 +555,8 @@ static char * const subopt_token[] = {[MAX_FLOWS_PER_THREAD] = "max-flows-per-th
[MAX_PACKETS_PER_FLOW_TO_SEND] = "max-packets-per-flow-to-send",
[MAX_PACKETS_PER_FLOW_TO_PROCESS] = "max-packets-per-flow-to-process",
[MAX_PACKETS_PER_FLOW_TO_ANALYZE] = "max-packets-per-flow-to-analyse",
[ERROR_EVENT_THRESHOLD_N] = "error-event-threshold-n",
[ERROR_EVENT_THRESHOLD_TIME] = "error-event-threshold-time",
NULL};
static void sighandler(int signum);
@@ -1657,6 +1663,23 @@ static int is_flow_update_required(struct nDPId_workflow const * const workflow,
return flow_ext->last_flow_update + itime <= workflow->last_thread_time;
}
static int is_error_event_threshold(struct nDPId_workflow * const workflow)
{
if (workflow->last_global_time - workflow->last_error_time > nDPId_options.error_event_threshold_time)
{
workflow->error_count = 0;
}
workflow->last_error_time = workflow->last_global_time;
if (workflow->error_count >= nDPId_options.error_event_threshold_n)
{
return 1;
}
workflow->error_count++;
return 0;
}
static void ndpi_idle_scan_walker(void const * const A, ndpi_VISIT which, int depth, void * const user_data)
{
struct nDPId_workflow * const workflow = (struct nDPId_workflow *)user_data;
@@ -2902,6 +2925,16 @@ __attribute__((format(printf, 3, 4))) static void jsonize_error_eventf(struct nD
ndpi_serialize_string_int32(&reader_thread->workflow->ndpi_serializer,
"datalink",
pcap_datalink(reader_thread->workflow->pcap_handle));
ndpi_serialize_string_uint32(&reader_thread->workflow->ndpi_serializer, "threshold_n", workflow->error_count);
ndpi_serialize_string_uint32(&reader_thread->workflow->ndpi_serializer,
"threshold_n_max",
nDPId_options.error_event_threshold_n);
ndpi_serialize_string_uint64(&reader_thread->workflow->ndpi_serializer,
"threshold_time",
nDPId_options.error_event_threshold_time);
ndpi_serialize_string_uint64(&reader_thread->workflow->ndpi_serializer,
"threshold_ts_usec",
workflow->last_error_time);
switch (event)
{
@@ -3039,6 +3072,8 @@ static int process_datalink_layer(struct nDPId_reader_thread * const reader_thre
*layer3_type = ETH_P_IPV6;
}
else
{
if (is_error_event_threshold(reader_thread->workflow) == 0)
{
jsonize_error_eventf(reader_thread,
UNKNOWN_DATALINK_LAYER,
@@ -3046,6 +3081,7 @@ static int process_datalink_layer(struct nDPId_reader_thread * const reader_thre
"layer_type",
ntohl(*((uint32_t *)&packet[eth_offset])));
jsonize_packet_event(reader_thread, header, packet, 0, 0, 0, 0, NULL, PACKET_EVENT_PAYLOAD);
}
return 1;
}
*ip_offset = sizeof(dlt_hdr) + eth_offset;
@@ -3054,6 +3090,8 @@ static int process_datalink_layer(struct nDPId_reader_thread * const reader_thre
case DLT_PPP_SERIAL:
{
if (header->caplen < sizeof(struct ndpi_chdlc))
{
if (is_error_event_threshold(reader_thread->workflow) == 0)
{
jsonize_error_eventf(reader_thread,
PACKET_TOO_SHORT,
@@ -3063,6 +3101,7 @@ static int process_datalink_layer(struct nDPId_reader_thread * const reader_thre
"expected",
sizeof(struct ndpi_chdlc));
jsonize_packet_event(reader_thread, header, packet, 0, 0, 0, 0, NULL, PACKET_EVENT_PAYLOAD);
}
return 1;
}
@@ -3074,6 +3113,8 @@ static int process_datalink_layer(struct nDPId_reader_thread * const reader_thre
case DLT_C_HDLC:
case DLT_PPP:
if (header->caplen < sizeof(struct ndpi_chdlc))
{
if (is_error_event_threshold(reader_thread->workflow) == 0)
{
jsonize_error_eventf(reader_thread,
PACKET_TOO_SHORT,
@@ -3083,6 +3124,7 @@ static int process_datalink_layer(struct nDPId_reader_thread * const reader_thre
"expected",
sizeof(struct ndpi_chdlc));
jsonize_packet_event(reader_thread, header, packet, 0, 0, 0, 0, NULL, PACKET_EVENT_PAYLOAD);
}
return 1;
}
@@ -3100,10 +3142,13 @@ static int process_datalink_layer(struct nDPId_reader_thread * const reader_thre
break;
case DLT_LINUX_SLL:
if (header->caplen < 16)
{
if (is_error_event_threshold(reader_thread->workflow) == 0)
{
jsonize_error_eventf(
reader_thread, PACKET_TOO_SHORT, "%s%u %s%u", "size", header->caplen, "expected", 16);
jsonize_packet_event(reader_thread, header, packet, 0, 0, 0, 0, NULL, PACKET_EVENT_PAYLOAD);
}
return 1;
}
@@ -3113,6 +3158,8 @@ static int process_datalink_layer(struct nDPId_reader_thread * const reader_thre
case DLT_IEEE802_11_RADIO:
{
if (header->caplen < sizeof(struct ndpi_radiotap_header))
{
if (is_error_event_threshold(reader_thread->workflow) == 0)
{
jsonize_error_eventf(reader_thread,
PACKET_TOO_SHORT,
@@ -3122,6 +3169,7 @@ static int process_datalink_layer(struct nDPId_reader_thread * const reader_thre
"expected",
sizeof(struct ndpi_radiotap_header));
jsonize_packet_event(reader_thread, header, packet, 0, 0, 0, 0, NULL, PACKET_EVENT_PAYLOAD);
}
return 1;
}
@@ -3131,13 +3179,18 @@ static int process_datalink_layer(struct nDPId_reader_thread * const reader_thre
/* Check Bad FCS presence */
if ((radiotap->flags & BAD_FCS) == BAD_FCS)
{
if (is_error_event_threshold(reader_thread->workflow) == 0)
{
jsonize_error_eventf(reader_thread, PACKET_HEADER_INVALID, "%s%s", "reason", "Bad FCS presence");
jsonize_packet_event(reader_thread, header, packet, 0, 0, 0, 0, NULL, PACKET_EVENT_PAYLOAD);
}
return 1;
}
if (header->caplen < (eth_offset + radio_len + sizeof(struct ndpi_wifi_header)))
{
if (is_error_event_threshold(reader_thread->workflow) == 0)
{
jsonize_error_eventf(reader_thread,
PACKET_TOO_SHORT,
@@ -3147,6 +3200,7 @@ static int process_datalink_layer(struct nDPId_reader_thread * const reader_thre
"expected",
(eth_offset + radio_len + sizeof(struct ndpi_wifi_header)));
jsonize_packet_event(reader_thread, header, packet, 0, 0, 0, 0, NULL, PACKET_EVENT_PAYLOAD);
}
return 1;
}
@@ -3207,6 +3261,8 @@ static int process_datalink_layer(struct nDPId_reader_thread * const reader_thre
break;
case DLT_EN10MB:
if (header->caplen < sizeof(struct ndpi_ethhdr))
{
if (is_error_event_threshold(reader_thread->workflow) == 0)
{
jsonize_error_eventf(reader_thread,
PACKET_TOO_SHORT,
@@ -3216,6 +3272,7 @@ static int process_datalink_layer(struct nDPId_reader_thread * const reader_thre
"expected",
sizeof(struct ndpi_ethhdr));
jsonize_packet_event(reader_thread, header, packet, 0, 0, 0, 0, NULL, PACKET_EVENT_PAYLOAD);
}
return 1;
}
@@ -3227,6 +3284,8 @@ static int process_datalink_layer(struct nDPId_reader_thread * const reader_thre
if (*layer3_type == ETHERTYPE_DCE)
{
if (header->caplen < sizeof(struct ndpi_ethhdr) + 20 /* sizeof(Ethernet/DCE-header) */)
{
if (is_error_event_threshold(reader_thread->workflow) == 0)
{
jsonize_error_eventf(reader_thread,
PACKET_TOO_SHORT,
@@ -3237,6 +3296,7 @@ static int process_datalink_layer(struct nDPId_reader_thread * const reader_thre
sizeof(struct ndpi_ethhdr) + 2);
jsonize_packet_event(
reader_thread, header, packet, *layer3_type, *ip_offset, 0, 0, NULL, PACKET_EVENT_PAYLOAD);
}
return 1;
}
ethernet = (struct ndpi_ethhdr *)&packet[eth_offset + 20];
@@ -3248,6 +3308,8 @@ static int process_datalink_layer(struct nDPId_reader_thread * const reader_thre
if (*layer3_type == ETHERTYPE_VLAN)
{
if (header->caplen < sizeof(struct ndpi_ethhdr) + 4 /* sizeof(802.1Q-header) */)
{
if (is_error_event_threshold(reader_thread->workflow) == 0)
{
jsonize_error_eventf(reader_thread,
PACKET_TOO_SHORT,
@@ -3258,6 +3320,7 @@ static int process_datalink_layer(struct nDPId_reader_thread * const reader_thre
sizeof(struct ndpi_ethhdr) + 4);
jsonize_packet_event(
reader_thread, header, packet, *layer3_type, *ip_offset, 0, 0, NULL, PACKET_EVENT_PAYLOAD);
}
return 1;
}
*layer3_type = ntohs(*(uint16_t *)&packet[*ip_offset + 2]);
@@ -3268,6 +3331,8 @@ static int process_datalink_layer(struct nDPId_reader_thread * const reader_thre
{
case ETH_P_IP: /* IPv4 */
if (header->caplen < sizeof(struct ndpi_ethhdr) + sizeof(struct ndpi_iphdr))
{
if (is_error_event_threshold(reader_thread->workflow) == 0)
{
jsonize_error_eventf(reader_thread,
IP4_PACKET_TOO_SHORT,
@@ -3276,13 +3341,23 @@ static int process_datalink_layer(struct nDPId_reader_thread * const reader_thre
header->caplen,
"expected",
sizeof(struct ndpi_ethhdr) + sizeof(struct ndpi_iphdr));
jsonize_packet_event(
reader_thread, header, packet, *layer3_type, *ip_offset, 0, 0, NULL, PACKET_EVENT_PAYLOAD);
jsonize_packet_event(reader_thread,
header,
packet,
*layer3_type,
*ip_offset,
0,
0,
NULL,
PACKET_EVENT_PAYLOAD);
}
return 1;
}
break;
case ETH_P_IPV6: /* IPV6 */
if (header->caplen < sizeof(struct ndpi_ethhdr) + sizeof(struct ndpi_ipv6hdr))
{
if (is_error_event_threshold(reader_thread->workflow) == 0)
{
jsonize_error_eventf(reader_thread,
IP6_PACKET_TOO_SHORT,
@@ -3291,8 +3366,16 @@ static int process_datalink_layer(struct nDPId_reader_thread * const reader_thre
header->caplen,
"expected",
sizeof(struct ndpi_ethhdr) + sizeof(struct ndpi_ipv6hdr));
jsonize_packet_event(
reader_thread, header, packet, *layer3_type, *ip_offset, 0, 0, NULL, PACKET_EVENT_PAYLOAD);
jsonize_packet_event(reader_thread,
header,
packet,
*layer3_type,
*ip_offset,
0,
0,
NULL,
PACKET_EVENT_PAYLOAD);
}
return 1;
}
break;
@@ -3301,9 +3384,12 @@ static int process_datalink_layer(struct nDPId_reader_thread * const reader_thre
case ETH_P_ARP: /* ARP */
return 1;
default:
if (is_error_event_threshold(reader_thread->workflow) == 0)
{
jsonize_error_eventf(reader_thread, PACKET_TYPE_UNKNOWN, "%s%u", "layer_type", *layer3_type);
jsonize_packet_event(
reader_thread, header, packet, *layer3_type, *ip_offset, 0, 0, NULL, PACKET_EVENT_PAYLOAD);
}
return 1;
}
break;
@@ -3321,9 +3407,15 @@ static int process_datalink_layer(struct nDPId_reader_thread * const reader_thre
case DLT_DSA_TAG_EDSA:
return 1;
default:
jsonize_error_eventf(
reader_thread, UNKNOWN_DATALINK_LAYER, "%s%u", "layer_type", ntohl(*((uint32_t *)&packet[eth_offset])));
if (is_error_event_threshold(reader_thread->workflow) == 0)
{
jsonize_error_eventf(reader_thread,
UNKNOWN_DATALINK_LAYER,
"%s%u",
"layer_type",
ntohl(*((uint32_t *)&packet[eth_offset])));
jsonize_packet_event(reader_thread, header, packet, 0, 0, 0, 0, NULL, PACKET_EVENT_PAYLOAD);
}
return 1;
}
@@ -3479,7 +3571,7 @@ static void ndpi_process_packet(uint8_t * const args,
}
else
{
if (distribute_single_packet(reader_thread) != 0)
if (distribute_single_packet(reader_thread) != 0 && is_error_event_threshold(reader_thread->workflow) == 0)
{
jsonize_error_eventf(reader_thread, UNKNOWN_L3_PROTOCOL, "%s%u", "protocol", type);
jsonize_packet_event(reader_thread, header, packet, type, ip_offset, 0, 0, NULL, PACKET_EVENT_PAYLOAD);
@@ -3492,7 +3584,7 @@ static void ndpi_process_packet(uint8_t * const args,
{
if (header->caplen < header->len)
{
if (distribute_single_packet(reader_thread) != 0)
if (distribute_single_packet(reader_thread) != 0 && is_error_event_threshold(reader_thread->workflow) == 0)
{
jsonize_error_eventf(reader_thread,
CAPTURE_SIZE_SMALLER_THAN_PACKET_SIZE,
@@ -3511,7 +3603,7 @@ static void ndpi_process_packet(uint8_t * const args,
{
if (ip_size < sizeof(*ip))
{
if (distribute_single_packet(reader_thread) != 0)
if (distribute_single_packet(reader_thread) != 0 && is_error_event_threshold(reader_thread->workflow) == 0)
{
jsonize_error_eventf(reader_thread,
IP4_SIZE_SMALLER_THAN_HEADER,
@@ -3530,7 +3622,7 @@ static void ndpi_process_packet(uint8_t * const args,
if (ndpi_detection_get_l4(
(uint8_t *)ip, ip_size, &l4_ptr, &l4_len, &flow_basic.l4_protocol, NDPI_DETECTION_ONLY_IPV4) != 0)
{
if (distribute_single_packet(reader_thread) != 0)
if (distribute_single_packet(reader_thread) != 0 && is_error_event_threshold(reader_thread->workflow) == 0)
{
jsonize_error_eventf(
reader_thread, IP4_L4_PAYLOAD_DETECTION_FAILED, "%s%zu", "l4_data_len", ip_size - sizeof(*ip));
@@ -3548,7 +3640,7 @@ static void ndpi_process_packet(uint8_t * const args,
{
if (ip_size < sizeof(ip6->ip6_hdr))
{
if (distribute_single_packet(reader_thread) != 0)
if (distribute_single_packet(reader_thread) != 0 && is_error_event_threshold(reader_thread->workflow) == 0)
{
jsonize_error_eventf(reader_thread,
IP6_SIZE_SMALLER_THAN_HEADER,
@@ -3566,7 +3658,7 @@ static void ndpi_process_packet(uint8_t * const args,
if (ndpi_detection_get_l4(
(uint8_t *)ip6, ip_size, &l4_ptr, &l4_len, &flow_basic.l4_protocol, NDPI_DETECTION_ONLY_IPV6) != 0)
{
if (distribute_single_packet(reader_thread) != 0)
if (distribute_single_packet(reader_thread) != 0 && is_error_event_threshold(reader_thread->workflow) == 0)
{
jsonize_error_eventf(
reader_thread, IP6_L4_PAYLOAD_DETECTION_FAILED, "%s%zu", "l4_data_len", ip_size - sizeof(*ip));
@@ -3596,7 +3688,7 @@ static void ndpi_process_packet(uint8_t * const args,
}
else
{
if (distribute_single_packet(reader_thread) != 0)
if (distribute_single_packet(reader_thread) != 0 && is_error_event_threshold(reader_thread->workflow) == 0)
{
jsonize_error_eventf(reader_thread, UNKNOWN_L3_PROTOCOL, "%s%u", "protocol", type);
jsonize_packet_event(reader_thread, header, packet, type, ip_offset, 0, 0, NULL, PACKET_EVENT_PAYLOAD);
@@ -3609,7 +3701,7 @@ static void ndpi_process_packet(uint8_t * const args,
{
if (header->caplen < (l4_ptr - packet) + sizeof(struct ndpi_tcphdr))
{
if (distribute_single_packet(reader_thread) != 0)
if (distribute_single_packet(reader_thread) != 0 && is_error_event_threshold(reader_thread->workflow) == 0)
{
jsonize_error_eventf(reader_thread,
TCP_PACKET_TOO_SHORT,
@@ -3643,7 +3735,7 @@ static void ndpi_process_packet(uint8_t * const args,
if (header->caplen < (l4_ptr - packet) + sizeof(struct ndpi_udphdr))
{
if (distribute_single_packet(reader_thread) != 0)
if (distribute_single_packet(reader_thread) != 0 && is_error_event_threshold(reader_thread->workflow) == 0)
{
jsonize_error_eventf(reader_thread,
UDP_PACKET_TOO_SHORT,
@@ -3775,7 +3867,8 @@ static void ndpi_process_packet(uint8_t * const args,
{
if (is_ip_in_subnet(&flow_basic.src, netmask, subnet, flow_basic.l3_type) == 0)
{
if (add_new_flow(workflow, &flow_basic, FS_SKIPPED, hashed_index) == NULL)
if (add_new_flow(workflow, &flow_basic, FS_SKIPPED, hashed_index) == NULL &&
is_error_event_threshold(reader_thread->workflow) == 0)
{
jsonize_error_eventf(reader_thread,
FLOW_MEMORY_ALLOCATION_FAILED,
@@ -3799,7 +3892,8 @@ static void ndpi_process_packet(uint8_t * const args,
{
if (is_ip_in_subnet(&flow_basic.src, netmask, subnet, flow_basic.l3_type) != 0)
{
if (add_new_flow(workflow, &flow_basic, FS_SKIPPED, hashed_index) == NULL)
if (add_new_flow(workflow, &flow_basic, FS_SKIPPED, hashed_index) == NULL &&
is_error_event_threshold(reader_thread->workflow) == 0)
{
jsonize_error_eventf(reader_thread,
FLOW_MEMORY_ALLOCATION_FAILED,
@@ -3822,10 +3916,8 @@ static void ndpi_process_packet(uint8_t * const args,
if (workflow->cur_active_flows == workflow->max_active_flows)
{
if (workflow->max_flow_to_track_reached == 0)
if (is_error_event_threshold(reader_thread->workflow) == 0)
{
workflow->max_flow_to_track_reached = 1;
jsonize_error_eventf(reader_thread,
MAX_FLOW_TO_TRACK,
"%s%llu %s%llu %s%llu %s%llu",
@@ -3849,15 +3941,12 @@ static void ndpi_process_packet(uint8_t * const args,
}
return;
}
workflow->max_flow_to_track_reached = 0;
flow_to_process = (struct nDPId_flow *)add_new_flow(workflow, &flow_basic, FS_INFO, hashed_index);
if (flow_to_process == NULL)
{
if (workflow->flow_allocation_already_failed == 0)
if (is_error_event_threshold(reader_thread->workflow) == 0)
{
workflow->flow_allocation_already_failed = 1;
jsonize_error_eventf(
reader_thread, FLOW_MEMORY_ALLOCATION_FAILED, "%s%zu", "size", sizeof(*flow_to_process));
jsonize_packet_event(reader_thread,
@@ -3872,17 +3961,26 @@ static void ndpi_process_packet(uint8_t * const args,
}
return;
}
workflow->flow_allocation_already_failed = 0;
workflow->total_active_flows++;
flow_to_process->flow_extended.flow_id = MT_GET_AND_ADD(global_flow_id, 1);
if (alloc_detection_data(flow_to_process) != 0)
{
if (is_error_event_threshold(reader_thread->workflow) == 0)
{
jsonize_error_eventf(
reader_thread, FLOW_MEMORY_ALLOCATION_FAILED, "%s%zu", "size", sizeof(*flow_to_process));
jsonize_packet_event(
reader_thread, header, packet, type, ip_offset, (l4_ptr - packet), l4_len, NULL, PACKET_EVENT_PAYLOAD);
jsonize_packet_event(reader_thread,
header,
packet,
type,
ip_offset,
(l4_ptr - packet),
l4_len,
NULL,
PACKET_EVENT_PAYLOAD);
}
return;
}
@@ -4703,6 +4801,12 @@ static void print_subopt_usage(void)
case MAX_PACKETS_PER_FLOW_TO_ANALYZE:
fprintf(stderr, "%llu\n", nDPId_options.max_packets_per_flow_to_analyse);
break;
case ERROR_EVENT_THRESHOLD_N:
fprintf(stderr, "%llu\n", nDPId_options.error_event_threshold_n);
break;
case ERROR_EVENT_THRESHOLD_TIME:
fprintf(stderr, "%llu\n", nDPId_options.error_event_threshold_time);
break;
}
}
else
@@ -4926,6 +5030,12 @@ static int nDPId_parse_options(int argc, char ** argv)
case MAX_PACKETS_PER_FLOW_TO_ANALYZE:
nDPId_options.max_packets_per_flow_to_analyse = value_llu;
break;
case ERROR_EVENT_THRESHOLD_N:
nDPId_options.error_event_threshold_n = value_llu;
break;
case ERROR_EVENT_THRESHOLD_TIME:
nDPId_options.error_event_threshold_time = value_llu;
break;
}
}
break;

2
packages/openwrt/net/nDPId-testing/nDPId-testing.config
View File

@@ -54,3 +54,5 @@ config nDPId
#option 'max_packets_per_flow_to_send' 15
#option 'max_packets_per_flow_to_process' 32
#option 'max_packets_per_flow_to_analyse' 32
#option 'error_event_threshold_n' 16
#option 'error_event_threshold_time' 10000000

6
packages/openwrt/net/nDPId-testing/nDPId-testing.init
View File

@@ -91,6 +91,8 @@ start_ndpid_instance() {
args="$args$(print_arg_str "$cfg" 'max_packets_per_flow_to_send' '-omax-packets-per-flow-to-send=')"
args="$args$(print_arg_str "$cfg" 'max_packets_per_flow_to_process' '-omax-packets-per-flow-to-process=')"
args="$args$(print_arg_str "$cfg" 'max_packets_per_flow_to_analyse' '-omax-packets-per-flow-to-analyse=')"
args="$args$(print_arg_str "$cfg" 'error_event_threshold_n' '-oerror-event-threshold-n=')"
args="$args$(print_arg_str "$cfg" 'error_event_threshold_time' '-oerror-event-threshold-time=')"
procd_open_instance
procd_set_param command ${NDPID_BIN}
@@ -133,7 +135,9 @@ validate_ndpid_section() {
'tcp_max_post_end_flow_time:uinteger' \
'max_packets_per_flow_to_send:uinteger' \
'max_packets_per_flow_to_process:uinteger' \
'max_packets_per_flow_to_analyse:uinteger'
'max_packets_per_flow_to_analyse:uinteger' \
'error_event_threshold_n:uinteger' \
'error_event_threshold_time:uinteger'
}
start_ndpisrvd_instance() {

23
schema/error_event_schema.json
View File

@@ -7,6 +7,10 @@
"error_event_id",
"error_event_name",
"datalink",
"threshold_n",
"threshold_n_max",
"threshold_time",
"threshold_ts_usec",
"global_ts_usec"
],
@@ -115,6 +119,25 @@
"maximum": 292
},
"threshold_n": {
"type": "number",
"minimum": 1
},
"threshold_n_max": {
"type": "number",
"minimum": 1,
"maximum": 65535
},
"threshold_time": {
"type": "number"
},
"threshold_ts_usec": {
"type": "number"
},
"layer_type": {
"type": "number",
"minimum": 0

14
test/results/4in4tunnel.pcap.out
View File

@@ -1,18 +1,18 @@
00490{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"4in4tunnel.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":3265032704,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
00553{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"4in4tunnel.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1537044271794779}
00190{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1,"source":"4in4tunnel.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1537044271794779}
00290{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1537044271794779,"packet_id":1,"source":"4in4tunnel.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1537044271794779}
00506{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"4in4tunnel.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":170,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":170,"pkt_l4_len":0,"thread_ts_usec":1537044271794779,"pkt":"AAAAAAAEpMZPO7OagQBmWIEAYfkIAEW4AJToWAAA\/wQRSEVDI5Ipyi5uRbgAgAABAAD+Ed6ECgpkGQoKZQLzn0JoAGxLmgACAAAEc2wQAAAAAAABAACrzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq80="}
00553{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":2,"source":"4in4tunnel.pcap","alias":"nDPId-test","packets-captured":2,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":5,"global_ts_usec":1537058551803081}
00190{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2,"source":"4in4tunnel.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1537058551803081}
00290{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1537058551803081,"packet_id":2,"source":"4in4tunnel.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1537058551803081}
00506{"packet_event_id":1,"packet_event_name":"packet","packet_id":2,"source":"4in4tunnel.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":170,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":170,"pkt_l4_len":0,"thread_ts_usec":1537044271794779,"pkt":"AAAAAAAEpMZPO7OagQBmWIEAYfkIAEW4AJRbZwAA\/wSeOUVDI5Ipyi5uRbgAgAABAAD+Ed6ECgpkGQoKZQLzn0JoAGzGjAACAAAAJvVqAAAAAAABAACrzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq80="}
00553{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"4in4tunnel.pcap","alias":"nDPId-test","packets-captured":3,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_usec":1537082929816392}
00190{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":3,"source":"4in4tunnel.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1537082929816392}
00290{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1537082929816392,"packet_id":3,"source":"4in4tunnel.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1537082929816392}
00506{"packet_event_id":1,"packet_event_name":"packet","packet_id":3,"source":"4in4tunnel.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":170,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":170,"pkt_l4_len":0,"thread_ts_usec":1537044271794779,"pkt":"AAAAAAAEpMZPO7OagQBmWIEAYfkIAEW4AJRsDwAA\/wSNkUVDI5Ipyi5uRbgAgAABAAD+Ed6ECgpkGQoKZQLzn0JoAGzKXAACAAABmvAmAAAAAAABAACrzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq80="}
00554{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4,"source":"4in4tunnel.pcap","alias":"nDPId-test","packets-captured":4,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1537138237839574}
00190{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":4,"source":"4in4tunnel.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1537138237839574}
00290{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1537138237839574,"packet_id":4,"source":"4in4tunnel.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1537138237839574}
00506{"packet_event_id":1,"packet_event_name":"packet","packet_id":4,"source":"4in4tunnel.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":170,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":170,"pkt_l4_len":0,"thread_ts_usec":1537044271794779,"pkt":"AAAAAAAEpMZPO7OagQBmWIEAYfkIAEW4AJRnMwAA\/wSSbUVDI5Ipyi5uRbgAgAABAAD+Ed6ECgpkGQoKZQLzn0JoAGzXzgACAAAE5t9oAAAAAAABAACrzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq80="}
00554{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"4in4tunnel.pcap","alias":"nDPId-test","packets-captured":5,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_usec":1537165843864842}
00190{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":5,"source":"4in4tunnel.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1537165843864842}
00290{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1537165843864842,"packet_id":5,"source":"4in4tunnel.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1537165843864842}
00506{"packet_event_id":1,"packet_event_name":"packet","packet_id":5,"source":"4in4tunnel.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":170,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":170,"pkt_l4_len":0,"thread_ts_usec":1537044271794779,"pkt":"AAAAAAAEpMZPO7OagQBmWIEAYfkIAEW4AJTPEAAA\/wQqkEVDI5Ipyi5uRbgAgAABAAD+Ed6ECgpkGQoKZQLzn0JoAGz7LQACAAABZb+KAAAAAAABAACrzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq80="}
00556{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"4in4tunnel.pcap","alias":"nDPId-test","packets-captured":5,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":17,"global_ts_usec":1537165843864842}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
@@ -27,6 +27,6 @@
~~ total memory freed........: 6034017 bytes
~~ total allocations/frees...: 121477/121477
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 195 chars
~~ json string min len.......: 295 chars
~~ json string max len.......: 561 chars
~~ json string avg len.......: 377 chars
~~ json string avg len.......: 427 chars

6
test/results/BGP_redist.pcap.out
View File

@@ -1,6 +1,6 @@
00490{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"BGP_redist.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":3265032704,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
00553{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"BGP_redist.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1256636836167156}
00190{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":104,"packet_id":1,"source":"BGP_redist.pcap","alias":"nDPId-test","protocol":34887,"global_ts_usec":1256636836167156}
00290{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":104,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1256636836167156,"packet_id":1,"source":"BGP_redist.pcap","alias":"nDPId-test","protocol":34887,"global_ts_usec":1256636836167156}
00518{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"BGP_redist.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":163,"pkt_type":34887,"pkt_l3_offset":4,"pkt_l4_offset":0,"pkt_len":163,"pkt_l4_len":0,"thread_ts_usec":1256636836167156,"pkt":"DwCIRwABLf5FwACbk8xAAP8G2sQCAgICBAQEBACz+C\/VqGxJPJL2UFAYP7QOoQAA\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/wBzAgAAAFxAAQECQAIAgAQEAAAAVkAFBAAAAGTAECAAAgBkAAAEVwAFAAAAAQIAgAAAAAAAAwCAAawQAgEAAIAOIQABgAwAAAAAAAAAAAICAgIAeAABkQAAAGQAAABkqgAAAA=="}
00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"BGP_redist.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1256636836167195,"flow_src_last_pkt_time":1256636836167195,"flow_dst_last_pkt_time":1256636836167195,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":115,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":115,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":115,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1256636836167195,"l3_proto":"ip4","src_ip":"2.2.2.2","dst_ip":"5.5.5.5","src_port":179,"dst_port":49433,"l4_proto":"tcp","flow_datalink":104,"flow_max_packets":3}
00677{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"BGP_redist.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1256636836167195,"flow_dst_last_pkt_time":1256636836167195,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":159,"pkt_l4_len":135,"thread_ts_usec":1256636836167195,"pkt":"DwAIAEXAAJv\/w0AA\/gZtywICAgIFBQUFALPBGWeqNFC\/WbBkUBg\/x6y+AAD\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/AHMCAAAAXEABAQJAAgCABAQAAABWQAUEAAAAZMAQIAACAGQAAARXAAUAAAABAgCAAAAAAAADAIABrBACAQAAgA4hAAGADAAAAAAAAAAAAgICAgB4AAGRAAAAZAAAAGSqAAAA"}
@@ -19,6 +19,6 @@
~~ total memory freed........: 6035806 bytes
~~ total allocations/frees...: 121489/121489
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 195 chars
~~ json string min len.......: 295 chars
~~ json string max len.......: 901 chars
~~ json string avg len.......: 533 chars
~~ json string avg len.......: 582 chars

28
test/results/ajp.pcap.out
View File

@@ -3,36 +3,36 @@
00748{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1505154584447407,"flow_src_last_pkt_time":1505154584447407,"flow_dst_last_pkt_time":1505154584447407,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1505154584447407,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1505154584447407,"flow_dst_last_pkt_time":1505154584447407,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1505154584447407,"pkt":"AFBWg47zAFBWg11YgQAABwgARQAAPLLIQABABhyUrB0JkqwdCZOXyB9JcsXbLwAAAACgAjkI5g0AAAIEBbQEAggKTpxp5wAAAAABAwMH"}
00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1505154584447407,"flow_dst_last_pkt_time":1505154584447547,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1505154584447547,"pkt":"AFBWg11YAFBWg47zgQAABwgARQAAPAAAQABABs9crB0Jk6wdCZIfSZfIk6AuuHLF2zCgEjiQFewAAAIEBbQEAggKHlfv2E6caecBAwMH"}
00200{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":3,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":1505154584447556}
00300{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1505154584447556,"packet_id":3,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":1505154584447556}
00395{"packet_event_id":1,"packet_event_name":"packet","packet_id":3,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":1505154584447547,"pkt":"Agq9AAAAAgq8AAAAiQNAIABQVoNdWABQVoOO84EAAAcIAEUAADwAAEAAQAbPXKwdCZOsHQmSH0mXyJOgLrhyxdswoBI4kBXsAAACBAW0BAIICh5X79hOnGnnAQMDBw=="}
00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1505154584447616,"flow_dst_last_pkt_time":1505154584447547,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1505154584447616,"pkt":"AFBWg47zAFBWg11YgQAABwgARQAANLLJQABABhybrB0JkqwdCZOXyB9JcsXbMJOgLrmAEABzfNQAAAEBCApOnGnoHlfv2A=="}
00849{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1505154584447407,"flow_src_last_pkt_time":1505154584447617,"flow_dst_last_pkt_time":1505154584447547,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":5,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1505154584447617,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8009,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AJP","proto_id":"139","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
00200{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":6,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":1505154584447662}
00300{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1505154584447662,"packet_id":6,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":1505154584447662}
00395{"packet_event_id":1,"packet_event_name":"packet","packet_id":6,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":1505154584447617,"pkt":"Agq8AAAAAgq9AAAAiQNAIABQVoOO8wBQVoNdWIEAAAcIAEUAADyyyEAAQAYclKwdCZKsHQmTl8gfSXLF2y8AAAAAoAI5COYNAAACBAW0BAIICk6caecAAAAAAQMDBw=="}
00200{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":8,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_usec":1505154584447980}
00300{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":3,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1505154584447980,"packet_id":8,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_usec":1505154584447980}
00383{"packet_event_id":1,"packet_event_name":"packet","packet_id":8,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_usec":1505154584447809,"pkt":"Agq9AAAAAgq8AAAAiQNAIABQVoNdWABQVoOO84EAAAcIAEUAADTBYEAAQAYOBKwdCZOsHQmSH0mXyJOgLrlyxds1gBAAcnzPAAABAQgKHlfv2U6caeg="}
00201{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":10,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":57,"global_ts_usec":1505154584448477}
00301{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":4,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1505154584448477,"packet_id":10,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":57,"global_ts_usec":1505154584448477}
00394{"packet_event_id":1,"packet_event_name":"packet","packet_id":10,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_usec":1505154584448303,"pkt":"Agq9AAAAAgq8AAAAiQNAIABQVoNdWABQVoOO84EAAAcIAEUAADnBYUAAQAYN\/qwdCZOsHQmSH0mXyJOgLrlyxds1gBgAcjJ\/AAABAQgKHlfv2U6caehBQgABCQ=="}
00202{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":11,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":878,"global_ts_usec":1505154584448584}
00302{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":5,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1505154584448584,"packet_id":11,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":878,"global_ts_usec":1505154584448584}
01491{"packet_event_id":1,"packet_event_name":"packet","packet_id":11,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":912,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":912,"pkt_l4_len":0,"thread_ts_usec":1505154584448303,"pkt":"Agq8AAAAAgq9AAAAiQNAIABQVoOO8wBQVoNdWIEAAAcIAEUAA26yzEAAQAYZXqwdCZKsHQmTl8gfSXLF2zWToC6+gBgAc\/j3AAABAQgKTpxp6B5X79kSNAM2AgQACEhUVFAvMS4xAAA0L0NDUC9wYWdlcy9yZWxhdG9yaW9zL3JlbGF0b3Jpb0RlT3JkZW1EZVNlcnZpY28uc2VhbQAADDE3Mi4yOS4wLjEyOQD\/\/wAXc2lzdGVtYXNjY3AuaW5lcC5nb3YuYnIAAFAAAA6gBgAKa2VlcC1hbGl2ZQAADUNhY2hlLUNvbnRyb2wAAAltYXgtYWdlPTAAAAZPcmlnaW4AAB5odHRwOi8vc2lzdGVtYXNjY3AuaW5lcC5nb3YuYnIAABlVcGdyYWRlLUluc2VjdXJlLVJlcXVlc3RzAAABMQCgDgBpTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvNjAuMC4zMTEyLjExMyBTYWZhcmkvNTM3LjM2AKAHACFhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQAoAEAVXRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LGltYWdlL3dlYnAsaW1hZ2UvYXBuZywqLyo7cT0wLjgAoA0AW2h0dHA6Ly9zaXN0ZW1hc2NjcC5pbmVwLmdvdi5ici9DQ1AvcGFnZXMvcmVsYXRvcmlvcy9yZWxhdG9yaW9EZU9yZGVtRGVTZXJ2aWNvLnNlYW0\/Y2lkPTY4MDgAAA9BY2NlcHQtRW5jb2RpbmcAAARnemlwAAAPQWNjZXB0LUxhbmd1YWdlAAAjcHQtQlIscHQ7cT0wLjgsZW4tVVM7cT0wLjYsZW47cT0wLjQAoAgAAzIxOQCgCQAySlNFU1NJT05JRD0wODUzOTA3RDhFMzI0Nzc2QTc0QzJBNTBBMzI2NjRFMi4wMDkxNDcAoAsAF3Npc3RlbWFzY2NwLmluZXAuZ292LmJyAAAMWC1JTUZvcndhcmRzAAACMjAABgAGMDA5MTQ3AAoAD0FKUF9SRU1PVEVfUE9SVAAABDU3MDUACgAQSktfTEJfQUNUSVZBVElPTgAAA0FDVAD\/"}
00201{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":16,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_usec":1505154584448825}
00301{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":6,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1505154584448825,"packet_id":16,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_usec":1505154584448825}
00384{"packet_event_id":1,"packet_event_name":"packet","packet_id":16,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_usec":1505154584448662,"pkt":"Agq9AAAAAgq8AAAAiQNAIABQVoNdWABQVoOO84EAAAcIAEUAADTBYkAAQAYOAqwdCZOsHQmSH0mXyJOgLr5yxd9QgBAAi3iVAAABAQgKHlfv2k6caeg="}
00749{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"ajp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1505154584618218,"flow_src_last_pkt_time":1505154584618218,"flow_dst_last_pkt_time":1505154584618218,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1505154584618218,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"ajp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1505154584618218,"flow_dst_last_pkt_time":1505154584618218,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1505154584618218,"pkt":"AFBWg47zAFBWg11YgQAABwgARQAAPLLIQABABhyUrB0JkqwdCZOXyB9KcsXbLwAAAACgAjkI5gwAAAIEBbQEAggKTpxp5wAAAAABAwMH"}
00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"ajp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1505154584618218,"flow_dst_last_pkt_time":1505154584618218,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1505154584618218,"pkt":"AFBWg11YAFBWg47zgQAABwgARQAAPAAAQABABs9crB0Jk6wdCZIfSpfIk6AuuHLF2zCgEjiQFesAAAIEBbQEAggKHlfv2E6caecBAwMH"}
00201{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":22,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":1505154584618218}
00301{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":7,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1505154584618218,"packet_id":22,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":1505154584618218}
00396{"packet_event_id":1,"packet_event_name":"packet","packet_id":22,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":1505154584618218,"pkt":"Agq9AAAAAgq8AAAAiQNAIABQVoNdWABQVoOO84EAAAcIAEUAADwAAEAAQAbPXKwdCZOsHQmSH0mXyJOgLrhyxdswoBI4kBXsAAACBAW0BAIICh5X79hOnGnnAQMDBw=="}
00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"ajp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1505154584618218,"flow_dst_last_pkt_time":1505154584618218,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1505154584618218,"pkt":"AFBWg47zAFBWg11YgQAABwgARQAANLLJQABABhybrB0JkqwdCZOXyB9KcsXbMJOgLrmAEABzfNMAAAEBCApOnGnoHlfv2A=="}
00850{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"ajp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1505154584618218,"flow_src_last_pkt_time":1505154584618218,"flow_dst_last_pkt_time":1505154584618218,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":5,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1505154584618218,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8010,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AJP","proto_id":"139","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
00201{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":25,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":1505154584618218}
00301{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":8,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1505154584618218,"packet_id":25,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":1505154584618218}
00396{"packet_event_id":1,"packet_event_name":"packet","packet_id":25,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":1505154584618218,"pkt":"Agq8AAAAAgq9AAAAiQNAIABQVoOO8wBQVoNdWIEAAAcIAEUAADyyyEAAQAYclKwdCZKsHQmTl8gfSXLF2y8AAAAAoAI5COYNAAACBAW0BAIICk6caecAAAAAAQMDBw=="}
00201{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":27,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_usec":1505154584618218}
00301{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":9,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1505154584618218,"packet_id":27,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_usec":1505154584618218}
00384{"packet_event_id":1,"packet_event_name":"packet","packet_id":27,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_usec":1505154584618218,"pkt":"Agq9AAAAAgq8AAAAiQNAIABQVoNdWABQVoOO84EAAAcIAEUAADTBYEAAQAYOBKwdCZOsHQmSH0mXyJOgLrlyxds1gBAAcnzPAAABAQgKHlfv2U6caeg="}
00201{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":29,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":57,"global_ts_usec":1505154584618218}
00302{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":10,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1505154584618218,"packet_id":29,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":57,"global_ts_usec":1505154584618218}
00394{"packet_event_id":1,"packet_event_name":"packet","packet_id":29,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_usec":1505154584618218,"pkt":"Agq9AAAAAgq8AAAAiQNAIABQVoNdWABQVoOO84EAAAcIAEUAADnBYUAAQAYN\/qwdCZOsHQmSH0mXyJOgLrlyxds1gBgAcjJ\/AAABAQgKHlfv2U6caehBQgABCQ=="}
00202{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":30,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":878,"global_ts_usec":1505154584618218}
00303{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":11,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1505154584618218,"packet_id":30,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":878,"global_ts_usec":1505154584618218}
01491{"packet_event_id":1,"packet_event_name":"packet","packet_id":30,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":912,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":912,"pkt_l4_len":0,"thread_ts_usec":1505154584618218,"pkt":"Agq8AAAAAgq9AAAAiQNAIABQVoOO8wBQVoNdWIEAAAcIAEUAA26yzEAAQAYZXqwdCZKsHQmTl8gfSXLF2zWToC6+gBgAc\/j3AAABAQgKTpxp6B5X79kSNAM2AgQACEhUVFAvMS4xAAA0L0NDUC9wYWdlcy9yZWxhdG9yaW9zL3JlbGF0b3Jpb0RlT3JkZW1EZVNlcnZpY28uc2VhbQAADDE3Mi4yOS4wLjEyOQD\/\/wAXc2lzdGVtYXNjY3AuaW5lcC5nb3YuYnIAAFAAAA6gBgAKa2VlcC1hbGl2ZQAADUNhY2hlLUNvbnRyb2wAAAltYXgtYWdlPTAAAAZPcmlnaW4AAB5odHRwOi8vc2lzdGVtYXNjY3AuaW5lcC5nb3YuYnIAABlVcGdyYWRlLUluc2VjdXJlLVJlcXVlc3RzAAABMQCgDgBpTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvNjAuMC4zMTEyLjExMyBTYWZhcmkvNTM3LjM2AKAHACFhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQAoAEAVXRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LGltYWdlL3dlYnAsaW1hZ2UvYXBuZywqLyo7cT0wLjgAoA0AW2h0dHA6Ly9zaXN0ZW1hc2NjcC5pbmVwLmdvdi5ici9DQ1AvcGFnZXMvcmVsYXRvcmlvcy9yZWxhdG9yaW9EZU9yZGVtRGVTZXJ2aWNvLnNlYW0\/Y2lkPTY4MDgAAA9BY2NlcHQtRW5jb2RpbmcAAARnemlwAAAPQWNjZXB0LUxhbmd1YWdlAAAjcHQtQlIscHQ7cT0wLjgsZW4tVVM7cT0wLjYsZW47cT0wLjQAoAgAAzIxOQCgCQAySlNFU1NJT05JRD0wODUzOTA3RDhFMzI0Nzc2QTc0QzJBNTBBMzI2NjRFMi4wMDkxNDcAoAsAF3Npc3RlbWFzY2NwLmluZXAuZ292LmJyAAAMWC1JTUZvcndhcmRzAAACMjAABgAGMDA5MTQ3AAoAD0FKUF9SRU1PVEVfUE9SVAAABDU3MDUACgAQSktfTEJfQUNUSVZBVElPTgAAA0FDVAD\/"}
00201{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":35,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_usec":1505154584618218}
00302{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":12,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1505154584618218,"packet_id":35,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_usec":1505154584618218}
00384{"packet_event_id":1,"packet_event_name":"packet","packet_id":35,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_usec":1505154584618218,"pkt":"Agq9AAAAAgq8AAAAiQNAIABQVoNdWABQVoOO84EAAAcIAEUAADTBYkAAQAYOAqwdCZOsHQmSH0mXyJOgLr5yxd9QgBAAi3iVAAABAQgKHlfv2k6caeg="}
00898{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":6,"flow_first_seen":1505154584447407,"flow_src_last_pkt_time":1505154584618218,"flow_dst_last_pkt_time":1505154584617955,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":826,"flow_dst_max_l4_payload_len":230,"flow_src_tot_l4_payload_len":1056,"flow_dst_tot_l4_payload_len":241,"midstream":0,"thread_ts_usec":1505154584618218,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AJP","proto_id":"139","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
00898{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"ajp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":6,"flow_first_seen":1505154584618218,"flow_src_last_pkt_time":1505154584618218,"flow_dst_last_pkt_time":1505154584618218,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":826,"flow_dst_max_l4_payload_len":230,"flow_src_tot_l4_payload_len":1056,"flow_dst_tot_l4_payload_len":241,"midstream":0,"thread_ts_usec":1505154584618218,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AJP","proto_id":"139","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
@@ -49,6 +49,6 @@
~~ total memory freed........: 6038291 bytes
~~ total allocations/frees...: 121525/121525
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 205 chars
~~ json string min len.......: 305 chars
~~ json string max len.......: 1496 chars
~~ json string avg len.......: 849 chars
~~ json string avg len.......: 899 chars

14
test/results/alexa-app.pcapng.out
View File

@@ -1,8 +1,8 @@
00491{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"alexa-app.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":3265032704,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
00554{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"alexa-app.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1490976022526783}
00187{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1,"source":"alexa-app.pcapng","alias":"nDPId-test","layer_type":6,"global_ts_usec":1490976022526783}
00287{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1490976022526783,"packet_id":1,"source":"alexa-app.pcapng","alias":"nDPId-test","layer_type":6,"global_ts_usec":1490976022526783}
00309{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":20,"pkt_type":6,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":20,"pkt_l4_len":0,"thread_ts_usec":1490976022526783,"pkt":"\/\/\/\/\/\/\/\/ePiC0\/vCAAYAAa+BAQA="}
00187{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2,"source":"alexa-app.pcapng","alias":"nDPId-test","layer_type":6,"global_ts_usec":1490976022526847}
00287{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1490976022526847,"packet_id":2,"source":"alexa-app.pcapng","alias":"nDPId-test","layer_type":6,"global_ts_usec":1490976022526847}
00309{"packet_event_id":1,"packet_event_name":"packet","packet_id":2,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":20,"pkt_type":6,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":20,"pkt_l4_len":0,"thread_ts_usec":1490976022526783,"pkt":"\/\/\/\/\/\/\/\/ePiC0\/vCAAYAAa+BAQA="}
00722{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976022731312,"flow_src_last_pkt_time":1490976022731312,"flow_dst_last_pkt_time":1490976022731312,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976022731312,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ffd3:fbc2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3}
00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1490976022731312,"flow_dst_last_pkt_time":1490976022731312,"flow_idle_time":140000000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":78,"pkt_l4_len":24,"thread_ts_usec":1490976022731312,"pkt":"MzP\/0\/vCePiC0\/vCht1gAAAAABg6\/wAAAAAAAAAAAAAAAAAAAAD\/AgAAAAAAAAAAAAH\/0\/vChwCHAgAAAAD+gAAAAAAAAHr4gv\/+0\/vC"}
@@ -209,7 +209,7 @@
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":389,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976043611721,"flow_src_last_pkt_time":1490976043611721,"flow_dst_last_pkt_time":1490976043611721,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":35,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976043611721,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":43350,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":389,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_src_last_pkt_time":1490976043611721,"flow_dst_last_pkt_time":1490976043611721,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_usec":1490976043611721,"pkt":"AMDKkaPvePiC0\/vCCABFAAA\/WlZAAEARM16sECrYrBAqAalWADUAK0G7veEBAAABAAAAAAAABmZscy1uYQZhbWF6b24DY29tAAABAAE="}
01005{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":389,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976043611721,"flow_src_last_pkt_time":1490976043611721,"flow_dst_last_pkt_time":1490976043611721,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":35,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976043611721,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":43350,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","proto_id":"5.178","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fls-na.amazon.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
00193{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":392,"source":"alexa-app.pcapng","alias":"nDPId-test","layer_type":35085,"global_ts_usec":1490976043617123}
00293{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1490976043617123,"packet_id":392,"source":"alexa-app.pcapng","alias":"nDPId-test","layer_type":35085,"global_ts_usec":1490976043617123}
00360{"packet_event_id":1,"packet_event_name":"packet","packet_id":392,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":35085,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1490976043612089,"pkt":"AMDKkaPvePiC0\/vCiQ0CDAoBZRIAwMqRdPh4+ILT+8IAwMqRo+\/dFACgxgAAAAAAAAAAAAAAAAAAAAAA"}
02263{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":394,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1490976041156517,"flow_src_last_pkt_time":1490976043655892,"flow_dst_last_pkt_time":1490976043654956,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1114,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":4861,"flow_dst_tot_l4_payload_len":5515,"midstream":0,"thread_ts_usec":1490976043655892,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45661,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":70,"avg":161219.8,"max":1015894,"stddev":286084.3,"var":81844248576.0,"ent":3.4,"data": [55686,59305,1428,66601,358,70,64102,4784,271,2661,66908,3070,100753,8343,108356,5909,66864,500848,354092,941132,3002,88712,111843,176480,211,64686,9150,104205,1015894,966451,45639]},"pktlen": {"min":40,"avg":366.2,"max":1500,"stddev":485.1,"var":235358.5,"ent":3.9,"data": [60,48,40,247,1500,1500,385,40,40,40,366,46,99,40,1122,46,941,40,1106,1106,46,493,40,1154,46,877,40,40,46,40,46,40]},"bins": {"c_to_s": [12,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,1,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,1,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,1,0,0,0,0,1,1,0,0,1,1,0,0,0,1,1,0,0,1,1,0,0,1,0,1,0],"entropies": [4.617588520,5.095174789,4.784183979,5.540180683,6.803335667,7.281946659,7.383058548,4.784183979,4.784183979,4.734184265,7.281152725,4.652828693,6.003940582,4.881687164,7.811503887,4.501398087,7.765291691,4.831687450,7.799355507,7.797914982,4.565871716,7.570134640,4.831686974,7.815543175,4.565872192,7.742568493,4.881687164,4.931687355,4.544876099,4.831687450,4.544876099,4.781687260]},"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":397,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_src_last_pkt_time":1490976043611721,"flow_dst_last_pkt_time":1490976043811357,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_usec":1490976043811357,"pkt":"ePiC0\/vCAMDKkaPvCABFAABP0pFAAEARuxKsECoBrBAq2AA1qVYAO\/ZCveGBgAABAAEAAAAABmZscy1uYQZhbWF6b24DY29tAAABAAHADAABAAEAAAAbAARIFc6H"}
@@ -316,7 +316,7 @@
00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":722,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":56,"flow_packet_id":3,"flow_src_last_pkt_time":1490976047908219,"flow_dst_last_pkt_time":1490976047907178,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976047908219,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo4nNAAEAGatesECrYSBXOh6SgAbtFc7N0poZxSlAQAVcJ5AAA"}
01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":723,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976047858519,"flow_src_last_pkt_time":1490976047908954,"flow_dst_last_pkt_time":1490976047907178,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":237,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":237,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976047908954,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42144,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fls-na.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}}
01119{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":726,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1490976047858519,"flow_src_last_pkt_time":1490976047908954,"flow_dst_last_pkt_time":1490976047956403,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":237,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":237,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1490976047956403,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42144,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fls-na.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}}
00193{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":757,"source":"alexa-app.pcapng","alias":"nDPId-test","layer_type":35085,"global_ts_usec":1490976048620673}
00293{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1490976048620673,"packet_id":757,"source":"alexa-app.pcapng","alias":"nDPId-test","layer_type":35085,"global_ts_usec":1490976048620673}
00360{"packet_event_id":1,"packet_event_name":"packet","packet_id":757,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":35085,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1490976048429947,"pkt":"AMDKkaPvePiC0\/vCiQ0CDAoBZRIAwMqRdPh4+ILT+8IAwMqRo+\/dFACgxgAAAAAAAAAAAAAAAAAAAAAA"}
00760{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":780,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976054009715,"flow_src_last_pkt_time":1490976054009715,"flow_dst_last_pkt_time":1490976054009715,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976054009715,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45687,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":780,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_src_last_pkt_time":1490976054009715,"flow_dst_last_pkt_time":1490976054009715,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976054009715,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8L1JAAEAGF52sECrYNF7ohrJ3AbtDNXw1AAAAAKAC\/\/+MNwAAAgQFtAQCCAoA9lNnAAAAAAEDAwg="}
@@ -577,7 +577,7 @@
00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1503,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":99,"flow_packet_id":3,"flow_src_last_pkt_time":1490976093486409,"flow_dst_last_pkt_time":1490976093481996,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976093486409,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo8bNAAEAGXN+sECrYsCBlNKvhAbv82ZN2gXVAtlAQAVfCJwAA"}
01181{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1504,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976093358419,"flow_src_last_pkt_time":1490976093491797,"flow_dst_last_pkt_time":1490976093481996,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":192,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976093491797,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"176.32.101.52","src_port":44001,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"dp-gw-na-js.amazon.com","tls": {"version":"TLSv1.2","ja3":"731bcada65b0a6f850bada3bdcd716d1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
01660{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1511,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1490976093358419,"flow_src_last_pkt_time":1490976093491797,"flow_dst_last_pkt_time":1490976093953778,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":192,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":3402,"midstream":0,"thread_ts_usec":1490976093953778,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"176.32.101.52","src_port":44001,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"dp-gw-na-js.amazon.com","tls": {"version":"TLSv1.2","server_names":"dp-gw-na.amazon.com,dp-gw-na-js.amazon.com,dp-gw-na.amazon.co.uk,dp-gw-na.amazon.de,dp-gw-na.amazon.co.jp,dp-gw-na.amazon.in","ja3":"731bcada65b0a6f850bada3bdcd716d1","ja3s":"fbe78c619e7ea20046131294ad087f05","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=dp-gw-na.amazon.com","fingerprint":"27:E5:06:34:82:69:BC:97:5E:28:A3:C1:5A:23:81:C7:E3:28:95:8C"}}}
00194{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1524,"source":"alexa-app.pcapng","alias":"nDPId-test","layer_type":35085,"global_ts_usec":1490976094729619}
00294{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1490976094729619,"packet_id":1524,"source":"alexa-app.pcapng","alias":"nDPId-test","layer_type":35085,"global_ts_usec":1490976094729619}
00361{"packet_event_id":1,"packet_event_name":"packet","packet_id":1524,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":35085,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1490976094725797,"pkt":"AMDKkaPvePiC0\/vCiQ0CDAoBZRIAwMqRdPh4+ILT+8IAwMqRo+\/dFACgxgAAAAAAAAAAAAAAAAAAAAAA"}
00913{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1529,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976041150466,"flow_src_last_pkt_time":1490976041150466,"flow_dst_last_pkt_time":1490976041151487,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":53,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":53,"midstream":0,"thread_ts_usec":1490976094742222,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":54886,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","proto_id":"5.178","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
00878{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1529,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1490976027958387,"flow_src_last_pkt_time":1490976030758514,"flow_dst_last_pkt_time":1490976027958387,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":60,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":60,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976094742222,"l3_proto":"ip4","src_ip":"172.16.42.1","dst_ip":"172.16.42.216","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
@@ -1194,6 +1194,6 @@
~~ total memory freed........: 7112403 bytes
~~ total allocations/frees...: 127495/127495
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 192 chars
~~ json string min len.......: 292 chars
~~ json string max len.......: 2388 chars
~~ json string avg len.......: 1290 chars
~~ json string avg len.......: 1340 chars

208
test/results/badpackets.pcap.out
View File

@@ -1,207 +1,197 @@
00490{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"badpackets.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":3265032704,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
00553{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"badpackets.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1495451029466717}
00208{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":1,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":237,"global_ts_usec":1495451029466717}
00308{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451029466717,"packet_id":1,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":237,"global_ts_usec":1495451029466717}
00642{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":271,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":271,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcP1QgAOcRe9CDTlH+zLpQ5QA1zGcGtUqtAWiFkwABAAAADAABC3BobDFzcHJ0MTA4AmFkA2RsYQNtaWwAAAEAAcAbAAYAAQAAAh0ALQhlYWdsZWliMcAYC3JhbmR5LnNtaXRowBt3sikrAAAqMAAABDgACTqAAAADhMAbAC4AAQAAAh0AmwAGCAIAAAOEWS\/o5lkiq9Y2JANkbGEDbWlsAEPjY6zabVfm9vwk6mSh9m4kj9u7ZDlkxqtiglIZTh\/RONTC0jpNpQmC+rJg1+X5ptcybqG6dncq1KPvSJq3fG1w8VDIG7zJf7f6G9gikY9VMCGmBxLlsKtyxHORaw=="}
00208{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":2,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":271,"global_ts_usec":1495451030401327}
00308{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451030401327,"packet_id":2,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":271,"global_ts_usec":1495451030401327}
00686{"packet_event_id":1,"packet_event_name":"packet","packet_id":2,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":305,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":305,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXc9nogAOcRxKmDTlH+zLpQ5QA1PsIG13F6XwyFkwABAAAADAABC3BobDFzcHJ0MTA4BGRhYXMDZGxhA21pbAAAAQABwBgABgABAAAAbgAwCGVhZ2xlaWIxAmFkwB0LcmFuZHkuc21pdGjAHQExm5UAAAC0AAAAEgAJOoAAAAOEwBgALgABAAAAbgCgAAYIAwAAALRZLyttWSHuXTGGBGRhYXMDZGxhA21pbABfZgMcUaz74\/opjmPI6fIN7S4Ga9GN4s2JVqvb0uXXvbdLi9ee5JaFRYVlFB0RVerGRt3pX5esuSlY9ySHVHjOBX09ZI1nwdlSMxmFBY9ZemmmfYIR43tvzwqFnbufNVeL7\/vc0q83XBfNipWbDRE5bz+qVR8="}
00208{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":3,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":161,"global_ts_usec":1495451039146849}
00308{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":3,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451039146849,"packet_id":3,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":161,"global_ts_usec":1495451039146849}
00543{"packet_event_id":1,"packet_event_name":"packet","packet_id":3,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":195,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXc+0kgAD4R+SzH+X0BzLpQ5QA17UEGadbGg\/+EAAABAAcAAAABAmFjAmluAAAwAAHADAAwAAEAAAOEAIgBAAMHAwEAAaeWg1I7aL35m5DCbWdqIX1+dVtvwe4HaQJz7QrnwC+P8\/7Gi54fYbmoWgZ9BgFy+rRM5fLeLdyqgaAlGaU+qP7EB\/v\/pv\/GHQKcotJZ+biekG9TccSc6BYmV0hXKBRudE\/xZj\/qEl0HEAn3LKZa"}
00234{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":4,"source":"badpackets.pcap","alias":"nDPId-test","size":46,"expected":60,"global_ts_usec":1495451051753069}
00334{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451051753069,"packet_id":4,"source":"badpackets.pcap","alias":"nDPId-test","size":46,"expected":60,"global_ts_usec":1495451051753069}
00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":4,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":46,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcmCogADkR555F\/HiszLpQ5QA15twF1D2Yf1WEAA=="}
00207{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":4,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":12,"global_ts_usec":1495451051753069}
00307{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451051753069,"packet_id":4,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":12,"global_ts_usec":1495451051753069}
00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":4,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":46,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcmCogADkR555F\/HiszLpQ5QA15twF1D2Yf1WEAA=="}
00208{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":5,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":242,"global_ts_usec":1495451098935701}
00308{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451098935701,"packet_id":5,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":242,"global_ts_usec":1495451098935701}
00648{"packet_event_id":1,"packet_event_name":"packet","packet_id":5,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":276,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXc\/u8gAOcRvDSDTlH+zLpQ5QA1ofQGuiMOhg6FkwABAAAADAABDG5jYjFzZHYwMDcyMQNkaXICYWQDZGxhA21pbAAAAQABwCAABgABAAAAmQAtCGVhZ2xlaWIxwB0LcmFuZHkuc21pdGjAIHeyKSsAACowAAAEOAAJOoAAAAOEwCAALgABAAAAmQCbAAYIAgAAA4RZL+jmWSKr1jYkA2RsYQNtaWwAQ+NjrNptV+b2\/CTqZKH2biSP27tkOWTGq2KCUhlOH9E41MLSOk2lCYL6smDX5fmm1zJuobp2dyrUo+9Imrd8bXDxUMgbvMl\/t\/ob2CKRj1UwIaYHEuWwq3LEc5Fr"}
00208{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":6,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":145,"global_ts_usec":1495451112063911}
00308{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451112063911,"packet_id":6,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":145,"global_ts_usec":1495451112063911}
00517{"packet_event_id":1,"packet_event_name":"packet","packet_id":6,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":179,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcW1QgADURSISMrBHtzLpQ5QA1RHoMIdhWPYOEEAABAA0ABAANCGVkZ2UtaGRxA3dvYwRub2FhA2dvdgAAAQABwAwABQABAAABLAAMB2VkZ2UtcDEBbMAZwAwALgABAAABLAEgAAUFBAAAASxZK4vIWSJRSL+OA3dvYwRub2FhA2dvdgAf19hoQ062mEgmdReiMHoN\/8sTkGCL+YszFpFSC7g="}
00208{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":7,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":469,"global_ts_usec":1495451113347704}
00308{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451113347704,"packet_id":7,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":469,"global_ts_usec":1495451113347704}
00954{"packet_event_id":1,"packet_event_name":"packet","packet_id":7,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":503,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":503,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcsAAgADIR1DehNyACzLpQ5QA1P3oNZUi5Fp+EEAABAA8ABAANA3d3dwRzd3BjBG5vYWEDZ292AAABAAHADAAFAAEAAVGAAA8IZWRnZS1ud3MDd29jwBXADAAuAAEAAVGAASEABQUEAAFRgFkri7dZIlE3vjIEc3dwYwRub2FhA2dvdgAj4QRDWjZKG5AY0wcqp07zy2N5LWrEg0t\/4W81\/I\/yU9kryWY5M6hQke0XIJhE4dUH120W7nAkWxQJVaZyLoMQin38ZiK2SNs\/MeioL4jAC1CzjiZ9JGBmrvUXfwx4WjCIZO3AWpZFqZpBYNrilA5xXqA6vClBMfN6kWmnwyqYMUdmG8SPzKDGLoKCurB88lxuBmDxFiEc7IRKwyXcJ47WkYAmncTdtBPbcng8wUk\/OSHputwVXEiz+4Hi1YSwyaZ\/bR92tO2XAf2y65TJB549EX80zlNliCWrbo6CKiF1dSuOYR0v1cuBHf05mH4wAy8XKl6vLSm5lJ0SyJmHuu8SwC8ABQABAAABLAAMB2VkZ2UtcDEBbMBhwC8ALgABAAABLAEgAAUFBAAAASxZK4vIWSJRSL+OA3dvYwRub2FhA2dvdgCQTrqAqFPUlwzaSBYq8hc48+OOYcX3TV6bWxXaYm8="}
00208{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":8,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":329,"global_ts_usec":1495451113448546}
00308{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":3,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451113448546,"packet_id":8,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":329,"global_ts_usec":1495451113448546}
00763{"packet_event_id":1,"packet_event_name":"packet","packet_id":8,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":363,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":363,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcsAEgADIR1DahNyACzLpQ5QA1FAoM2VerW6eEEAABAAYABAANA3d3dwNvcGMEbmNlcARub2FhA2dvdgAAAQABwAwABQABAAABLAAJBm9yaWdpbsAQwAwALgABAAABLAEhAAUFBQAAASxZK4tpWSJQ6VBkBG5jZXAEbm9hYQNnb3YAvM3K1OBR2VQQj4QVOGZxr6WG5B4+fABWkfGP1KGkGFsR4zOi7Eo7vmr2TJiaR66HfSMoitVNm4kwmQeusE1J+sPLARPh02h5Z1H+HsQ2b48KB6bVXbum1BeZX4yX1eoeScXJkBrFAe8F6pDF+Ml8UnuCbXzf+\/NtRUw9ZGk\/b8n+GLS5YEkLV6tINZ1NF7znVhYpo87DIH1d72melFmv8f65eH1mu6AzkUXSI502HCpox0\/KLdxxAP64c2LL03iQVYlgYQmiBnMT8YejrLi9PuDdsHa5wauH"}
00209{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":9,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1160,"global_ts_usec":1495451113710166}
00309{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":4,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451113710166,"packet_id":9,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1160,"global_ts_usec":1495451113710166}
01883{"packet_event_id":1,"packet_event_name":"packet","packet_id":9,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1194,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1194,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcsAIgADIR1DWhNyACzLpQ5QA1\/wMKUGaWU+KEEAABAAIABAANA3d3dw9saWdodG5pbmdzYWZldHkEbm9hYQNnb3YAAAEAAcAMAAEAAQAAASwABIxaccjADAAuAAEAAAEsARwAAQUEAAABLFkri31ZIlD9PnMEbm9hYQNnb3YAFBTQGedUPGXlY8bN43JvkPLP\/vLkCv4PmFD+Yp\/wKTn0+3B8hqXsIbo6jgqCi3hM+7l3yndT6nZEOODHtVyiul17+C7883eqnN76iy6lo9R1eEKHDTvsvSdJsQx2dFH5NYDWOOjTdL3jybIGoJFlbIi+hHfzKdzFb0fO0kDYAdFs0mGEVvk\/ydoCnsE67n5RXLgALUI8enDF8d5JUZ3gz4Jmmium7SfonREBNj5MfQvR1R1JvVYPQQEWggJtIusb+MaDn2Gu7eaN7\/yF8WIh6HnwxWN7Z+YBGUTnTr0qXbOrrAMUycgB\/+tQ+zRqQIpZcUyO0tGVISl48WAUZAKbu8BcAAIAAQABUYAACAVucy1td8BcwFwAAgABAAFRgAAIBW5zLW53wFzAXAACAAEAAVGAAAcEbnMtZcBcwFwALgABAAFRgAEcAAIFAgABUYBZK4t9WSJQ\/T5zBG5vYWEDZ292AH\/\/EM5XxGUAJzS0k3FL5gqwtJA4FBuTo0uxBkbdgNOM7eIqyHshwuqLDq45ztJouzzqb5\/+QwdCyRboRA6YQcMyduo30hAwZBPjCwFtGtCbCO0zddpUh\/DZBFgSPh2dFJqb9c9JuhHoz3+E4Y9URJn+5DpaoXNsnl89Rx6siUb+Rihm7C+Vk315amYja69lUQmg3PNcdUVXF76DLNDZ9f0J\/NtTrjCtrMqxXjzjQDEOf1LyNKCNPvCsDV8BtRjU3VnXwwNw9fAKyA0zjlIJMDcZHgtkbmrTB9mFGy8tMxbqfFpB+6mG8tYtHiQWLDq6x9iFxvHJ7caHhZ1nCy6pTLXBmgABAAEAAVGAAASMWiHtwZoAHAABAAFRgAAQJhAAIIAAjAAAAAAAAAACN8FyAAEAAQABUYAABIysEe3BcgAcAAEAAVGAABAmEAAgiACMAAAAAAAAAAI3wYYAAQABAAFRgAAEoTcgAsGGABwAAQABUYAAECYQACCMAIwAAAAAAAAAAALBmgAuAAEAAVGAARwAAQUDAAFRgFkri31ZIlD9PnMEbm9hYQNnb3YAHTxu3oTuiFuFiCLpTl\/MK89BN9JBGjfKVUZAF3gZCKhMwx34GFStLHWeXnyc0jpz6oB3UKoWYWqIzl5uLmkTVdATO05wGhRkXmoRFvqHJQ49RQ+pBTNvjvfsZjt4sxWFaBX6dcM71YC5bIV281hFIsnrSJ79QSihSBHieSy9t5YTGlF5LCJijNEWEHJYxDID1Mza+tXKdNXJWHbkQhQwRPJKGX91jqgFPlz4hmfje77PrtKaUJ8h5eApMH+gaNXsNFvzV3nB+6kGVXv2VWVXVPXI3XzMFa8CKHbYrFGd7LJ4f5PFB725JCBxTQ4KeEOuBE0WXVqE9VoK1uYoB4PAK8GaAC4AAQABUYAB"}
00209{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":10,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":366,"global_ts_usec":1495451113809047}
00309{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":5,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451113809047,"packet_id":10,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":366,"global_ts_usec":1495451113809047}
00817{"packet_event_id":1,"packet_event_name":"packet","packet_id":10,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":400,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":400,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcsAQgADIR1DOhNyACzLpQ5QA1Z54M\/oF1LsqEEAABAAYABAANA3d3dw9hdmlhdGlvbndlYXRoZXIDZ292AAABAAHADAAFAAEAAAB4ABwPYXZpYXRpb253ZWF0aGVyBG5jZXAEbm9hYcAgwAwALgABAAAAeAEnAAUFAwAAAHhZK4siWSJQoibZD2F2aWF0aW9ud2VhdGhlcgNnb3YANj2uOA0qhMT+eoVBqvrrykuNqwkPVt8jdEhzF2Xc5aVSTWD5VljYyQWYC5vB2Pco+JCgeS7v+6P3ExqHKmNR0+\/rk7b14BLW1\/5AmNi\/7vapdiTq7yn43bnad9VKhNoyKYZcBBZ1b9tNkBEnELdSDbcDAQG053jlJWYvGHyMMJCHtDL+CPBtpJodRAacY+oZWSnBeiVMlLUCIdwUfsdnq5J46wTjS8+g3ZKLn4UR1XowHnaGOySsUz9hWM4CwtpTsVExgrAuWZ3ZCQmSQcr07tJKgCI7moO7D0IOvF0jbYwvdg=="}
00235{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":11,"source":"badpackets.pcap","alias":"nDPId-test","size":59,"expected":60,"global_ts_usec":1495451113881614}
00335{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"threshold_n":6,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451113881614,"packet_id":11,"source":"badpackets.pcap","alias":"nDPId-test","size":59,"expected":60,"global_ts_usec":1495451113881614}
00355{"packet_event_id":1,"packet_event_name":"packet","packet_id":11,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":59,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":59,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcsAUgADIR1DKhNyACzLpQ5QA1J78LqfTQ7QyEEAABAAQABAAND2F2aWE="}
00208{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":11,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":25,"global_ts_usec":1495451113881614}
00308{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":7,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451113881614,"packet_id":11,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":25,"global_ts_usec":1495451113881614}
00355{"packet_event_id":1,"packet_event_name":"packet","packet_id":11,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":59,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":59,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcsAUgADIR1DKhNyACzLpQ5QA1J78LqfTQ7QyEEAABAAQABAAND2F2aWE="}
00235{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":12,"source":"badpackets.pcap","alias":"nDPId-test","size":52,"expected":60,"global_ts_usec":1495451113931523}
00335{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"threshold_n":8,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451113931523,"packet_id":12,"source":"badpackets.pcap","alias":"nDPId-test","size":52,"expected":60,"global_ts_usec":1495451113931523}
00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":12,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcW1ggADURSICMrBHtzLpQ5QA156AF2iNRhq2EEAABAAUAAA=="}
00208{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":12,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":18,"global_ts_usec":1495451113931523}
00308{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":9,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451113931523,"packet_id":12,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":18,"global_ts_usec":1495451113931523}
00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":12,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcW1ggADURSICMrBHtzLpQ5QA156AF2iNRhq2EEAABAAUAAA=="}
00210{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":13,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1159,"global_ts_usec":1495451113998245}
00311{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":10,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451113998245,"packet_id":13,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1159,"global_ts_usec":1495451113998245}
01887{"packet_event_id":1,"packet_event_name":"packet","packet_id":13,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1193,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1193,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcs9cgADgR3VKMWiHtzLpQ5QA1zoEKT2TtZcOEEAABAAIABAANA2xiMwRub2RjBG5vYWEDZ292AAABAAHADAABAAEAAAJYAASMWusrwAwALgABAAACWAEhAAEFBAAAAlhZK4uEWSJRBKt+BG5vZGMEbm9hYQNnb3YAhdURPDXBvcbzg1l\/P4qdc3ehRb89ofPJw8vL9RtggwAs8+7Az1qJ5M1Ux+8oZ8zHN5D0+c3BNJjQUPVveXspLDCZdxRFo+1RK\/tIlQre9Z6oXyBunsD3VON8J6JqaO9QLW\/+N+v0+3k4JQ9jEXRD+gylLnNEC4jSZM\/eEVcWh8\/Z\/hQiQb73n\/IE05pfqtTEC1C28x4rjMLnWyPcsUNmAQ1wIIVqzpP6A5VTnvp4RsDzlI9MxhvYxC13eFkguAyj4PpKGJ96o+9WpCrhjrZ5Qe97GjxQ4mnxF+La4DD1K7LlHpU2xfdLMaXTNnb3xrtp8tFG6AyME9mAN3ydsa2necBRAAIAAQAAAlgACAVucy1td8BWwFEAAgABAAACWAAHBG5zLWXAVsBRAAIAAQAAAlgACAVucy1ud8BWwFEALgABAAACWAEhAAIFAwAAAlhZK4uEWSJRBKt+BG5vZGMEbm9hYQNnb3YAPu1CKNIp6mLVE1SewqKYDKAuMQAxscJGLV3f6RN5\/1\/zVgPiH7\/AAxiJPf5SqJZzB9ypQ5Q0SJU+u+qo4UNT2A9ZikHLsvZpu3XY7qllQDLKzFsdAlym\/205od0dRRYpJQQB+XO+nZdpRMc7hCOpc4LOfHHMxA20k1GcxwGN4I6+Yn7DCzd2AzmEcNA6sRAh18oRWpULvUa3Zs5aU9AnCawyL0iB3kXc34Hs5uavwPC1Ojau\/6b8vUkP2tuAEGoEy3ndP2uce\/kL5JrjxLYplDVGCuFeAhL5JD4BC1aJIZENCvxRzhQduD0s4HR+6oKQ1lWxPgH7SZ2ACg0k6rI408GAAAEAAQABUYAABIxaIe3BgAAcAAEAAVGAABAmEAAggACMAAAAAAAAAAI3wWwAAQABAAFRgAAEjKwR7cFsABwAAQABUYAAECYQACCIAIwAAAAAAAAAAjfBkwABAAEAAVGAAAShNyACwZMAHAABAAFRgAAQJhAAIIwAjAAAAAAAAAAAAsGAAC4AAQABUYABHAABBQMAAVGAWSuLfVkiUP0+cwRub2FhA2dvdgAdPG7ehO6IW4WIIulOX8wrz0E30kEaN8pVRkAXeBkIqEzDHfgYVK0sdZ5efJzSOnPqgHdQqhZhaojOXm4uaRNV0BM7TnAaFGReahEW+oclDj1FD6kFM2+O9+xmO3izFYVoFfp1wzvVgLlshXbzWEUiyetInv1BKKFIEeJ5LL23lhMaUXksImKM0RYQcljEMgPUzNr61cp01clYduRCFDBE8koZf3WOqAU+XPiGZ+N7vs+u0ppQnyHl4Ckwf6Bo1ew0W\/NXecH7qQZVe\/ZVZVdU9cjdfMwVrwIodtisUZ3ssnh\/k8UHvbkkIHFNDgp4Q64ETRZdWoT1WgrW5igHg8ArwYAALgABAAFRgAE="}
00210{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":14,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1152,"global_ts_usec":1495451114040787}
00311{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":11,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451114040787,"packet_id":14,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1152,"global_ts_usec":1495451114040787}
01880{"packet_event_id":1,"packet_event_name":"packet","packet_id":14,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1186,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcW1kgADURSH+MrBHtzLpQ5QA18VcKSC9N\/PmEEAABAAIABAANC2Zsb29kc2FmZXR5BG5vYWEDZ292AAABAAHADAABAAEAAAEsAASMWnHIwAwALgABAAABLAEcAAEFAwAAASxZK4t9WSJQ\/T5zBG5vYWEDZ292AI8NxE24xoB5Eg9dMdW2i2Wbnp7WAjJSEPfx6q6WNvQlvElWxcN5ImSIEBkCrx36XB+4y7FQRSHAcJfGmrEujeIG4vm2iak4\/iZ8q6dmad9UZqsYw7xMfUiMET9ynUM9tfbf26FoVrC7jqPoXd\/CLZ2MXGmkMAEGsqydhYm\/5Owhr1bdMagm+9i4eFaCOhOwLA5ytPfBpqddYO4P6KxfzWofdME7xL026plG7g0aOG4GcHKq2yCkGN\/td2KW3STw7Yn3EkgDcCQ9GkTH0mNpchsIxkxjSxGtSeHI3BNNToabK8Bt8I+qEmB2t+Dviv1HzjwGjXetcCij9X+FGH0VoGjAVAACAAEAAVGAAAgFbnMtbXfAVMBUAAIAAQABUYAACAVucy1ud8BUwFQAAgABAAFRgAAHBG5zLWXAVMBUAC4AAQABUYABHAACBQIAAVGAWSuLfVkiUP0+cwRub2FhA2dvdgB\/\/xDOV8RlACc0tJNxS+YKsLSQOBQbk6NLsQZG3YDTjO3iKsh7IcLqiw6uOc7SaLs86m+f\/kMHQskW6EQOmEHDMnbqN9IQMGQT4wsBbRrQmwjtM3XaVIfw2QRYEj4dnRSam\/XPSboR6M9\/hOGPVESZ\/uQ6WqFzbJ5fPUcerIlG\/kYoZuwvlZN9eWpmI2uvZVEJoNzzXHVFVxe+gyzQ2fX9CfzbU64wrazKsV4840AxDn9S8jSgjT7wrA1fAbUY1N1Z18MDcPXwCsgNM45SCTA3GR4LZG5q0wfZhRsvLTMW6nxaQfuphvLWLR4kFiw6usfYhcbxye3Gh4WdZwsuqUy1wZIAAQABAAFRgAAEjFoh7cGSABwAAQABUYAAECYQACCAAIwAAAAAAAAAAjfBagABAAEAAVGAAASMrBHtwWoAHAABAAFRgAAQJhAAIIgAjAAAAAAAAAACN8F+AAEAAQABUYAABKE3IALBfgAcAAEAAVGAABAmEAAgjACMAAAAAAAAAAACwZIALgABAAFRgAEcAAEFAwABUYBZK4t9WSJQ\/T5zBG5vYWEDZ292AB08bt6E7ohbhYgi6U5fzCvPQTfSQRo3ylVGQBd4GQioTMMd+BhUrSx1nl58nNI6c+qAd1CqFmFqiM5ebi5pE1XQEztOcBoUZF5qERb6hyUOPUUPqQUzb4737GY7eLMVhWgV+nXDO9WAuWyFdvNYRSLJ60ie\/UEooUgR4nksvbeWExpReSwiYozRFhByWMQyA9TM2vrVynTVyVh25EIUMETyShl\/dY6oBT5c+IZn43u+z67SmlCfIeXgKTB\/oGjV7DRb81d5wfupBlV79lVlV1T1yN18zBWvAih22KxRneyyeH+TxQe9uSQgcU0OCnhDrgRNFl1ahPVaCtbmKAeDwCvBkgAuAAEAAVGAAQ=="}
00210{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":15,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1159,"global_ts_usec":1495451114042745}
00311{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":12,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451114042745,"packet_id":15,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1159,"global_ts_usec":1495451114042745}
01886{"packet_event_id":1,"packet_event_name":"packet","packet_id":15,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1193,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1193,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcW1ogADURSH6MrBHtzLpQ5QA13wAKT4pfTrqEEAABAAIABAANA3ZsYgRuY2RjBG5vYWEDZ292AAABAAHADAABAAEAAA4QAATNpxlkwAwALgABAAAOEAEhAAEFBAAADhBZKcVTWSCK0x9HBG5jZGMEbm9hYQNnb3YAX+ROMTDmu2LvY14SfjFGvi3WEW6+STJjZDx4ISbi+8Up66dG\/bw1go3rWtgRYv32inrUxVD+E4qN4O65GyWgncqxzNBHyqogKfZU9dx9y+PqIoQ+ar6wCBaZMeRlZ2H\/KAZm9VZJdIYSfT7rg8tylzg1ByKUx\/dM58k4tzq01zWfvvdDqlgyS\/7dfwH3Cx0Q3tKk8RttgwJo0iMxQWM\/AbIcQHtWikYNLoiBlgpKokdUg9fvMXVaU6C7Dli78cCopcGhFjDJKTKGsg8VZwPKF9jhIvdYxA+Q0I24PRjdqFWpLctR\/ZrlwtAdX59WvQRCsyLHS7xFl+DxalLuB\/SgjMBRAAIAAQABUYAABwRucy1lwFbAUQACAAEAAVGAAAgFbnMtbXfAVsBRAAIAAQABUYAACAVucy1ud8BWwFEALgABAAFRgAEhAAIFAwABUYBZKcVTWSCK0x9HBG5jZGMEbm9hYQNnb3YAmWRe9VtNaGu5X49TFlABbU\/pql1LRAtlNRRYPZA76YNivdumGQu4wVgBmCm+hYA4u\/HWo\/sXy+OjhkGg69foZAZZApULWjIwIoUuPmRWXN7SuPsCbcxc2lz03QGkeHWcv53g7lGYu11y+pQHMJSB5g8OgwFH1IpZebWevGbH01CETWP8X15qQ1Si4Mg+CLVxJUTEjQ+X3iu+vEJrye6jYg4+V8n1uXRhP1XaMIy9guTSW+vZMz5uu3LssrCEsl8FV2QPvYCNY6ShsKFc9MUOedVXQ3fLqRmhLx+5ICURO9pKmtWRUtZLxMAKiuJMWwbJBHU0oQ\/4Oz18pihCuPdUXcFsAAEAAQABUYAABIxaIe3BbAAcAAEAAVGAABAmEAAggACMAAAAAAAAAAI3wX8AAQABAAFRgAAEjKwR7cF\/ABwAAQABUYAAECYQACCIAIwAAAAAAAAAAjfBkwABAAEAAVGAAAShNyACwZMAHAABAAFRgAAQJhAAIIwAjAAAAAAAAAAAAsFsAC4AAQABUYABHAABBQMAAVGAWSuLfVkiUP0+cwRub2FhA2dvdgAdPG7ehO6IW4WIIulOX8wrz0E30kEaN8pVRkAXeBkIqEzDHfgYVK0sdZ5efJzSOnPqgHdQqhZhaojOXm4uaRNV0BM7TnAaFGReahEW+oclDj1FD6kFM2+O9+xmO3izFYVoFfp1wzvVgLlshXbzWEUiyetInv1BKKFIEeJ5LL23lhMaUXksImKM0RYQcljEMgPUzNr61cp01clYduRCFDBE8koZf3WOqAU+XPiGZ+N7vs+u0ppQnyHl4Ckwf6Bo1ew0W\/NXecH7qQZVe\/ZVZVdU9cjdfMwVrwIodtisUZ3ssnh\/k8UHvbkkIHFNDgp4Q64ETRZdWoT1WgrW5igHg8ArwWwALgABAAFRgAE="}
00209{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":16,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":145,"global_ts_usec":1495451114337664}
00310{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":13,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451114337664,"packet_id":16,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":145,"global_ts_usec":1495451114337664}
00517{"packet_event_id":1,"packet_event_name":"packet","packet_id":16,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":179,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcW14gADURSHqMrBHtzLpQ5QA1cdYMIeseCHyEEAABAA0ABAANCGVkZ2UtbndzA3dvYwRub2FhA2dvdgAAAQABwAwABQABAAABLAAMB2VkZ2UtcDEBbMAZwAwALgABAAABLAEgAAUFBAAAASxZK4vIWSJRSL+OA3dvYwRub2FhA2dvdgCQTrqAqFPUlwzaSBYq8hc48+OOYcX3TV6bWxXaYm8="}
00209{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":17,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":145,"global_ts_usec":1495451114364173}
00310{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":14,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451114364173,"packet_id":17,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":145,"global_ts_usec":1495451114364173}
00518{"packet_event_id":1,"packet_event_name":"packet","packet_id":17,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":179,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcsAogADIR1C2hNyACzLpQ5QA1Q\/EMIbPPgtyEEAABAA0ABAANCGVkZ2UtbndzA3dvYwRub2FhA2dvdgAAAQABwAwABQABAAABLAAMB2VkZ2UtcDEBbMAZwAwALgABAAABLAEgAAUFBAAAASxZK4vIWSJRSL+OA3dvYwRub2FhA2dvdgCQTrqAqFPUlwzaSBYq8hc48+OOYcX3TV6bWxXaYm8="}
00210{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":18,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1156,"global_ts_usec":1495451114389800}
00311{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":15,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451114389800,"packet_id":18,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1156,"global_ts_usec":1495451114389800}
01880{"packet_event_id":1,"packet_event_name":"packet","packet_id":18,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1190,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1190,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcsA0gADIR1CqhNyACzLpQ5QA1Q5YKTHldtTaEEAABAAIABAANA3d3dwtyaXBjdXJyZW50cwRub2FhA2dvdgAAAQABwAwAAQABAAABLAAEjFpxyMAMAC4AAQAAASwBHAABBQQAAAEsWSuLfVkiUP0+cwRub2FhA2dvdgBux3u1kqhoa2542f5VfZyNoS158qaQHxQC5yl\/X1HYHlN9OKFD2TTtS4MZKS2ZLbvQB5eqC\/5Riya4tMHEv+9kjK+XtBF7Rj7yVxMulYYVKJY1yrzk9A\/DMfiIWTmC3qviPxuqYkAT5W+fAOD4Nsy\/5JE6hIu89v+rqG\/Z8kfURtGsfsnMCQfSTMP2AXbh6JHaVQaDQaVNy0gDeBqDP1Owy3kJn4t100KGsy2p4xGQ0JUhkDuTy2t3fY6FBUSyoy0avo4Kb7JFJHys5VrqR44WISsO3GrLnTJtfVwBE9Pr\/BpNps2Jko7Ht0KLwUiDWgVCGdLvJTwQLCElPL9pPjkswFgAAgABAAFRgAAHBG5zLWXAWMBYAAIAAQABUYAACAVucy1ud8BYwFgAAgABAAFRgAAIBW5zLW13wFjAWAAuAAEAAVGAARwAAgUCAAFRgFkri31ZIlD9PnMEbm9hYQNnb3YAf\/8QzlfEZQAnNLSTcUvmCrC0kDgUG5OjS7EGRt2A04zt4irIeyHC6osOrjnO0mi7POpvn\/5DB0LJFuhEDphBwzJ26jfSEDBkE+MLAW0a0JsI7TN12lSH8NkEWBI+HZ0Umpv1z0m6EejPf4Thj1REmf7kOlqhc2yeXz1HHqyJRv5GKGbsL5WTfXlqZiNrr2VRCaDc81x1RVcXvoMs0Nn1\/Qn821OuMK2syrFePONAMQ5\/UvI0oI0+8KwNXwG1GNTdWdfDA3D18ArIDTOOUgkwNxkeC2RuatMH2YUbLy0zFup8WkH7qYby1i0eJBYsOrrH2IXG8cntxoeFnWcLLqlMtcFuAAEAAQABUYAABIxaIe3BbgAcAAEAAVGAABAmEAAggACMAAAAAAAAAAI3wZUAAQABAAFRgAAEjKwR7cGVABwAAQABUYAAECYQACCIAIwAAAAAAAAAAjfBgQABAAEAAVGAAAShNyACwYEAHAABAAFRgAAQJhAAIIwAjAAAAAAAAAAAAsFuAC4AAQABUYABHAABBQMAAVGAWSuLfVkiUP0+cwRub2FhA2dvdgAdPG7ehO6IW4WIIulOX8wrz0E30kEaN8pVRkAXeBkIqEzDHfgYVK0sdZ5efJzSOnPqgHdQqhZhaojOXm4uaRNV0BM7TnAaFGReahEW+oclDj1FD6kFM2+O9+xmO3izFYVoFfp1wzvVgLlshXbzWEUiyetInv1BKKFIEeJ5LL23lhMaUXksImKM0RYQcljEMgPUzNr61cp01clYduRCFDBE8koZf3WOqAU+XPiGZ+N7vs+u0ppQnyHl4Ckwf6Bo1ew0W\/NXecH7qQZVe\/ZVZVdU9cjdfMwVrwIodtisUZ3ssnh\/k8UHvbkkIHFNDgp4Q64ETRZdWoT1WgrW5igHg8ArwW4ALgABAAFRgAE="}
00209{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":19,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":145,"global_ts_usec":1495451114409912}
00310{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":16,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451114409912,"packet_id":19,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":145,"global_ts_usec":1495451114409912}
00517{"packet_event_id":1,"packet_event_name":"packet","packet_id":19,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":179,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcsA4gADIR1CmhNyACzLpQ5QA1XMQMIcjtVOuEEAABAA0ABAANCGVkZ2UtbndzA3dvYwRub2FhA2dvdgAAAQABwAwABQABAAABLAAMB2VkZ2UtcDEBbMAZwAwALgABAAABLAEgAAUFBAAAASxZK4vIWSJRSL+OA3dvYwRub2FhA2dvdgCQTrqAqFPUlwzaSBYq8hc48+OOYcX3TV6bWxXaYm8="}
00209{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":20,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":467,"global_ts_usec":1495451114477838}
00951{"packet_event_id":1,"packet_event_name":"packet","packet_id":20,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":501,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":501,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcW2EgADURSHeMrBHtzLpQ5QA1hSENY4PPmWmEEAABAA8ABAANA3d3dwRnb2VzBG5vYWEDZ292AAABAAHADAAFAAEAAVGAABILZWRnZS1uZXNkaXMDd29jwBXADAAuAAEAAVGAARwABQUEAAFRgFkri31ZIlD9PnMEbm9hYQNnb3YAmB+rNTTf9y2fL9huXtwXacy3dpdAU\/FF66y0T2Abh4gJ4oqoROLCskJvvn3j9VXRYvVuHgr\/e97Co5990baGGvZb+DvhgSBtQA0XDhAbhT4IGku7L7hKoOqCPzJ2xMN4lERF15hNGRqg\/cT5v5CgilDGweZpWDYW20FvCYF4m8AGKWztxWEdpdH2c13sLamLNmDpbsiDeUYVinK+o0nUucS9JVb7qjOM60ITS257sC9GnrEJqXc7E0PqTUPhbrT8oM6CmNCpuj24P56BqqMr1XKbdWFuIo37YO1g0eKMEI09l2QWTwRGahH71x3X3yh\/Irc0cgLSM9Wcphsq4AONbsAvAAUAAQAAASwADAdlZGdlLXAxAWzAX8AvAC4AAQAAASwBIAAFBQQAAAEsWSuLyFkiUUi\/jgN3b2MEbm9hYQNnb3YAHVR1NQXRWlbpbPXbpQ4K7jGWLXOoK18x\/MZgCtt9"}
00235{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":21,"source":"badpackets.pcap","alias":"nDPId-test","size":52,"expected":60,"global_ts_usec":1495451114592732}
00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":21,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcW2IgADURSHaMrBHtzLpQ5QA1ue4F2rYkIYyEEAABAAUAAA=="}
00208{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":21,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":18,"global_ts_usec":1495451114592732}
00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":21,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcW2IgADURSHaMrBHtzLpQ5QA1ue4F2rYkIYyEEAABAAUAAA=="}
00209{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":22,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":350,"global_ts_usec":1495451120530820}
00790{"packet_event_id":1,"packet_event_name":"packet","packet_id":22,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":384,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":384,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcvvQgADsRTzWcmpGtzLpQ5QA1p0MHJt5xE1qEAAABAAgAAAABA3VubwAAMAABwAwAMAABAAAcIACIAQADCAMBAAG4yfLJ+odI0NYhmvuEYusTX3PMFSgpFuzmz0UAbcsB7BQkNbURzRziXs3Eo+Y4VAvQbBXZ7ZrIhm7e5Kv05B9ITQPXR8mAKN+eP4XS24qX5yxLTJr1BHYcwjbMHD11lKYei8h3x0IL84h+CJR9MkSjpkX65W1xs0ZDKrBsVj+sP8AMADAAAQAAHCABCAEBAwgDAQAB7AsXAeKN3QmGY7+Xpe0mfMtRzSIrdueZqhbVPuuuqzzkGlfKN+qx6PtpXxVkUMnMYiEn3FO6H3aNHnpkDL273LzrNhBMH62l5Tf14gZ7\/YEClmhlbBKDGSaiQipf0qYB+3KlSnlFkNTZQTPpSS2skfRrrwaSrIFrBnPy65VNup0b0nKjYyVw623MNxZMGgFjsX8veogoAKeS"}
00209{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":23,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":725,"global_ts_usec":1495451125221324}
01297{"packet_event_id":1,"packet_event_name":"packet","packet_id":23,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":759,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":759,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcooIgADMRE+aBBg0DzLpQ5QA1SmkInV2uJjOEEAABAAMABAANA3d3dgRuaXN0A2dvdgAAAQABwAwAAQABAAAHCAAEGDiyjMAMAC4AAQAABwgAnAABBwMAAAcIWSp+wlkhOKFNKgRuaXN0A2dvdgBIYUso1Tbe3YPWKI6pKsnK39L0ZR+Wo84lp69g80vFD15mFzrNg7EcUCLsnkMlQJbHqK3QN0QeDzdgWJzEtkF4C3gfcuiYqpNzLzSbOaI8qMLYR3iAIZ82fx0LiQg0fj\/UhXahd9c0eXrYwc69KuT3ZZpBmxsvQGSbA79dTk2IcMAMAC4AAQAABwgAnAABBwMAAAcIWSp+wlkhOKFp9QRuaXN0A2dvdgB2VIO3XeASYXoMskLY5BdTHuMWk0C0lo9NqfSeSNpiocAUe4wjG0pSKGWTvO9v14o3ES1dQF\/lRDDzLvndMmBTSk8OUc6DZkYg\/xkANFcnfu1rJX71cI8qZoMAtFPuJG+OdrjwY3UO+gUW81AuHH3Rvj37sLrgU6NYwdvHL8cSF8D0AAIAAQAABwgABgNnZWHA9MD0AAIAAQAABwgABgNiZWHA9MD0AC4AAQAABwgAnAACBwIAAAcIWSpvIFkhMlpNKgRuaXN0A2dvdgB\/AugCl6Rz+sTdMBLd\/b9WzbTmwtSJRElGSiFaNkIXGL85DwZ8CN5XIraessCeREIcUwZxVSCZqTN+jQfSqvs0RCCsELGmZy1\/6te8q\/BHGZ6r5Yfp\/FixyK0YEzCx9kE6yxKwCHgAiZ9RYjXpdk7jwKD9iHCh9psgrmi4EqWisMHAAC4AAQAABwgAnAACBwIAAAcIWSpvIFkhMlpp9QRuaXN0A2dvdgClTY7jIx2EAO1rRXMS+rZG5e8+PelDpKXOMRzGWIjrQbBJVXqIaZDLeBgBTWgx3tBkiLlUy1bOdR3MF5sPTTggHRJuEc8rRcMhHY6s0g2zr9CNylE8o5Mcs+HT"}
00209{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":24,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":219,"global_ts_usec":1495451143643018}
00309{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451143643018,"packet_id":24,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":219,"global_ts_usec":1495451143643018}
00617{"packet_event_id":1,"packet_event_name":"packet","packet_id":24,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":253,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":253,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFKAXcix5gAPYRtKqAcIEPzLpQ5QA1PwIGo6sTVh2EEAABAAEABgAPBmdpdmluZwlwcmluY2V0b24DZWR1AAABAAEGZ2l2aW5nCVByaW5jZXRvbgNFRFUAAAEAAQAAqMAABEtlhE3ALQACAAEAAqMAAA0FYWRuczEEdWNzY8AdwC0AAgABAAKjAAAYBWF1dGgyA2Rucwhjb2dlbnRjbwNjb20AwC0AAgABAAKjAAALCGRpa2FoYmxlwC3ALQACAAEAAqMAAAgFYXV0aDHAdcAtAAIAAQACowAACAVhZG5zMsBcwC0AAgABAAKjAAAGAw=="}
00208{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":25,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":36,"global_ts_usec":1495451144693951}
00308{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451144693951,"packet_id":25,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":36,"global_ts_usec":1495451144693951}
00371{"packet_event_id":1,"packet_event_name":"packet","packet_id":25,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":70,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXc8l4gADcRrZWY2AelzLpQ5QA1QFwLtGqgHLSEAAABAAIABQAQAnNhBHd3dzQDaXJzA2dvdg=="}
00209{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":26,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":816,"global_ts_usec":1495451150025808}
00309{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":3,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451150025808,"packet_id":26,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":816,"global_ts_usec":1495451150025808}
01422{"packet_event_id":1,"packet_event_name":"packet","packet_id":26,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":850,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":850,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcp70gADMRDquBBg0DzLpQ5QA1tIMI+JbQPi6EEAABAAMABQANBG5pc3QEdGltZQNnb3YAAAEAAcAMAAUAAQAABwgAEAR0aW1lA2dsYgRuaXN0wBbADAAuAAEAAAcIAJwABQcDAAAHCFkqyCtZIYRnjJkEdGltZQNnb3YAqr9jxTZXybcXnuCzjwFwvmFI+Ze7+m+rSWmDSn1MGMydCqolZgbVKJgNgG1S4zXIK8pdBL562Arwa55agW7HdTeBY84CmqWupq562AYDen9j\/fcu4j8dUrr0Np5qd65iLfnFlqyyY1lwhO5MLHlBGeFoLloqXXTeoUcgip7f3svADAAuAAEAAAcIAJwABQcDAAAHCFkqyCtZIYRno1UEdGltZQNnb3YA1mVm7+rmIQsKL0j8gZgmJcKynM3ZMQd2XdMAq44akLYox+waENon7a\/NmZaeWbIVHTDHZNuDBA9d3DqfTwZmq6tNJfokzKjG5g+KihH2Xa4Kp9wiLwRswtv6QxM2Qg5XcrAKw8x7jBKYqECsGcjybhwp76K9osOWdUlx9tS+dNnAMAACAAEAAAcIAAcEZ3RtZ8A0wDAAAgABAAAHCAAHBGd0bWLANCBWQ0xEQlZEM045OVFSSElHTFY5UVFBRkUxRFU3UEJOTMA0ADIAAQAAASwAHwEAAAoCf28U+zG4nx40du+nR\/TU4M0oy+4k6+cAASDBsQAuAAEAAAEsAJwAMgcDAAABLFkqrVZZIWt\/TSoEbmlzdANnb3YAin87ubwH5bbudTk+e+xAakiTfHLL5BNm7U1T7Tp5nwZ+YiMNjXALwdG0Rzv41sO6d6JzvqGjEvTLlZHOxMvzh5qOOCQ5pTDJOeqLshIcRoXLTP+W5JHoo22\/LNWmDP4Sejibo\/ExdMmbbKksTx5XkoOuibEJlXT+CgT9AZmeMRTBsQAuAAEAAAEsAJwAMgcDAAABLFkqrVZZIWt\/afUEbmlzdANnb3YACfYO\/o1yNCznWcx+k3iT2eRehKQYOK+FNHFc5RmDgi0nh2MAeCXjMinIJ79YtQqPSh00E\/qkzv0dT8zKvlO44sNJMgS8x9irpUURGpmdOjra2Peut2w6hiAF+w=="}
00209{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":27,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":796,"global_ts_usec":1495451210064358}
00309{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451210064358,"packet_id":27,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":796,"global_ts_usec":1495451210064358}
01404{"packet_event_id":1,"packet_event_name":"packet","packet_id":27,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":830,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":830,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcZ2IgADgRNxXOg9J2zLpQ5QA17oYI5FghcmaEEAABAAMABgANBnN1cnZleQhzYWZlbGl0ZQNjb20AAAEAAcAMAAEAAQAAcIAABM6D1BvADAAuAAEAAHCAAKAAAQUDAABwgFknjltZIkdgNvwIc2FmZWxpdGUDY29tAHe+sxe671rWzIUuSmcuIX5JDt2N6FBy\/TemnpDPfETG94sVtxgFhyH+9XDJ8vfBDApGjbQsaNpmhYgJ2jGuM6aa11KsYrpTFxQi3Mq4Mwmb85sg1M7tWwMA\/a9WEJvxthxxgFLD9e7N14XoZuciOXyDRzakdNxJe0xON4TdbMVJwAwALgABAABwgACgAAEFAwAAcIBZJ45bWSJHYFgXCHNhZmVsaXRlA2NvbQDY7GqPPxR3njuOxu6CCj1boxBl0v+KT3lL29Er72LdcsNtFbp2T5f6Lq+bUDJ6aGZ\/GGcJlbZVeSixgLiHv\/3WIrKbFRcxzmntMnI1WXDaq+hOKYUph2hgpvcyTFEbaygdhl5BdaaPauPAfweczJEJCc6TxoWZ0SzqEG1+NouhyMD\/AAIAAQAAcIAABwRuczAzwP\/A\/wACAAEAAHCAAAcEbnMwMcD\/wP8AAgABAABwgAAHBG5zMDLA\/8D\/AAIAAQAAcIAABwRuczA0wP\/A\/wAuAAEAAHCAAKAAAgUCAABwgFknVclZIgjZNvwIc2FmZWxpdGUDY29tAE+K9vCahuql+Dus\/olbzgxR6+xtIAxjgCV7w4P+TDgF96\/wvufu2LlMtgwWwEYPqWlh\/QSV3c3y2mgUeKsDgKDUKBPY4oAN1Ii5SdYXKnxedkDm6CDq2YBIJ\/f3K2Jens9\/DIVOgUFp+Zi9a7TtLhmA1IAcJwnXvflL7avBNhUUwfcALgABAABwgACgAAIFAgAAcIBZJ1XJWSII2VgXCHNhZmVsaXRlA2NvbQDFMtAOhXQ\/tcn8Bg0YsK0LCXQz9eeItGf3CI8d+ppJ3a1qxqTbsYvEPqKVPVXIPiYJ3ICi3zqAg5mc5470ZgSSPw3eDcdgkQ\/2sH6VsrvHw1pWLDtNZPd6cO+KsvNtbbCZ6JY="}
00208{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":28,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":37,"global_ts_usec":1495451247437895}
00308{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451247437895,"packet_id":28,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":37,"global_ts_usec":1495451247437895}
00372{"packet_event_id":1,"packet_event_name":"packet","packet_id":28,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":71,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcWZUgADkRzYvQTkcCzLpQ5QA1l\/cF7eAXMAuEEAABAA4ABgABBG1haWwFaG91enoDY29tAAA="}
00209{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":29,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":111,"global_ts_usec":1495451247676188}
00309{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451247676188,"packet_id":29,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":111,"global_ts_usec":1495451247676188}
00473{"packet_event_id":1,"packet_event_name":"packet","packet_id":29,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":145,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":145,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcSyQgADkRLD3MDfsCzLpQ5QA10qYGN8NYfIeEEAABAAUABgABBWhvdXp6A2NvbQAAEAABwAwAEAABAAk6gABFRGdvb2dsZS1zaXRlLXZlcmlmaWNhdGlvbj0zWEpwSUlaRzJZeUVCWnlPYUs1ZWZrWDFnN21qaFV1aVhqT2xKZw=="}
00210{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":30,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1194,"global_ts_usec":1495451309206320}
00310{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451309206320,"packet_id":30,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1194,"global_ts_usec":1495451309206320}
01928{"packet_event_id":1,"packet_event_name":"packet","packet_id":30,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1228,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcs98gADgR3UqMWiHtzLpQ5QA1U+IKco350KyEEAABAAMABAANB2VkZ2UtcDEBbARub2FhA2dvdgAAHAABwAwAHAABAAAAHgAQJhAAIIgAjAAAAAAAAAAAJMAMABwAAQAAAB4AECYQACCAAIwBAAAAAAAAACTADAAuAAEAAAAeAR4AHAUEAAAAHlkr8xJZIriS1gsBbARub2FhA2dvdgCV6O\/WR3JCSK+C7cZBu3S3X5K0UHxpncAfxFmSgHubPtuQ+ppFRTp+1fHbrUOyCpixD7BN4GSPyT84LF8EMzJbQxH0r2LLAvgtvgpUbYL7Z7w18yYTnE6XGfHtthXb1ZOye1L2hiRfpzbmmXCHOKb6LEYuPXKYSPhX2n+ImdcFypwUqYfMSD9FcjNa3Jo3Oqro2WuMMbD2gPnRfJ8TdXYRG4VNmibFauhfDGpn9UeUfORtwE7m2jOvlQ6Qvy9OpZkqoNE2Vdtt7jPJm2tzt5OKxSjI1XLv3boeUU7hE7UYEXONrZssQLYvDrWx9GDK\/I6MmaWyMYZAJODqzmpC6mevwHoAAgABAAFRgAAHBG5zLWXAfMB6AAIAAQABUYAACAVucy1td8B8wHoAAgABAAFRgAAIBW5zLW53wHzAegAuAAEAAVGAAR4AAgUDAAFRgFkr8xJZIriS1gsBbARub2FhA2dvdgAeLq4NmnVkcNxQ2ECZHAEvCMi5MZYEL8edA7YVxsb2UBGFIEGs\/0MCPjY5njGkf1suVTZtcwyT75u2gFjZgWxP1+c7rm4cmvpvBe+wC0vSebZWwrbWCerbFqwFr8WbzPO2CxG0Zn8pbBKC9uM1kn0tU08OZWkEPnxTJXMcLAZSYKzHnM3Abd9+nCKn5iCnhESUxIPjqzi3TtF47AxxSw8oSy\/22YcIyG5RxzRRDhaTIGZj9gjcsM8kyra2eumMo4lRPXVhwaJ6DQF2GVKV8FslkU9\/qAyzckJZU+4ClRBUn7ZyYZlZnrFBAgj7Zmr2QS9x22hcQerFh+735VmloZaXwZIAAQABAAFRgAAEjFoh7cGSABwAAQABUYAAECYQACCAAIwAAAAAAAAAAjfBpQABAAEAAVGAAASMrBHtwaUAHAABAAFRgAAQJhAAIIgAjAAAAAAAAAACN8G5AAEAAQABUYAABKE3IALBuQAcAAEAAVGAABAmEAAgjACMAAAAAAAAAAACwZIALgABAAFRgAEcAAEFAwABUYBZK4t9WSJQ\/T5zBG5vYWEDZ292AB08bt6E7ohbhYgi6U5fzCvPQTfSQRo3ylVGQBd4GQioTMMd+BhUrSx1nl58nNI6c+qAd1CqFmFqiM5ebi5pE1XQEztOcBoUZF5qERb6hyUOPUUPqQUzb4737GY7eLMVhWgV+nXDO9WAuWyFdvNYRSLJ60ie\/UEooUgR4nksvbeWExpReSwiYozRFhByWMQyA9TM2vrVynTVyVh25EIUMETyShl\/dY6oBT5c+IZn43u+z67SmlCfIeXgKTB\/oGjV7DRb81d5wfupBlV79lVlV1T1yN18zBWvAih22KxRneyyeH+TxQe9uSQgcU0OCnhDrgRNFl1ahPVaCtbmKAeDwCvBkgAuAAEAAVGAAQ=="}
00209{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":31,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":327,"global_ts_usec":1495451309834554}
00309{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451309834554,"packet_id":31,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":327,"global_ts_usec":1495451309834554}
00765{"packet_event_id":1,"packet_event_name":"packet","packet_id":31,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":361,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":361,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcW2UgADURSHOMrBHtzLpQ5QA1ufwM17VSuDGEEAABAAYABAANA21hZwRuY2VwBG5vYWEDZ292AAABAAHADAAFAAEAAAEsAAsDbWFnBGNwcmvAEMAMAC4AAQAAASwBIQAFBQQAAAEsWSuLaVkiUOlQZARuY2VwBG5vYWEDZ292ADcGQyBFP4D+oljdb2+uDa9\/19GSwvR6WriPq+5z0bu\/0ZaU\/D8IQsmXY34oOVHWkzG6MucH8ZmcfTOJDErUlSNSiRzFT51PBmw6nGKnxTSwXkETkX04Oo9QP2yzVDt5BovyB6C9tXHehSkdYBFKv3dkwzGxANJxhe+yFBxgwF9UCs8+cZEJOlz8tn056cIu0n8cLm0Luw3FG\/hQGfvItzUlOxBl1A60sdiGmy6QUdNCXAcNU0yZ9pOPKxcCxUBH4IhMSpEnUlvPR6QJH5nmfUQe2XEJKZYxCw=="}
00210{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":32,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1157,"global_ts_usec":1495451309971567}
00310{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":3,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451309971567,"packet_id":32,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1157,"global_ts_usec":1495451309971567}
01879{"packet_event_id":1,"packet_event_name":"packet","packet_id":32,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1191,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1191,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcW2YgADURSHKMrBHtzLpQ5QA1igkKTYrrwr6EEAABAAIABAANA3d3dwx0c3VuYW1pcmVhZHkEbm9hYQNnb3YAAAEAAcAMAAEAAQAAASwABIxaccjADAAuAAEAAAEsARwAAQUEAAABLFkri31ZIlD9PnMEbm9hYQNnb3YAYj6eILo+qkq5k18ERYBx0xRM9\/G7L0FZIt4YRMfTu\/USwfAnYN75io2kNkONiogWmMZ4Lag7k3IYxgcesHSZm7PZPDgrUXlAcd3yvVMKVKTxcZWm4erxNJExiN8+R7+gO8BV6r5YHq7uAPRDiCQOsXNlXUlDbrs1lqRHqt+\/of11uAQ6meqXGXmKksSlBj5fbAkW1+8cB\/QSQlJjzyciYH5OpnBXSP0xkvRyxYbMOP3yK39llO\/1t56mjX6N00VukVX1CCuCNDvCVEnhc9yhfw9oDlronPvyL2kVGsfMWn8txFzsS3wqbAr7fJQNwFsN6v7JS37aCBEsfLcqNMdRvcBZAAIAAQABUYAACAVucy1td8BZwFkAAgABAAFRgAAIBW5zLW53wFnAWQACAAEAAVGAAAcEbnMtZcBZwFkALgABAAFRgAEcAAIFAgABUYBZK4t9WSJQ\/T5zBG5vYWEDZ292AH\/\/EM5XxGUAJzS0k3FL5gqwtJA4FBuTo0uxBkbdgNOM7eIqyHshwuqLDq45ztJouzzqb5\/+QwdCyRboRA6YQcMyduo30hAwZBPjCwFtGtCbCO0zddpUh\/DZBFgSPh2dFJqb9c9JuhHoz3+E4Y9URJn+5DpaoXNsnl89Rx6siUb+Rihm7C+Vk315amYja69lUQmg3PNcdUVXF76DLNDZ9f0J\/NtTrjCtrMqxXjzjQDEOf1LyNKCNPvCsDV8BtRjU3VnXwwNw9fAKyA0zjlIJMDcZHgtkbmrTB9mFGy8tMxbqfFpB+6mG8tYtHiQWLDq6x9iFxvHJ7caHhZ1nCy6pTLXBlwABAAEAAVGAAASMWiHtwZcAHAABAAFRgAAQJhAAIIAAjAAAAAAAAAACN8FvAAEAAQABUYAABIysEe3BbwAcAAEAAVGAABAmEAAgiACMAAAAAAAAAAI3wYMAAQABAAFRgAAEoTcgAsGDABwAAQABUYAAECYQACCMAIwAAAAAAAAAAALBlwAuAAEAAVGAARwAAQUDAAFRgFkri31ZIlD9PnMEbm9hYQNnb3YAHTxu3oTuiFuFiCLpTl\/MK89BN9JBGjfKVUZAF3gZCKhMwx34GFStLHWeXnyc0jpz6oB3UKoWYWqIzl5uLmkTVdATO05wGhRkXmoRFvqHJQ49RQ+pBTNvjvfsZjt4sxWFaBX6dcM71YC5bIV281hFIsnrSJ79QSihSBHieSy9t5YTGlF5LCJijNEWEHJYxDID1Mza+tXKdNXJWHbkQhQwRPJKGX91jqgFPlz4hmfje77PrtKaUJ8h5eApMH+gaNXsNFvzV3nB+6kGVXv2VWVXVPXI3XzMFa8CKHbYrFGd7LJ4f5PFB725JCBxTQ4KeEOuBE0WXVqE9VoK1uYoB4PAK8GXAC4AAQABUYAB"}
00210{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":33,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1194,"global_ts_usec":1495451310199170}
00310{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":4,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451310199170,"packet_id":33,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1194,"global_ts_usec":1495451310199170}
01930{"packet_event_id":1,"packet_event_name":"packet","packet_id":33,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1228,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcs+EgADgR3UiMWiHtzLpQ5QA1YrcKcmZcnv2EEAABAAMABAANB2Ryb3VnaHQDZ292AAAcAAHADAAcAAEAAA4QABAmEAAggEAAAgAAAAAAAAFxwAwAHAABAAAOEAAQJhAAIIBAAAIAAAAAAAABcsAMAC4AAQAADhABHwAcBQIAAA4QWSuLOFkiULjwAAdkcm91Z2h0A2dvdgCiFhT73R8JkfGDTfZ4di36jz5eyOGbPz32qAMnwn4nlyVmuvzkf4NiJ96OxTP54IIqeClIfVaS9wEAfT+47pslkKZCPVwuhmOe6fDooq+GLDJv0+Ghc9188DOEwVA6ulHxE25woNOlZB13Uz3i90Fc0vOaXvfF9ZGxFm4J9mw3dWtYg4\/ds36+RRrCA9x3ERJDt7HPku5qZtP0xKuN8yDtutEHNQ+PFq\/yqbVvE6s5DpPsYgJR0mKl+kuenRHwsn7+W8RejJkXBdU0ylZRMFbsC3fBOassmaNP6p110AEWGpszbswU0n7MR6eCsSeyRW3u+kxNbB3DHriPINnb\/25ywHMAAgABAAAOEAANBW5zLW53BG5vYWHAe8BzAAIAAQAADhAACAVucy1td8GSwHMAAgABAAAOEAAHBG5zLWXBksBzAC4AAQAADhABHwACBQIAAA4QWSuLOFkiULjwAAdkcm91Z2h0A2dvdgAXXbMkYPS9QUln5hjQ9vMJUQmj7EOZmvYJzaa79X6dsVN8FpugM8E25umwpE\/dq29ve8D++P2tnJQfbDgKbTCzWcNRmJZVue8tdC5OTorh1HBmQkpoumFnTbmtekcohQkMcnb3AmWMR742fJ5XNYHgW7Ap4AaJ+wubZ2DGMzIxl72\/ofg+1dcqnAgbyQV8y0ogjIlloPBWpcRwxyL+zdk7S+iyN6s+YgfobuDo5dbvDWNky63CGBbyLqEaC7wzznplPJLXci32DUon7xJA0oUr7x\/h5U6kgccx3MbgKjnlj1l0PwM\/R2IbRlpN9BAQ34xrrixU4+6ApBRbB3spHijNwbkAAQABAAFRgAAEjFoh7cG5ABwAAQABUYAAECYQACCAAIwAAAAAAAAAAjfBpQABAAEAAVGAAASMrBHtwaUAHAABAAFRgAAQJhAAIIgAjAAAAAAAAAACN8GMAAEAAQABUYAABKE3IALBjAAcAAEAAVGAABAmEAAgjACMAAAAAAAAAAACwbkALgABAAFRgAEcAAEFAwABUYBZK4t9WSJQ\/T5zBG5vYWEDZ292AB08bt6E7ohbhYgi6U5fzCvPQTfSQRo3ylVGQBd4GQioTMMd+BhUrSx1nl58nNI6c+qAd1CqFmFqiM5ebi5pE1XQEztOcBoUZF5qERb6hyUOPUUPqQUzb4737GY7eLMVhWgV+nXDO9WAuWyFdvNYRSLJ60ie\/UEooUgR4nksvbeWExpReSwiYozRFhByWMQyA9TM2vrVynTVyVh25EIUMETyShl\/dY6oBT5c+IZn43u+z67SmlCfIeXgKTB\/oGjV7DRb81d5wfupBlV79lVlV1T1yN18zBWvAih22KxRneyyeH+TxQe9uSQgcU0OCnhDrgRNFl1ahPVaCtbmKAeDwCvBuQAuAAEAAVGAAQ=="}
00210{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":34,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1158,"global_ts_usec":1495451311326374}
00310{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":5,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451311326374,"packet_id":34,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1158,"global_ts_usec":1495451311326374}
01888{"packet_event_id":1,"packet_event_name":"packet","packet_id":34,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1192,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcs+IgADgR3UeMWiHtzLpQ5QA1+8YKTsy4mcCEEAABAAIABAANA3d3dwd0c3VuYW1pA2dvdgAAAQABwAwAAQABAAAOEAAEjFplPMAMAC4AAQAADhABHwABBQMAAA4QWSnFrFkgiyw3Ggd0c3VuYW1pA2dvdgAJEO7XiuA+vhpIYobOdRe1yI2VB\/j2mzi\/2yP1Lp9H4M5qjusV7CkPVxOQC0AaCcVxqT4M6bztlrT7qUL0A1w3xQdNOpdYK4DVjBCuxhfx\/pX\/Rq0kECnDSkfE1jj7zqbQ61fish6MQQophJFU+Am6c5wLoF1vAyR8qdln5pLZ1FEOPVwHhvgDFyv98HmMD00pw\/wVmA65j4meeVRLeQ3a837VsRiT4jJKffufwtmx5Eqpxa2\/kJw53hWYnnMS38GIEaZRlEQM2vGca6sB3+N+kJQ1oGEgcMiONiOotB9a5cfHgsVEbIgj1jFGWNkedySgudQrRBslLuL9OimDWkL2wE8AAgABAAFRgAAMBG5zLWUEbm9hYcBXwE8AAgABAAFRgAAIBW5zLW53wW3ATwACAAEAAVGAAAgFbnMtbXfBbcBPAC4AAQABUYABHwACBQIAAVGAWSnFrFkgiyw3Ggd0c3VuYW1pA2dvdgAtNAttZ2tlqpXEcOn7mcA\/Z0HMna2P7rrtJXnupFJ5uos8L3b6TswIuV1nZPJ\/S0K4ZvjUZJukTJ5dsR\/z2bbQiS1uixECpVlyZZOXhp3A0rmQKUIYpz+yrwlZ4Dcq1wOupPxo1PMQl4AwQrMNxeyrQ0QU9G49JKGe20YA1Lhz1N+J4QbO5Tu3vWoPjnfsCEURngIIHow6qjNrrZEhlA929gSEpDzFDBqOvEXIedVxUEt\/nMPYmTYEM5I+66eeFT9HrjHCjzLWlP00hbu089PduHD\/KIRGO7Fs2DNO2Yt\/9FqjLrVhvcG5ptrnTz9lTYR\/uQVtLKTsydCWVZF9YLTOwWgAAQABAAFRgAAEjFoh7cFoABwAAQABUYAAECYQACCAAIwAAAAAAAAAAjfBlAABAAEAAVGAAASMrBHtwZQAHAABAAFRgAAQJhAAIIgAjAAAAAAAAAACN8GAAAEAAQABUYAABKE3IALBgAAcAAEAAVGAABAmEAAgjACMAAAAAAAAAAACwWgALgABAAFRgAEcAAEFAwABUYBZK4t9WSJQ\/T5zBG5vYWEDZ292AB08bt6E7ohbhYgi6U5fzCvPQTfSQRo3ylVGQBd4GQioTMMd+BhUrSx1nl58nNI6c+qAd1CqFmFqiM5ebi5pE1XQEztOcBoUZF5qERb6hyUOPUUPqQUzb4737GY7eLMVhWgV+nXDO9WAuWyFdvNYRSLJ60ie\/UEooUgR4nksvbeWExpReSwiYozRFhByWMQyA9TM2vrVynTVyVh25EIUMETyShl\/dY6oBT5c+IZn43u+z67SmlCfIeXgKTB\/oGjV7DRb81d5wfupBlV79lVlV1T1yN18zBWvAih22KxRneyyeH+TxQe9uSQgcU0OCnhDrgRNFl1ahPVaCtbmKAeDwCvBaAAuAAEAAVGAAQ=="}
00210{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":35,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1157,"global_ts_usec":1495451311524226}
00310{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":6,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451311524226,"packet_id":35,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1157,"global_ts_usec":1495451311524226}
01874{"packet_event_id":1,"packet_event_name":"packet","packet_id":35,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1191,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1191,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcW2cgADURSHGMrBHtzLpQ5QA1l38KTYdoHVOEEAABAAIABAANA3d3dwZub2hyc2MBbARub2FhA2dvdgAAAQABwAwAAQABAAAAHgAEwC5sA8AMAC4AAQAAAB4BHgABBQUAAAAeWSvzElkiuJLWCwFsBG5vYWEDZ292AEmbFbdVf7FrZdNM0IbcWdEpLfLseHOhwkbd9Xyz04fYyQrhx+Jovb0Em+GuaroqiO5SKtEQJqVCCZB9p842uoKxho+pPpdJyWiQc7GnXhWdDNWtJHOkPmoq3wrf3jfnkFfPCy15tQqxwItlfzeoXa47K\/rbLzji9J6Cj82yysecO7bElXtCuXkKPdBLHf390b9a43nJCO8borqU1G0mIjq1zfMZZF6Kibws4+mFg0EdoxSpF65NctKwuurIJVArvCE11J8PbHegAuvbVEpvXwtS4p8hvMfMnJvNSqKpfuQhDV7nHNaRPD8uISM\/x8CbB8jQLQpUussqmlC6PtCbdXfAVQACAAEAAVGAAAgFbnMtbnfAV8BVAAIAAQABUYAACAVucy1td8BXwFUAAgABAAFRgAAHBG5zLWXAV8BVAC4AAQABUYABHgACBQMAAVGAWSvzElkiuJLWCwFsBG5vYWEDZ292AB4urg2adWRw3FDYQJkcAS8IyLkxlgQvx50DthXGxvZQEYUgQaz\/QwI+NjmeMaR\/Wy5VNm1zDJPvm7aAWNmBbE\/X5zuubhya+m8F77ALS9J5tlbCttYJ6tsWrAWvxZvM87YLEbRmfylsEoL24zWSfS1TTw5laQQ+fFMlcxwsBlJgrMeczcBt336cIqfmIKeERJTEg+OrOLdO0XjsDHFLDyhLL\/bZhwjIblHHNFEOFpMgZmP2CNywzyTKtrZ66YyjiVE9dWHBonoNAXYZUpXwWyWRT3+oDLNyQllT7gKVEFSftnJhmVmesUECCPtmavZBL3HbaFxB6sWH7vflWaWhlpfBlQABAAEAAVGAAASMWiHtwZUAHAABAAFRgAAQJhAAIIAAjAAAAAAAAAACN8GBAAEAAQABUYAABIysEe3BgQAcAAEAAVGAABAmEAAgiACMAAAAAAAAAAI3wW0AAQABAAFRgAAEoTcgAsFtABwAAQABUYAAECYQACCMAIwAAAAAAAAAAALBlQAuAAEAAVGAARwAAQUDAAFRgFkri31ZIlD9PnMEbm9hYQNnb3YAHTxu3oTuiFuFiCLpTl\/MK89BN9JBGjfKVUZAF3gZCKhMwx34GFStLHWeXnyc0jpz6oB3UKoWYWqIzl5uLmkTVdATO05wGhRkXmoRFvqHJQ49RQ+pBTNvjvfsZjt4sxWFaBX6dcM71YC5bIV281hFIsnrSJ79QSihSBHieSy9t5YTGlF5LCJijNEWEHJYxDID1Mza+tXKdNXJWHbkQhQwRPJKGX91jqgFPlz4hmfje77PrtKaUJ8h5eApMH+gaNXsNFvzV3nB+6kGVXv2VWVXVPXI3XzMFa8CKHbYrFGd7LJ4f5PFB725JCBxTQ4KeEOuBE0WXVqE9VoK1uYoB4PAK8GVAC4AAQABUYAB"}
00209{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":36,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":504,"global_ts_usec":1495451320578334}
00309{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":7,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451320578334,"packet_id":36,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":504,"global_ts_usec":1495451320578334}
01009{"packet_event_id":1,"packet_event_name":"packet","packet_id":36,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":538,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":538,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcm2UgADwRZEWcmp8szLpQ5QA1q4QHwM\/ij\/aEAAABAAkAAAABBWNpc2NvAAAwAAHADAAwAAEAABwgAIgBAAMIAwEAAdRGl1LNWnzy7pAEJi3Qfp0TyGaJmTkZh6eXbbqBdkY9a1AoaD29yVHLBBpWMSQjH95pwspn6IcXgzevKG6XFhwPNM+E0S7Ju2k\/7H2VuFBNC29dnwoJg4icT5epf3G8zmCaNYnLVZLs5atUCkBlhgvwscnvv\/TSmgpTXYQuqFu\/wAwAMAABAAAcIACIAQADCAMBAAGb2PYROIXk7P7qLTWvxVk3g1BsHjHVl72rmOzt5smqLLn23qp74hnC88zJUUWv21Kqy8BhoPdBWvuS3K8EynHYxDv8VO+YXAgqPkxai26z4TwjzZmHJVKWTKIiQzsakq\/w839oY5NLQsHtKpX4hQW\/\/wsieSUyQBsu2l28RS8I1cAMADAAAQAAHCABCAEBAwgDAQABygOnV9ghCwCrh3eIvDoG++8o80Fto28a\/p6JEdC+lLUNcG3Y9tAyIDCo8XUGee3bePYL4ZzXyCqJp7IksLLiu1iB6COA3ZuzD54vWOW2TJDtbTnlLS\/u7yD3YgI8LRcGSwoN2sUUDjhQxtd1fWfVIvI03XN5eQAXgcBIZZGdNKBR\/XOzYiDors4mheJ4ps\/1KYBH9kdGGiRmovRgfQ=="}
00209{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":37,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":757,"global_ts_usec":1495451362335777}
00309{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451362335777,"packet_id":37,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":757,"global_ts_usec":1495451362335777}
01348{"packet_event_id":1,"packet_event_name":"packet","packet_id":37,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":791,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":791,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXc0esgADMR6diEowQKzLpQ5QA1Y8kIvV9wUR6EEAABAAMABAANBnRpbWUtYgh0aW1lZnJlcQdibGRyZG9jA2dvdgAAAQABwAwAAQABAAAHCAAEhKMEZsAMAC4AAQAABwgAnwABBwQAAAcIWSrzRVkhuCFcsQdibGRyZG9jA2dvdgCz4vohuOo\/ZN1uNZLF+UDD3qHzJ2C3tMHOSiioVq033RO+ipzXapwQ4E4BS5zpIr923AlaL\/9WhCQy\/1Y1em3YZ3AdccyxO0gssoEPbElS149\/ac9HrbYG6d20TbbVB+VxK1L4MHmWOCcJMgpGO42vZ1KmHAZxDSlAli+HvMzpRsAMAC4AAQAABwgAnwABBwQAAAcIWSrzRVkhuCGY5AdibGRyZG9jA2dvdgBW5VUxo2FURuhTFYytwadnYHGDoScx7bGNWmJUvbniq24ec9+NK5A\/tqH7Lb1b3crN9Prt\/g\/MsebeMzTxodqie2+H6hdDZbplhskKnOEu5xRS1cUQfYmye\/wwniirGeCr1GVyInNfmb1RMzIVhXHumDFYR5pqMpRB66Ew29Kp48EGAAIAAQAABwgACwNnZWEEbmlzdMEOwQYAAgABAAAHCAAGA2JlYcGjwQYALgABAAAHCACfAAIHAgAABwhZKrf2WSF4GVyxB2JsZHJkb2MDZ292AIkzKBspRRKHjgld2iUJ6W8EI2\/ErlCgV4JOh1mMYrKJbPVKhaRdiPCnaxtYShzkiY056+AEL\/F04B\/Iv+WE6BOSfqWIKu831nLLehhatNc+0QoMG8piwdYZemWzDmmM\/mnqv45r3JwAgEQFHE9f4xPdbzXzBXCIN46nN8sxYcwUwdoALgABAAAHCACfAAIHAgAABwhZKrf2WSF4GZjkB2JsZHJkb2MDZ292AESJxFFnLylJJ50F\/EEyc6PhRchiACYL\/AlcnWeas5mQ0gG8Z\/ObR2D2qfguVUaT0TQMgn0akP1qC+VS8lFO0ft06e+8c5Y27dzgbK173tMxr5wtnClaCLjSQH8="}
00235{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":38,"source":"badpackets.pcap","alias":"nDPId-test","size":58,"expected":60,"global_ts_usec":1495451391978406}
00335{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451391978406,"packet_id":38,"source":"badpackets.pcap","alias":"nDPId-test","size":58,"expected":60,"global_ts_usec":1495451391978406}
00356{"packet_event_id":1,"packet_event_name":"packet","packet_id":38,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":58,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXc76ogADkRkB1F\/HitzLpQ5QA1x5kF4D53demEAAABAAUABgABE2NlZA=="}
00208{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":38,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":24,"global_ts_usec":1495451391978406}
00308{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451391978406,"packet_id":38,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":24,"global_ts_usec":1495451391978406}
00356{"packet_event_id":1,"packet_event_name":"packet","packet_id":38,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":58,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXc76ogADkRkB1F\/HitzLpQ5QA1x5kF4D53demEAAABAAUABgABE2NlZA=="}
00209{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":39,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":514,"global_ts_usec":1495451394042349}
00309{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":3,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451394042349,"packet_id":39,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":514,"global_ts_usec":1495451394042349}
01014{"packet_event_id":1,"packet_event_name":"packet","packet_id":39,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":548,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":548,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcVF0gADYRwvybxo5RzLpQ5QA1bA4Hyoducg+EEAABAAIABQARA3d3dwV1bmlvbgJpYwJhYwJ1awAAAQABwAwAAQABAAADhAAEm8YDk8AMAC4AAQAAA4QAnAABBQUAAAOEWTixhlkRIPO5jgJpYwJhYwJ1awAj5WoAxYCg\/KfcFTNasuFz9k8DHEEKP+G\/QcO+tlENP2jc3LgZ9uA3IooVGcjqo3IK1WfQBCEvktqfQAxH7Wa9Cf7eUtirbKINvr5+kMLn6FCrM9jd2dQe6Y6pYaAdpbMZ52VbSjqrMzklY\/zIDFORoxkTs1i+ORgrFMtdeV2yqMBSAAIAAQABUYAABgNuczLAUsBSAAIAAQABUYAABgNuczDAUsBSAAIAAQABUYAABgNuczHAUsBSAAIAAQABUYAAEwhhdXRoZG5zMQNjc3gDY2FtwFXAUgAuAAEAAVGAAJwAAgUDAAFRgFk3Fx9ZD4ShuY4CaWMCYWMCdWsAnce7m9M5vKhQqwhA2lgPqBNkvCE04UYgFElS0HI7a2i+uOQGzkCRUhlt88i15\/SW6pLNi7d1z4bwWT4IQO6zK9DN8onRZwE2U9p3OkmdXoT+m92MCVkssnEnbW4QP7TpPEflt6+tmQbWtQIhhbOmeIP69piuNsKdv\/4OLfIF3EjA+gABAAEAAVGAAASbxo5QwQwAAQABAAFRgAAEm8aOUcA="}
00209{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":40,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":639,"global_ts_usec":1495451408058099}
00309{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451408058099,"packet_id":40,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":639,"global_ts_usec":1495451408058099}
01191{"packet_event_id":1,"packet_event_name":"packet","packet_id":40,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":673,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":673,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFYAXcBHwgADoRZJhCxpE3zLpQ5QA1pnIIR2qM4CyEEAABAAIAAwANAjcwATIBNgMyMTYHaW4tYWRkcgRhcnBhAAAMAAHADAAFAAEAAVGAAAgCNzACNjTAD8A1AAwAAQABUYAACQN1cDIDY29tAMA4AAIAAQABUYAAGgptYXR0ZXJob3JuCXRlbGVnbG9iZQNuZXQAwDgAAgABAAFRgAAJBmNhc3RvcsBpwDgAAgABAAFRgAAJBnBvbGx1eMBpwIQAAQABAAACWAAEQsaRY8CEABwAAQAAAlgAECABBaANAP\/\/AAAAAELGkWPAmQABAAEAAAJYAARCxpE3wJkAHAABAAACWAAQIAEFoA0A\/\/8AAAAAQsaRN8BeAAEAAQAAAlgABELGkQzAXgAcAAEAAAJYABAgAQWgDQD\/\/wAAAABCxpEMwIQALgABAAACWAEhAAEIAwAAAlhZKqfXWSGE3G6hCXRlbGVnbG9iZQNuZXQADWaWQ2KrMpM7yQCKVCdUF8CZsd8UuOLGe\/axb+Ay\/NWTVA3Zr0BSUADykeduIEZBBfslszxBCLtWJjw97buDzEvoJ6dPQ\/smffR9A7PBcA8vGMrx\/vYm0nKDfYKiwKXB3cayT61ofU5\/+O4eZ8mK7zyDd4NVmMUuKwz6hilRNOPFveA0ak+EzWMNuCSyDupcNYAy\/eZHdtxUD44NujGkG9U7ybrsgbYRculPaexgOKxu6wIMeuCHPGoausWOdwgGMsZ\/9a+crtZbVDgOKg2GuqdNoxaZcaB8m2G+d85wvTgybkqjMIcDjiFy8SOVvk1UORjiSqP3gTvApy\/X3t7tXsCEAC4AAQAAAlgBIQAcCAMAAAJYWSoEmVkgM1xuoQl0ZWxlZw=="}
00209{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":41,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":534,"global_ts_usec":1495451408074500}
00309{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451408074500,"packet_id":41,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":534,"global_ts_usec":1495451408074500}
01050{"packet_event_id":1,"packet_event_name":"packet","packet_id":41,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":568,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":568,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFCAXcCjcgADcRYglCxpFjzLpQ5QA1WQYH3k5\/2RyEEAABAAIAAwAJCm1hdHRlcmhvcm4JdGVsZWdsb2JlA25ldAAAHAABwAwAHAABAAACWAAQIAEFoA0A\/\/8AAAAAQsaRDMAMAC4AAQAAAlgBIQAcCAMAAAJYWSXcEFkcPtxuoQl0ZWxlZ2xvYmUDbmV0ACggce0e+l82m6K57G\/nkzZgF7\/\/\/F9ux6leX5Gn+5inty7\/MjZNahMqNAHQwnC8vBMYfHHAF8hSb7c8eCks0+Dh+nnbeUe4XgsM66nTr32JW46kbrQR89HZRJDZQZWC+piGiT97i3CT+WNQCbre\/CDP9NS8AgJkNfbP354St0OVmQlQhiKyrHqR2Kpg6iWBtjVOGzxTy9IEtmWsVcJvOfaeM\/T5fFq43DPnnWT055vSvfug0FyuSqsrvs\/uahkjmn0wSqWV9DY2l5rG7j2q5sqVxLwtjtu+3l3ZdAyTFxyFLOsRGViZqTvNnralxPJSMhvNxRaX7xgtnifsOR1srwrAZAACAAEAAAJYAA0DbnMyBmFzNjQ1M8BuwGQAAgABAAACWAAGA25zMcGDwGQALgABAAACWAEhAAIIAgAAAlhZKlysWSGE3G6hCXRlbGVnbG9iZQNuZXQAbS4gA1OJVXiOfiH1NhqitGHP\/bRoUOiALgkqpRDu8skb9xITGwMgLUOh4ksNJOEiOZjsYKQKyAOJP7f\/bfAaIkXhYw=="}
00210{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":42,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1157,"global_ts_usec":1495451455633405}
00310{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451455633405,"packet_id":42,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1157,"global_ts_usec":1495451455633405}
01884{"packet_event_id":1,"packet_event_name":"packet","packet_id":42,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1191,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1191,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcW20gADURSGuMrBHtzLpQ5QA1MvoKTXoKXkiEEAABAAIABAANCmNvLW9wcy1ub3MBbARub2FhA2dvdgAAAQABwAwAAQABAAAAHgAEjFpO18AMAC4AAQAAAB4BHgABBQQAAAAeWSvzilkiuQrWCwFsBG5vYWEDZ292AEw02D+blunLpNdEFin1+qF0AsFQBP\/P93\/ArPYSgPaECAOIBBNrIQ+EUDGS\/sThqanuNHzZj1SVWA9CAzO98GFijUnpdSifTO4x9Qo3CG05zf3N\/s5fFZr1besYCBH9wyyidJjde0HfykraB9D+hG63vApNYAPtCvzquBjiCZq6MQB9mYwB30A9ZMk5CnTRaghcrAc+u1y4AVxKQ0y7ITcqyzwRmRPaDFzxHD6jH9BaBXDnRncsq\/RCjaVuVUM5zOySd85R0L1mEfj+F454c85g1Fzcbn5qsZOXLTMLqQ3FRWJkzSALdhO0DVc9mEVu5bmPyDDblEDXH\/N5epppDPHAVQACAAEAAVGAAAgFbnMtbnfAV8BVAAIAAQABUYAABwRucy1lwFfAVQACAAEAAVGAAAgFbnMtbXfAV8BVAC4AAQABUYABHgACBQMAAVGAWSvzilkiuQrWCwFsBG5vYWEDZ292AKWxpXpNJk\/yTBJP4lU5VttQSdOCPsApD58HTwd7AUzusozvULgo9tJJihlFAQhFSC\/z2qSmGIRA+D\/AEYhYbnkCSlby\/TZn6728QBrsfm\/eTvuVlRcio8ZoKvDceEQjlZ0XdE9\/8FAzxpv4JxMfu37r6Pqo\/kHGUh0O9dYKY5KQ4vRASr9A6ColBpM0Fp6jzxLZgQIgxecmhXKunw6oYe4uAJwPmAwuOtGafuBkrw3+iyL1IFpTT+ieoMjqzlQIJ34apHrtLI7Qpy3V3rCfrvrhFsQK3Blu25MTCVuij\/hrkBYBvavbW5oV1htZ0xgzg+x\/o5Nhl8E5Ss8ok5D\/IczBgQABAAEAAVGAAASMWiHtwYEAHAABAAFRgAAQJhAAIIAAjAAAAAAAAAACN8GUAAEAAQABUYAABIysEe3BlAAcAAEAAVGAABAmEAAgiACMAAAAAAAAAAI3wW0AAQABAAFRgAAEoTcgAsFtABwAAQABUYAAECYQACCMAIwAAAAAAAAAAALBgQAuAAEAAVGAARwAAQUDAAFRgFkri31ZIlD9PnMEbm9hYQNnb3YAHTxu3oTuiFuFiCLpTl\/MK89BN9JBGjfKVUZAF3gZCKhMwx34GFStLHWeXnyc0jpz6oB3UKoWYWqIzl5uLmkTVdATO05wGhRkXmoRFvqHJQ49RQ+pBTNvjvfsZjt4sxWFaBX6dcM71YC5bIV281hFIsnrSJ79QSihSBHieSy9t5YTGlF5LCJijNEWEHJYxDID1Mza+tXKdNXJWHbkQhQwRPJKGX91jqgFPlz4hmfje77PrtKaUJ8h5eApMH+gaNXsNFvzV3nB+6kGVXv2VWVXVPXI3XzMFa8CKHbYrFGd7LJ4f5PFB725JCBxTQ4KeEOuBE0WXVqE9VoK1uYoB4PAK8GBAC4AAQABUYAB"}
00209{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":43,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":234,"global_ts_usec":1495451467899946}
00309{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451467899946,"packet_id":43,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":234,"global_ts_usec":1495451467899946}
00638{"packet_event_id":1,"packet_event_name":"packet","packet_id":43,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":268,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":268,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcLicgAPMRVGeA54D7zLpQ5QA1cboMeow9trSEEAABAAIABgAVBmdzbGIwMgNubG0DbmloA2dvdgAAHAABwAwAHAABAAAOEAAQJgfyIAQfFAUAAAAAAAAAA8AMAC4AAQAADhAAnwAcBwQAAA4QWT\/Mx1kYPpsoHANubG0DbmloA2dvdgA8qDsghhg3NnlrIvnzqjoi2t8F9ueZTTrSfT36cTwMHvoAfuu6t8YRYeVd3+cOzU8zRktKFuhy8uB4+IQMr8Ww4Pznbu1iFnscMdfQImu1yTjxzcTFcCU7ST4qi8TAkxt4FjZaNJAfAflP93iMa9IgaD+Y6GcxRg=="}
00209{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":44,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":847,"global_ts_usec":1495451472365607}
00309{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451472365607,"packet_id":44,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":847,"global_ts_usec":1495451472365607}
01465{"packet_event_id":1,"packet_event_name":"packet","packet_id":44,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":881,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":881,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcaRtgAPMRqz3AUm\/FzLpQ5QA1j7gJF4rJ+8eEEAABAAEAAwATA3d3dwZ2ZXRtZWQHdWNkYXZpcwNlZHUAAAEAAcAMAAEAAQAAcIAABKntbQvAEAACAAEAAHCAAAoHZG5zLXR3b8AXwBAAAgABAABwgAAKB2Rucy1vbmXAF8AQAAIAAQAAcIAADAlkbnMtdGhyZWXAF8BaAAEAAQAAOEAABIB4\/AnAWgAcAAEAADhAABAmB\/gQA\/AAAQAAAAAAAAABwHAAAQABAAA4QAAEwFJvxcBwABwAAQAAOEAAECYH+BAD8AADAAAAAAAAAAPARAABAAEAADhAAASAePwKwEQAHAABAAA4QAAQJgf4EAPwAAIAAAAAAAAAAsBaAC4AAQAAOEAAnwABCAMAADhAWsOuUljib5UKvAd1Y2RhdmlzA2VkdQBgF1svDW8JHo\/wOWjspf2N0RNsbS6uvhUBxwA1KawlxeLdYB8S\/ocCl3N3ydK+qLDhjdhLtD+y1QSyja9HnvA54C1qS+Lx80TVJqHkovkt5MfwSVzvMBB5t04PnvWANS1PFZYcsrJm5+kOLUE3vmD+lmjD0I6VOosJcibl9MbFksBaAC4AAQAAOEAAnwABCAMAADhAWsOuUljib5Wtvgd1Y2RhdmlzA2VkdQCYpaPXPGLYHCsxPzngvxXQKvBhCD0A6imizrPpMhGtXepeyR9Bf1Hq+y94HWm5M11uIqfwyAqaIyqKs8Qi6HbUYBY06DPk9fSI4Jwmw8Ie7Sv5COEyuPyA0LUsNeOGgVsrsuoTICsUxBAEI0LIU+Gy7f\/+GxOZF6USDZ71RzrXhcBaAC4AAQAAOEAAnwAcCAMAADhAWsOToVjiVjwKvAd1Y2RhdmlzA2VkdQCAqNZBwMbzrMNkWZgH5Y0jgozm70jz7wlfuu\/EL\/mHQiFwdlsNK2doaPPqBOsfGm9gLXtCx5VeApk7UI9i\/jxHFrXqCpXnFbTD8mocsaTvCXobB8UPlnpxRae3uC1K3rMjuf5tobIXmI1J0b0pui+eV4qbOnmtYgtJ5dMhNi7KZcBaAC4AAQAAOEAAnwAcCAMAADhAWsOToVjiVjytvgd1Y2RhdmlzA2VkdQAgvphHwDdhho6Wd\/l05X2KAiP95GF5Y1\/Jt5Q="}
00209{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":45,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":847,"global_ts_usec":1495451472447578}
00309{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":3,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451472447578,"packet_id":45,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":847,"global_ts_usec":1495451472447578}
01465{"packet_event_id":1,"packet_event_name":"packet","packet_id":45,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":881,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":881,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcPAtgAPURieKAePwKzLpQ5QA1NjQJFwxygzCEEAABAAEAAwATA3d3dwZ2ZXRtZWQHdWNkYXZpcwNlZHUAAAEAAcAMAAEAAQAAcIAABKntbQvAEAACAAEAAHCAAAoHZG5zLW9uZcAXwBAAAgABAABwgAAMCWRucy10aHJlZcAXwBAAAgABAABwgAAKB2Rucy10d2\/AF8BEAAEAAQAAOEAABIB4\/AnARAAcAAEAADhAABAmB\/gQA\/AAAQAAAAAAAAABwFoAAQABAAA4QAAEwFJvxcBaABwAAQAAOEAAECYH+BAD8AADAAAAAAAAAAPAcgABAAEAADhAAASAePwKwHIAHAABAAA4QAAQJgf4EAPwAAIAAAAAAAAAAsBEAC4AAQAAOEAAnwABCAMAADhAWsOuUljib5UKvAd1Y2RhdmlzA2VkdQBgF1svDW8JHo\/wOWjspf2N0RNsbS6uvhUBxwA1KawlxeLdYB8S\/ocCl3N3ydK+qLDhjdhLtD+y1QSyja9HnvA54C1qS+Lx80TVJqHkovkt5MfwSVzvMBB5t04PnvWANS1PFZYcsrJm5+kOLUE3vmD+lmjD0I6VOosJcibl9MbFksBEAC4AAQAAOEAAnwABCAMAADhAWsOuUljib5Wtvgd1Y2RhdmlzA2VkdQCYpaPXPGLYHCsxPzngvxXQKvBhCD0A6imizrPpMhGtXepeyR9Bf1Hq+y94HWm5M11uIqfwyAqaIyqKs8Qi6HbUYBY06DPk9fSI4Jwmw8Ie7Sv5COEyuPyA0LUsNeOGgVsrsuoTICsUxBAEI0LIU+Gy7f\/+GxOZF6USDZ71RzrXhcBEAC4AAQAAOEAAnwAcCAMAADhAWsOToVjiVjwKvAd1Y2RhdmlzA2VkdQCAqNZBwMbzrMNkWZgH5Y0jgozm70jz7wlfuu\/EL\/mHQiFwdlsNK2doaPPqBOsfGm9gLXtCx5VeApk7UI9i\/jxHFrXqCpXnFbTD8mocsaTvCXobB8UPlnpxRae3uC1K3rMjuf5tobIXmI1J0b0pui+eV4qbOnmtYgtJ5dMhNi7KZcBEAC4AAQAAOEAAnwAcCAMAADhAWsOToVjiVjytvgd1Y2RhdmlzA2VkdQAgvphHwDdhho6Wd\/l05X2KAiP95GF5Y1\/Jt5Q="}
00209{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":46,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":264,"global_ts_usec":1495451502567716}
00309{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451502567716,"packet_id":46,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":264,"global_ts_usec":1495451502567716}
00684{"packet_event_id":1,"packet_event_name":"packet","packet_id":46,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":298,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":298,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcNasgADkRNoKili+uzLpQ5QA13pAG0FwHT9+EAAABAAYABgABCm15cmlhZC14Y3IDeGNyB2NvbWNhc3QDbmV0AAAwAAHADAAwAAEAAAA8AIgBAAMFAwEAAbCEE7E\/tK2nbtUQfpCepzR9frAaFkveZPoT70D7sMwOQ\/+xk54PDTVfx31QpdhWXZxF\/qABasrJ\/6LYfaZOmcQd4SE2DinBGMT4mCTb3tu0MWKWTlWYTQ08jmf+Gj4hy3cOj1CHK0wnSFV850\/91\/y71SWIEMLStLnWPdodVRCzwAwAMAABAAAAPAEIAQEDBQMBAAHEJufWP+5+U3MEy5wDHiagptJ60KZhTslmbiAZzWh\/R9+Ert+MpcHrkSaQsQ=="}
00209{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":47,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":824,"global_ts_usec":1495451558382420}
00309{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451558382420,"packet_id":47,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":824,"global_ts_usec":1495451558382420}
01432{"packet_event_id":1,"packet_event_name":"packet","packet_id":47,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":858,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":858,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcgwIgAO4RHAeGQ2QkzLpQ5QA1kV0JAMGOMPmEIAABAAgAAAABA2xiZANlcGEDZ292AAAwAAHADAAwAAEAAVGAAQgBAAMKAwEAAeFeeMF81JKKXyZ7m1fNWItdfwnHSJNneiWKkU4z2Dds6bAcMAU825F5fa9NfMMZJ1ofvKubnNMwvEGV7LA8h9brhYvQ10pMxj96kJZe+D2O7Ie\/U1L+VkQZ1frUDUuaBBXlpisapE85PJvpkCTjRzTK5qfC1E6SFDqWtZU3beWTOHPdeWuk+L65g0ywzAgTHi3bTkvxCU0YMUSrmM\/ucRJhZSp2Bnnu9e5m0wWVcQN8RCwwKM4581XZ86AZEsMcNMn4lgfGbO+ePZEUKN4jO3xsvTDL8VCk4S6VztoVAr8CEESKK9QNE1uUtDhbA9peZVictCS6cvQdOaTSDVAe2XvADAAwAAEAAVGAAQgBAAMKAwEAAd4Ik\/y5u\/4IGOhG4VVn7buHGb4ZWWngeCtt0OswAlaKe7FLhQgiGIJppBUZzlluNA5O2z8uFn\/6vWcjc1APkIM8gTsexgXG323L+zrIDzJcesj+XxBGl3maMZApgnsAZwFPAXNwNwEd01ugaQCevUjlvvpmQcMCgMv\/o5tuAiZQn6osfIl+95UJAH0ZoIKJkmeWYoGfMFLJeDZVa92beqMioYSqa5qhiSFtNLMmVkEyO4srbnaIMRv2nTboTEx5uIQZAKEhoQiXCLMvnBvEdR4Bmlz2s25A5KJRfNyhRIPY5lTpaPW6s2MAdi6wQOi\/tq2vQucnMXojmyYDizNjnxHADAAwAAEAAVGAAQgBAQMKAwEAAcIMnmfbk6YNzYUpG7ynL2OsKhTqhlCotZUrmruLmEWBoYibBwJ4CPXSrMDYIOj2\/UHdAWHfr3HEPagX8To21t8Hq8NRY8e+GloeYTuhJFOva2ivoXj\/E4V0VfeJJVuHTY0LKwyYoTcgGJU9hLfK7JOaOq3a80oNHJ9v5iaJ8Vvi5adW1QquXLQWZtNjVOho8xmeZ\/bqiUmkgaDPOoSlyAdf9GkOJkfVzTpRgahyLRTLJYP1dcShPIBW\/gBn0naElasEgYAZ62erTyMj+Dj+McLObt+enoOo"}
00209{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":48,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":248,"global_ts_usec":1495451574398672}
00309{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451574398672,"packet_id":48,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":248,"global_ts_usec":1495451574398672}
00657{"packet_event_id":1,"packet_event_name":"packet","packet_id":48,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":282,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcvxEgADcRsUa4rRdszLpQ5QA1oygGwFz7eMKEEAABAAQAAAABDWp1ZGljaWFsd2F0Y2gDb3JnAAAwAAHADAAwAAEAAA4QAQgBAAMHAwEAAdl6vxiL++F\/pjIKqj9e7RaBV5rwA3o9DNcv0h4HQ93WZJ+2YrrhIVTBghHPFs+8FEN7Xdx2djyC1pjSprgXQ2HeWbJZy1rO2CCoH12hxAbUEQnPy1BYYsMpATL7FFzDIup6CYAV7Is7xTwPl\/Wm5B0cxltQlAHAlLMQiylRrZup5SRgZQGoi1q7dsIP6kgvfOSmZGIwr5OxtBC\/RzC+7OcNnmbexBAx\/ujQjwn1ITH0JeAIU+9jiKC+"}
00209{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":49,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":112,"global_ts_usec":1495451582606401}
00309{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451582606401,"packet_id":49,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":112,"global_ts_usec":1495451582606401}
00474{"packet_event_id":1,"packet_event_name":"packet","packet_id":49,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":146,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXceY4gADMRzHRRW60TzLpQ5QA1plQGOJZ\/AaiEEAABAAIABAAJCGdyZG5zLWRlBWRlbmljAmRlAAABAAHADAABAAEAAA4QAARRW6FQwAwALgABAAAOEADcAAEIAwAADhBZNR2QWSKokGYrBWRlbmljAmRlAJfVO1vdsL8bdrClwW8="}
00208{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":50,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":97,"global_ts_usec":1495451603049667}
00308{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451603049667,"packet_id":50,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":97,"global_ts_usec":1495451603049667}
00454{"packet_event_id":1,"packet_event_name":"packet","packet_id":50,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":131,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":131,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXc\/D8gADMRuiiBBg0DzLpQ5QA1arUGKRUJU+aEEAABAAEAAgANAzEwMgE0AzE2MwMxMzIHSU4tQUREUgRBUlBBAAAMAAHADAAMAAEAAAcIAB0GdGltZS1iCHRpbWVmcmVxB2JsZHJkb2MDZ292AMASAAI="}
00209{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":51,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":280,"global_ts_usec":1495451611805112}
00309{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451611805112,"packet_id":51,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":280,"global_ts_usec":1495451611805112}
00699{"packet_event_id":1,"packet_event_name":"packet","packet_id":51,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":314,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcDxkgADkRXROili+vzLpQ5QA1TDYG4IL0xMOEAAABAAYABgABDmxpbmVhci10dmUtcGlsA3RvcAdjb21jYXN0A25ldAAAMAABwAwAMAABAAAAPACIAQADBQMBAAG7xRiYkSu1FrneRCH6ntrsauJWLw6fk1RtMzYYwMb16Knn1SeDLbMj6jRuPHc\/N9CDpNHKBwY7D8GGYJHtQOlY1BRgtvcl2XG\/z4KT5bOP8sBaXSr1Q60QyLTjEldwC8Hcrwfq0nlgSqdeedPWUZEiInPjf0m6Q0yG3lTY3p3jMcAMADAAAQAAADwBCAEBAwUDAQABl4a8UCzCZt5CAPJ1+RL9MCCZmtygIfM+1EkpxZWzKFW6hTlX1fvx29DxB35W993mMAjv0961og8="}
00209{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":52,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":728,"global_ts_usec":1495451613183104}
00309{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":3,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451613183104,"packet_id":52,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":728,"global_ts_usec":1495451613183104}
01303{"packet_event_id":1,"packet_event_name":"packet","packet_id":52,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":762,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":762,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"eLr5aHlnxDRrta3ICABFAAXccLkgAEAR7frMulDlQpiWJQA17AcIoOzEWyCBoAABAAMABAANBnRpbWUtYQRuaXN0A2dvdgAAAQABwAwAAQABAAALHAAEgQYPHMAMAC4AAQAACxwAnAABBwMAAAcIWSp7HVkhN25NKgRuaXN0A2dvdgCGDxP8mtTYURB\/z7B7zxG9M2cDPFjwCkCpyC8hiadTCV1wXBnQsMkH14gORQid9hZZkwqvAJKxlHHGFpFXs3GK70k31UcnglQglR+Jb8PvkvYMpqGZLiMdOZ+8aMQzLgN424FbMJ7np\/GSsY0NKbDsZWUKs5FEyvfl5LyBAXKP1cAMAC4AAQAACxwAnAABBwMAAAcIWSp7HVkhN25p9QRuaXN0A2dvdgCYOPJp1LyXHjTZERVC1mhE\/fFAgBPnHg5CzHCfHFW\/kHrSlPUKJrKTtWO2J6nhnsslWGL7StwY\/Ds0w3d1K1BK2EXHmf7JoxCpUcbjrJzE2AWNOuFyYMsitmrbg7hKpTz5YORW9N+9SgnPiRBdVePJPZ0ZX+5rKPwGXiVkzOvJt8ATAAIAAQAAAIYABgNnZWHAE8ATAAIAAQAAAIYABgNiZWHAE8ATAC4AAQAAAIYAnAACBwIAAAcIWSpvIFkhMlpNKgRuaXN0A2dvdgB\/AugCl6Rz+sTdMBLd\/b9WzbTmwtSJRElGSiFaNkIXGL85DwZ8CN5XIraessCeREIcUwZxVSCZqTN+jQfSqvs0RCCsELGmZy1\/6te8q\/BHGZ6r5Yfp\/FixyK0YEzCx9kE6yxKwCHgAiZ9RYjXpdk7jwKD9iHCh9psgrmi4EqWisMATAC4AAQAAAIYAnAACBwIAAAcIWSpvIFkhMlpp9QRuaXN0A2dvdgClTY7jIx2EAO1rRXMS+rZG5e8+PelDpKXOMRzGWIjrQbBJVXqIaZDLeBgBTWgx3tBkiLlUy1bOdR3MF5sPTTggHRJuEc8rRcMhHY6s0g2zr9CNylE8o5Mcs+HT"}
00209{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":53,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":474,"global_ts_usec":1495451617290525}
00309{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":4,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451617290525,"packet_id":53,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":474,"global_ts_usec":1495451617290525}
00960{"packet_event_id":1,"packet_event_name":"packet","packet_id":53,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":508,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":508,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcdRkgAPQRTW+A50ABzLpQ5QA17tYHop3j4riEEAABAAIABQANBnN0YXRpYwZwdWJtZWQDZ292AAABAAHADAAFAAEAAVGAAB0JcHVibWVkZ292A3dpcARuY2JpA25sbQNuaWjAGsAMAC4AAQABUYABHgAFBwMAAVGAWr+PY1jk82PoEAZwdWJtZWQDZ292AJu6kQSEhR8egq7iff9kNvnUi3EB8Cqxahn7\/xnKCblnIeeP205Pcfvq58wdpFd4t2tLrbNoUdrfjjrIvtJTNm8AczdH8VxTTwKlZ544pPbKqSowUHJH8kt1BYbS08C6W\/koWBsjtLuk2wwJn3Xv1EHHGFTmeMXVa9Ykgp+szm4UYdPEnokSrW0ySALEqeqR1T8NYKCXtsBVthVcDs6IE2iJWsUHfJN\/ND5yD6NryHs5EYO0a5uiDSFdbl2a1e3U2IiqRcHf12Yi7nNig+en76ODdO7CGdj4XsXz8AYWndn30mHl316TfYk9Tr8TfkagYqHqYLV3kzp8Pim2wy5nSI7AOQACAAEAABwgAAkGZ3NsYjAxwELAOQACAAEAABwgAAkGZ3NsYjAywELAOQACAAEAABwgAAkGZ3NsYjAzwELAOQArAAEAAVGAABiP2QcBjJqKhZbbxHR4uEOouQ=="}
00209{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":54,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":704,"global_ts_usec":1495451617292283}
00309{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":5,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451617292283,"packet_id":54,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":704,"global_ts_usec":1495451617292283}
01277{"packet_event_id":1,"packet_event_name":"packet","packet_id":54,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":738,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":738,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXccB0gAPMREnGA54D7zLpQ5QA1qyQOUPvPZ1uEEAABAAIABgATCWRuczEtbmNiaQRuY2JpA25sbQNuaWgDZ292AAABAAHADAABAAEAAVGAAASCDh0fwAwALgABAAFRgAEkAAEHBQABUYBaAL7qWRNw6s2+BG5jYmkDbmxtA25paANnb3YAqynlZlaIB4Smw1gmrgrhShXsg+fKpc9IVq+H0d8Wqe8ehWyuxMN5VtfcEaLC+EeL8bzU4KuotzpGoDCkxCZdXFHPVKuaX1nzyQKnX1ljBf8NzdObkudu7m5LKsZKBwHSNYuTy0jN791rNwOkeHjeiejuoDZvEfDwRbyO1nFBJ6h8isnkI\/0kQNd0201HZH6RGOQ2KqsqoOWUQCZawvaoql571eZD0z3ieQ\/7FwpiQ9vz\/VUXzC+SYsOOT1yPoZ8c6dYCXQY8gwTNOCDqJaGJMkzo17QL1DHP4vbFEiU+nL7o8yPZTSu\/e0+\/Z3T7PU000lQYL9r0d4LlePbetu84y8BaAAIAAQAADhAAAsAMwFoAAgABAAAOEAAGA25zM8BjwFoAAgABAAAOEAAGA25zMsBjwFoAAgABAAAOEAAFAm5zwGPAWgACAAEAAA4QAAwJZG5zMi1uY2JpwFrAWgAuAAEAAA4QASQAAgcEAAAOEFoAvupZE3Dqzb4EbmNiaQNubG0DbmloA2dvdgA+EebMkCne2CNH9\/msBB1ttxS45FhdXCD5iR18dVqPuT200zDdV4BFS01NU4MYeoc3XDyOxIWfU7WKy5Zs94YsWp3mz1cDLKuZG3MK\/hBxOol\/fcuIoTQU9\/sEzYKep6XHZu6d5e\/CGkcUh2Vks9\/pyJ\/t2s2KBguZm2e\/qZ1Ezxt4cEtu9kc0sswh6yWPsWme\/zxCgcrwhF4ZRmacvc+rMVf\/a\/AghKUmUTfCHDsCeW2IcVFuIY0PYQvO0ixv6F67"}
00209{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":55,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":319,"global_ts_usec":1495451618089828}
00309{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":6,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451618089828,"packet_id":55,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":319,"global_ts_usec":1495451618089828}
00753{"packet_event_id":1,"packet_event_name":"packet","packet_id":55,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":353,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":353,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcvUsgADcR9T6JyAQfzLpQ5QA1fIMHB7MjfFCEEAABAAIABQAPBGRuczEDc3NhA2dvdgAAAQABwAwAAQABAAAAPAAEicgrCMAMAC4AAQAAADwAmwABBwMAAAA8WUE2n1kZn1cHPQNzc2EDZ292AC5156k1jArAQVGBahVpB6i1h\/fLJ3i\/HJY8GxrDrwsXIly+1WH6d7kRKc6lk\/uZf0+AmaTOUahspZVRqb7TH6GrbnsyXZmTfc3Kzu2iCB1GZM+ThGuuBfTJP\/RUgJK9tEeQ4pfMuSB5LQOaizURDpM8RAEaHBNs8UiaB2wYxjm8wEwAAgABAACMoAAHBGRuczbATMBMAAIAAQAAjKAAAsAMwEwAAgABAACMoAAHBGRuczLATMBMAAIAAQAAjKAABwRkbnM1wEzATAAuAAEAAIygAJsAAgcCAACMoFlBLTxZGZ8="}
00209{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":56,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":327,"global_ts_usec":1495451619519744}
00309{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":7,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451619519744,"packet_id":56,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":327,"global_ts_usec":1495451619519744}
00765{"packet_event_id":1,"packet_event_name":"packet","packet_id":56,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":361,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":361,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcsBcgADIR1CChNyACzLpQ5QA1FUYM12ePIm2EEAABAAYABAANA21hZwRuY2VwBG5vYWEDZ292AAABAAHADAAFAAEAAAEsAAsDbWFnBGNwcmvAEMAMAC4AAQAAASwBIQAFBQQAAAEsWSuLaVkiUOlQZARuY2VwBG5vYWEDZ292ADcGQyBFP4D+oljdb2+uDa9\/19GSwvR6WriPq+5z0bu\/0ZaU\/D8IQsmXY34oOVHWkzG6MucH8ZmcfTOJDErUlSNSiRzFT51PBmw6nGKnxTSwXkETkX04Oo9QP2yzVDt5BovyB6C9tXHehSkdYBFKv3dkwzGxANJxhe+yFBxgwF9UCs8+cZEJOlz8tn056cIu0n8cLm0Luw3FG\/hQGfvItzUlOxBl1A60sdiGmy6QUdNCXAcNU0yZ9pOPKxcCxUBH4IhMSpEnUlvPR6QJH5nmfUQe2XEJKZYxCw=="}
00209{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":57,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":467,"global_ts_usec":1495451619545973}
00309{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":8,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451619545973,"packet_id":57,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":467,"global_ts_usec":1495451619545973}
00953{"packet_event_id":1,"packet_event_name":"packet","packet_id":57,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":501,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":501,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcs+sgADgR3T6MWiHtzLpQ5QA1+sANYy2s8YiEEAABAA8ABAANA3d3dwNuaGMEbm9hYQNnb3YAAAEAAcAMAAUAAQAAASwADwhlZGdlLW53cwN3b2PAFMAMAC4AAQAAASwBIAAFBQQAAAEsWSuLeVkiUPkyEANuaGMEbm9hYQNnb3YAmdicnE8euFUxTHUXfeUJmy6UvdRd01G3Waurvp4SxZ2PJZgNPzjjITBMLV6ecU4\/JueThrSlKZCbDqf7PO1nwK30oVaMXimjEp\/WM+cq2lYinJ+rRAUpOFrU1\/PMoKmi\/NA9YhzR1i84ntUn6pU7gPRsC1l0stlJvmpn5vPK2SEpb2eW0Gowmg8iUnJq32XYuUvIED4TSMnVkgyeOVQyRuntLmYEqOLIN1Y4bfKDTdnt4ooZOC4nZltsnzRyIjkMnu6GUtEuSBRaXw7\/LMILqzp94rUYZ+A0FpoK\/AokSahDQC+1b+t0iMHL6XYsjM4sNHxXO6pg\/DJfgn7ZWUE0hMAuAAUAAQAAASwADAdlZGdlLXAxAWzAX8AuAC4AAQAAASwBIAAFBQQAAAEsWSuLyFkiUUi\/jgN3b2MEbm9hYQNnb3YAkE66gKhT1JcM2kgWKvIXOPPjjmHF901em1sV2mJv"}
00235{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":58,"source":"badpackets.pcap","alias":"nDPId-test","size":44,"expected":60,"global_ts_usec":1495451620149557}
00335{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"threshold_n":9,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451620149557,"packet_id":58,"source":"badpackets.pcap","alias":"nDPId-test","size":44,"expected":60,"global_ts_usec":1495451620149557}
00335{"packet_event_id":1,"packet_event_name":"packet","packet_id":58,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":44,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":44,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcs+4gADgR3TuMWiHtzLpQ5QA16sALmpGgy8o="}
00208{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":58,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":10,"global_ts_usec":1495451620149557}
00309{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":10,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451620149557,"packet_id":58,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":10,"global_ts_usec":1495451620149557}
00335{"packet_event_id":1,"packet_event_name":"packet","packet_id":58,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":44,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":44,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcs+4gADgR3TuMWiHtzLpQ5QA16sALmpGgy8o="}
00235{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":59,"source":"badpackets.pcap","alias":"nDPId-test","size":43,"expected":60,"global_ts_usec":1495451620868987}
00336{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"threshold_n":11,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451620868987,"packet_id":59,"source":"badpackets.pcap","alias":"nDPId-test","size":43,"expected":60,"global_ts_usec":1495451620868987}
00336{"packet_event_id":1,"packet_event_name":"packet","packet_id":59,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":43,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":43,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcs\/AgADgR3TmMWiHtzLpQ5QA1Jh0F0T0AFA=="}
00207{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":59,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":9,"global_ts_usec":1495451620868987}
00308{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":12,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451620868987,"packet_id":59,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":9,"global_ts_usec":1495451620868987}
00336{"packet_event_id":1,"packet_event_name":"packet","packet_id":59,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":43,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":43,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcs\/AgADgR3TmMWiHtzLpQ5QA1Jh0F0T0AFA=="}
00557{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":60,"source":"badpackets.pcap","alias":"nDPId-test","packets-captured":60,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":135,"global_ts_usec":1495451632004127}
00209{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":60,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":602,"global_ts_usec":1495451632004127}
00557{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":60,"source":"badpackets.pcap","alias":"nDPId-test","packets-captured":60,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":125,"global_ts_usec":1495451632004127}
00309{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451632004127,"packet_id":60,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":602,"global_ts_usec":1495451632004127}
01134{"packet_event_id":1,"packet_event_name":"packet","packet_id":60,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":636,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":636,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcsh4gADYR8CWCDh0fzLpQ5QA1H4MIImMAvk+EEAABAAIABgAJBG5jYmkDbmxtA25paANnb3YAAAEAAcAMAAEAAQABUYAABIIOHW7ADAAuAAEAAVGAASQAAQcEAAFRgFoAvupZE3Dqzb4EbmNiaQNubG0DbmloA2dvdgAkf1HSoxN8AcwUdKY7WYciGx3geHak0EvSutU7odDo4dq+NlD8O\/xERFOOtnm1OnbmotJrAyzkKRKq2LhHEAKnpnQ\/7o4BV5VPHkuyi+TApDKVmXneUpTyPtHjKhT2CXt\/fyExp+B7ruJjC+Pcr5ZslqwQv1r1rPCkU5Mhz4yMR3BggA0Hh5V6YsPB3ZKTiKS\/eiA5iAmjeNxUPq28qT0hVjLTG5jO15eNmG2vPLSE3IUKr1s52HiMixNOjA9zTiA\/KJ+hR8CkVUQekEXmvwf9VBsUpBGDeS2mGNHxD+rzAlEWmLXNCGAh5Oui3uYYiuNNDR79YStEu6BCY8ZmkvsqwFAAAgABAAAOEAAMCWRuczEtbmNiacBQwFAAAgABAAAOEAAGA25zM8BZwFAAAgABAAAOEAAMCWRuczItbmNiacBQwFAAAgABAAAOEAAFAm5zwFnAUAACAAEAAA4QAAYDbnMywFnAUAAuAAEAAA4QASQAAgcEAAAOEFoAvupZE3Dqzb4EbmNiaQNubG0DbmloA2dvdgA+EebMkCne2CNH9\/msBB1ttxS45FhdXCD5iR18dVqPuT200zDdV4BFS01NU4MYeoc3XDyOxIWfU7WKy5Zs94YsWp3mz1cDLKuZG3MK\/hBxOol\/fcuIoTQU9\/sE"}
00209{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":61,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":231,"global_ts_usec":1495451636457182}
00309{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451636457182,"packet_id":61,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":231,"global_ts_usec":1495451636457182}
00636{"packet_event_id":1,"packet_event_name":"packet","packet_id":61,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":265,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":265,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcg4sgAOcRN5mDTlH+zLpQ5QA179EGr6+UudOFkwABAAAADAABCk5PU1MyUFJPNTICYWQDZGxhA21pbAAAAQABwBoABgABAAACJAAtCGVhZ2xlaWIxwBcLcmFuZHkuc21pdGjAGneyKSsAACowAAAEOAAJOoAAAAOEwBoALgABAAACJACbAAYIAgAAA4RZL+jmWSKr1jYkA2RsYQNtaWwAQ+NjrNptV+b2\/CTqZKH2biSP27tkOWTGq2KCUhlOH9E41MLSOk2lCYL6smDX5fmm1zJuobp2dyrUo+9Imrd8bXDxUMgbvMl\/t\/ob2CKRj1UwIaYHEuWwqw=="}
00209{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":62,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":241,"global_ts_usec":1495451636679021}
00309{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":3,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451636679021,"packet_id":62,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":241,"global_ts_usec":1495451636679021}
00647{"packet_event_id":1,"packet_event_name":"packet","packet_id":62,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":275,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcRyUgAOcRc\/+DTlH+zLpQ5QA1lCQGuTGo9n2FkwABAAAADAABCk5PU1MyUFJPNTIEdXNlNgJhZANkbGEDbWlsAAABAAHAHwAGAAEAAAGdAC0IZWFnbGVpYjHAHAtyYW5keS5zbWl0aMAfd7IpKwAAKjAAAAQ4AAk6gAAAA4TAHwAuAAEAAAGdAJsABggCAAADhFkv6OZZIqvWNiQDZGxhA21pbABD42Os2m1X5vb8JOpkofZuJI\/bu2Q5ZMarYoJSGU4f0TjUwtI6TaUJgvqyYNfl+abXMm6hunZ3KtSj70iat3xtcPFQyBu8yX+3+hvYIpGPVTAhpgcS5bCrcsRzkWs="}
00209{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":63,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":240,"global_ts_usec":1495451636862163}
00309{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":4,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451636862163,"packet_id":63,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":240,"global_ts_usec":1495451636862163}
00647{"packet_event_id":1,"packet_event_name":"packet","packet_id":63,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":274,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXc1mwgAOcR5LeDTlH+zLpQ5QA1mK0GuOHsaJmFkwABAAAADAABCk5PU1MyUFJPNTIDZXRuA2RsYQNtaWwAAAEAAcAbAAYAAQAAAo4AMAhlYWdsZWliMQJhZMAbC3JhbmR5LnNtaXRowBt3sikrAAAqMAAABDgACTqAAAADhMAbAC4AAQAAAo4AmwAGCAIAAAOEWS\/o5lkiq9Y2JANkbGEDbWlsAEPjY6zabVfm9vwk6mSh9m4kj9u7ZDlkxqtiglIZTh\/RONTC0jpNpQmC+rJg1+X5ptcybqG6dncq1KPvSJq3fG1w8VDIG7zJf7f6G9gikY9VMCGmBxLlsKtyxHORaw=="}
00209{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":64,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":486,"global_ts_usec":1495451661043614}
00309{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451661043614,"packet_id":64,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":486,"global_ts_usec":1495451661043614}
00976{"packet_event_id":1,"packet_event_name":"packet","packet_id":64,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":520,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":520,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAV8MiEgADMR67bAa2aOzLpQ5QA1kJIHTuawQK+EEAABAAIABQAPBXByZXNzBmJhbXBmYQhiZXJrZWxleQNlZHUAAAEAAcAMAAEAAQAAKjAABEWjkf3ADAAuAAEAACowAKcAAQoEAAAqMFkmu3pZIXKW\/GIGYmFtcGZhCGJlcmtlbGV5A2VkdQDYr4iiKwGHUj8t5HsllLRdCw51+RuHgmXTVi3BKZp2SlHKwPPE5NDgykdlf2nh09MKoRsS4ZQ6K+HtO0Fgl3XDsVj0e38hlFZSyxT3UsVtxM+no9NBzelbSMqdsdKPMBXZBU6WN68SPUB0Mpo5EB0ERXosqZrbp40B7OEuBwhJTsBZAAIAAQAAKjAACQZhb2RuczLAYMBZAAIAAQAAKjAACAVhZG5zMsBgwFkAAgABAAAqMAAJBmFvZG5zMcBgwFkAAgABAAAqMAAIBWFkbnMxwGDAWQAuAAEAACowAKcAAgoDAAAqMFkn98ZZIq5X\/GIGYmFtcGZhCGJlcmtlbGV5A2VkdQAn0OdhYPVBP+po1b2zTtthnlvR+AwkjgERoFRV1d81BBycm1q7rnJTejDubWCC+fexo8tBaiAWuF7QlClYFOJSAmzwtfgGPOICDtid\/wne+kDmwXvgLbwXYX5lBPAt0LIXRb3dGGBe+RGHeQ=="}
00209{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":65,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":238,"global_ts_usec":1495451685924265}
00309{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451685924265,"packet_id":65,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":238,"global_ts_usec":1495451685924265}
00642{"packet_event_id":1,"packet_event_name":"packet","packet_id":65,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":272,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcdQIgAOcRRiKDTlH+zLpQ5QA12ScGtpz7Az2FkwABAAAADAABDG5jYjFzZHYwMDkwMQJhZANkbGEDbWlsAAABAAHAHAAGAAEAAAHJAC0IZWFnbGVpYjHAGQtyYW5keS5zbWl0aMAcd7IpKwAAKjAAAAQ4AAk6gAAAA4TAHAAuAAEAAAHJAJsABggCAAADhFkv6OZZIqvWNiQDZGxhA21pbABD42Os2m1X5vb8JOpkofZuJI\/bu2Q5ZMarYoJSGU4f0TjUwtI6TaUJgvqyYNfl+abXMm6hunZ3KtSj70iat3xtcPFQyBu8yX+3+hvYIpGPVTAhpgcS5bCrcsRzkWs="}
00208{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":66,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":95,"global_ts_usec":1495451704377782}
00308{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451704377782,"packet_id":66,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":95,"global_ts_usec":1495451704377782}
00451{"packet_event_id":1,"packet_event_name":"packet","packet_id":66,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":129,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":129,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcLFogADcR72\/BRGNjzLpQ5QA16EkGJwo+kYmEEAABAAUAAAABAmJnAAAwAAHADAAwAAEAAA4QAIgBAAMFAwEAAatvnBmra+7zeBm9l13suknlkqymM+dxrFdopER\/atXEXpeKon1lB9rWXtPTizfX"}
00209{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":67,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":261,"global_ts_usec":1495451720070227}
00309{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451720070227,"packet_id":67,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":261,"global_ts_usec":1495451720070227}
00674{"packet_event_id":1,"packet_event_name":"packet","packet_id":67,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":295,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":295,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcf7QgAOQRIpPOJiMDzLpQ5QA1bBYGzcCiF4OFkwABAAAADAABBmlzYXRhcARkYWFzA2RsYQNtaWwAAAEAAcATAAYAAQAAADAAMAhlYWdsZWliMQJhZMAYC3JhbmR5LnNtaXRowBgBMZuVAAAAtAAAABIACTqAAAADhMATAC4AAQAAADAAoAAGCAMAAAC0WS8rbVkh7l0xhgRkYWFzA2RsYQNtaWwAX2YDHFGs++P6KY5jyOnyDe0uBmvRjeLNiVar29Ll1723S4vXnuSWhUWFZRQdEVXqxkbd6V+XrLkpWPckh1R4zgV9PWSNZ8HZUjMZhQWPWXpppn2CEeN7b88KhZ27nzVXi+\/73NKvN1wXzYqVmw0ROQ=="}
00209{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":68,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":855,"global_ts_usec":1495451745785541}
00309{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451745785541,"packet_id":68,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":855,"global_ts_usec":1495451745785541}
01476{"packet_event_id":1,"packet_event_name":"packet","packet_id":68,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":889,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":889,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcuAIgADYRFDWAx\/RyzLpQ5QA1xd4JH1hTgneEEAABAAIABgALCGNvbnRlbnQ0CG5vdm9wb3JuA2NvbQAAAQABwAwAAQABAAAOEAAExgc9H8AMAC4AAQAADhABIAABBwMAAA4QcNvYgFkGc0W0+Ahub3ZvcG9ybgNjb20AlewZozFU2n96aVRqxQUtXjawCyGgM6B0TzRF56i4jQojMtEEU5RHV2P7Vi\/giydID14A4YyUQ85+uCYlFI0DOCtWk0z5XmpprtC9X+\/T1\/r4JD0uPBpyimV4NZ7fwQxxt5\/3s2rlf4r73xWZZ+3IUuJ2vwbncpUyzu1TuFq+36Vdmu0LH4Wzte\/E0y2pkf37K2RBRQ7Nn\/d+Xj6t5ggL4KWxhT3Q0vSCylzZfyLrz2NK8Qb9WKZPaGXKWrHYVjLVERNJemNdvrQWUyPUJZC8YuSGBgJRiBu7nGJd9NUwi+LJQ8nOWu\/g3XZWYEgJTSqnXRaYhwfpdJtUS4EbhA6YOcBVAAIAAQAADhAADANuczMFZnd3Z2\/AXsBVAAIAAQAADhAABgNuczLBc8BVAAIAAQAADhAABgNuczXBc8BVAAIAAQAADhAABgNuczHBc8BVAAIAAQAADhAABgNuczTBc8BVAC4AAQAADhABIAACBwIAAA4QcNvYgFkGc0W0+Ahub3ZvcG9ybgNjb20AcFsxOk+TskskfmYioP9UewSZSL9WmuTUot1PfZFKaiFZLalRXKlbejn1Bpls9bVGMNJ8VYVUfoGcuesziAD8mlHukbkBjCvqsQLQJlUn18HhsM8Un6BUiQsAyEQsQp5HXtsXSzUuW2h7pa5HvFt51KDRqdLdfTwvCR7QFOYApeIeE7jGd14b6fcFUUntTWakr8Diay1Cx6MEqchNtPP8y5WWowh4rqtf9abZ6MihUGhOYq4GAOz7667QkstI2cH0PhPu2Q\/5ONAvjTiLfKSfgeeGC8VSswFyq2aFb6HIlVmYOK1XmDe3BmP7FLuXhq9PlJ6aBBY41kBThidqiIzU58GrAAEAAQAADhAABGjskh7BhwABAAEAAA4QAATAYM65wW8AAQABAAAOEAAEJTBzbsG9AAEAAQAADhAABC6l7FHBmQABAAEAAA4QAASAx\/RywasALgABAAAOEAEdAAEHAw=="}
00209{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":69,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":728,"global_ts_usec":1495451748818219}
00309{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451748818219,"packet_id":69,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":728,"global_ts_usec":1495451748818219}
01303{"packet_event_id":1,"packet_event_name":"packet","packet_id":69,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":762,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":762,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcFmEgADMRoAeBBg0DzLpQ5QA14pUIoA41h4GEEAABAAMABAANBnRpbWUtYQRuaXN0A2dvdgAAAQABwAwAAQABAAAHCAAEgQYPHMAMAC4AAQAABwgAnAABBwMAAAcIWSp7HVkhN25NKgRuaXN0A2dvdgCGDxP8mtTYURB\/z7B7zxG9M2cDPFjwCkCpyC8hiadTCV1wXBnQsMkH14gORQid9hZZkwqvAJKxlHHGFpFXs3GK70k31UcnglQglR+Jb8PvkvYMpqGZLiMdOZ+8aMQzLgN424FbMJ7np\/GSsY0NKbDsZWUKs5FEyvfl5LyBAXKP1cAMAC4AAQAABwgAnAABBwMAAAcIWSp7HVkhN25p9QRuaXN0A2dvdgCYOPJp1LyXHjTZERVC1mhE\/fFAgBPnHg5CzHCfHFW\/kHrSlPUKJrKTtWO2J6nhnsslWGL7StwY\/Ds0w3d1K1BK2EXHmf7JoxCpUcbjrJzE2AWNOuFyYMsitmrbg7hKpTz5YORW9N+9SgnPiRBdVePJPZ0ZX+5rKPwGXiVkzOvJt8D3AAIAAQAABwgABgNnZWHA98D3AAIAAQAABwgABgNiZWHA98D3AC4AAQAABwgAnAACBwIAAAcIWSpvIFkhMlpNKgRuaXN0A2dvdgB\/AugCl6Rz+sTdMBLd\/b9WzbTmwtSJRElGSiFaNkIXGL85DwZ8CN5XIraessCeREIcUwZxVSCZqTN+jQfSqvs0RCCsELGmZy1\/6te8q\/BHGZ6r5Yfp\/FixyK0YEzCx9kE6yxKwCHgAiZ9RYjXpdk7jwKD9iHCh9psgrmi4EqWisMHDAC4AAQAABwgAnAACBwIAAAcIWSpvIFkhMlpp9QRuaXN0A2dvdgClTY7jIx2EAO1rRXMS+rZG5e8+PelDpKXOMRzGWIjrQbBJVXqIaZDLeBgBTWgx3tBkiLlUy1bOdR3MF5sPTTggHRJuEc8rRcMhHY6s0g2zr9CNylE8o5Mcs+HT"}
00210{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":70,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1467,"global_ts_usec":1495451756278524}
00310{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":3,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451756278524,"packet_id":70,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1467,"global_ts_usec":1495451756278524}
02310{"packet_event_id":1,"packet_event_name":"packet","packet_id":70,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1501,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1501,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcGOsgADcRhwqY2AekzLpQ5QA1zeYLg6WA7YmEAAABAAIABQAPA25zMwNpcnMDZ292AAABAAHADAABAAEAABwgAASY2AuEwAwALgABAAAcIAEbAAEIAwAAHCBZK47XWSJGR6xiA2lycwNnb3YAUaOVDQJwftL9gtrUM8RfLB6qSOBXZLTc9Hok\/6MIUcY0p+ZXalWKsGuV0qSYiHp0ZrSW1UB4GFMJyv7xm1d\/Po\/u1S5R08MeFVA+R2ZtvHBErM7kw\/4vE2A51h\/i02hoLPEPwvEXL7BXREwrjYl2TQspuWnPYjiGXk63g8xr6TFgux7jb2BRXQ4LBHynjXnnvpt3XYYGbcmWAyGPAsOf9hQuEFUTW8B15ZH+YidKzPQ1rU9pRShm7Pd3FpYAiKLk4i351zYZI20c8JNuwICCSg9UMWYXsfMXQ+CnSvsgbvApAMm6rh0DMcwkAJPfalPrGBEcb5Z1jx4wdGgAiCBer8AQAAIAAQAAHCAABgNuczHAEMAQAAIAAQAAHCAABgNuczLAEMAQAAIAAQAAHCAAAsAMwBAAAgABAAAcIAAGA25zNMAQwBAALgABAAAcIAEbAAIIAgAAHCBZK47XWSJGR6xiA2lycwNnb3YAe+rn2tmycvJNbOGLWjldMLdA22UT7xzZh6HJYvuJrE5+qGxJ\/K9yON+rGW5STnO8kj2d7HsVVtkx7ts0\/\/XDYlHvMvWnWK\/Dq3C0qhX4Y4OXOL2k9lkOXDls5DytCZ+qVKg+alb58DzoDOU5yVHtP9rMKfk9VxtfA9LIEQBilUu0fUAjg6x8b2zwKV\/jt6dY6YdR2oAGxQWcfwUhdEB3XcH5NlvhjHUGSlAUPWnm6zjJAgd2MgFTKihm5f+gD+mtCN9sSjuoCyjb\/J+INEr+l8If9XkT6uujAFdNt62xgrprlhR\/4ZT3wgiZkdJcmZ4Hrkq2N2BnT7dMThz1hN6ZBcFgAAEAAQAAHCAABJjYB6TBYAAuAAEAABwgARsAAQgDAAAcIFkrjtdZIkZHrGIDaXJzA2dvdgCNfUC+vOaSAIQikt\/wOmN6FcRNH787rVK7vx8EOTihWPPbRHscOApvDuppsQAybpUJQDSnhmKXzmW0RGA6n2G0ciYqXXOsL0P3\/\/ygg+7XWZuYzKb304Zfx6QfhPLSsEP8shH+rTSNdno\/S62Ol7IpIPQ0RCioobQ2UR\/UDEXTGGbKuR4mDZJLFYeh5tIFpoqvTkHShLjF6v2OlcN8aKTXl7dgMdindVnqMLXbceQ\/g0+K8BgVnEE\/6MZYL80Ns\/V8grnGdCpO48BX8ffkLGatTdnf+50+sN\/QX2lbVRYMuygjrQrIMeAro+VDEin8TTXEdrj+U639Pp8xolDwNQMSwXIAAQABAAAcIAAEmNgHpcFyAC4AAQAAHCABGwABCAMAABwgWSuO11kiRkesYgNpcnMDZ292AAiDKcsFAKyZAPT6\/BqMm4YGNjnILP\/RiBRbrxE19HyRiZVJxwCUqilv0dC8z9SJfb+rPNQabkmaQAfOPcKhH1sxV5brmQeQEeenqlUiW5YLjefk+NMQgd+NRuOdvGYchkWl5fnmMau\/HlA+HBNsAZN1e+HH49Qw2zLGAFvFYJOqPF\/HCttPr0DY7fU3q\/deTFsRESwvpQebvinvb3rUKnldKnGamoYPobR4sa3Hc7XJ1UAcE0x56k\/d9TLBNjQCHoPmejklH71ALytcz1kqNyblcIX4lJZisb91+kN14GrJEgCW46spplu2sT6hC4lmdNpv9JaIXIh6VBVmBv4anY3BkgABAAEAABwgAASY2AuFwZIALgABAAAcIAEbAAEIAwAAHCBZK47XWSJGR6xiA2lycwNnb3YAJ3yCZvDhJMpICeF2AdNj6dX83t1aIlZReudVBhsa5qliqrUuu1fMBb1RYQ38UscZhlrQBQAAAAAAAGEBAAAAAAAAQwAAAAAAAADE0AAAxA=="}
00210{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":71,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1467,"global_ts_usec":1495451756278901}
00310{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":4,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451756278901,"packet_id":71,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1467,"global_ts_usec":1495451756278901}
02307{"packet_event_id":1,"packet_event_name":"packet","packet_id":71,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1501,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1501,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcGO8gADcRhwaY2AekzLpQ5QA1NzILg45YlzKEAAABAAIABQAPA25zMgNpcnMDZ292AAABAAHADAABAAEAABwgAASY2AelwAwALgABAAAcIAEbAAEIAwAAHCBZK47XWSJGR6xiA2lycwNnb3YACIMpywUArJkA9Pr8GoybhgY2Ocgs\/9GIFFuvETX0fJGJlUnHAJSqKW\/R0LzP1Il9v6s81BpuSZpAB849wqEfWzFXluuZB5AR56eqVSJblguN5+T40xCB341G4528ZhyGRaXl+eYxq78eUD4cE2wBk3V74cfj1DDbMsYAW8Vgk6o8X8cK20+vQNjt9Ter915MWxERLC+lB5u+Ke9vetQqeV0qcZqahg+htHixrcdztcnVQBwTTHnqT931MsE2NAIeg+Z6OSUfvUAvK1zPWSo3JuVwhfiUlmKxv3X6Q3XgaskSAJbjqymmW7axPqELiWZ02m\/0lohciHpUFWYG\/hqdjcAQAAIAAQAAHCAABgNuczHAEMAQAAIAAQAAHCAAAsAMwBAAAgABAAAcIAAGA25zM8AQwBAAAgABAAAcIAAGA25zNMAQwBAALgABAAAcIAEbAAIIAgAAHCBZK47XWSJGR6xiA2lycwNnb3YAe+rn2tmycvJNbOGLWjldMLdA22UT7xzZh6HJYvuJrE5+qGxJ\/K9yON+rGW5STnO8kj2d7HsVVtkx7ts0\/\/XDYlHvMvWnWK\/Dq3C0qhX4Y4OXOL2k9lkOXDls5DytCZ+qVKg+alb58DzoDOU5yVHtP9rMKfk9VxtfA9LIEQBilUu0fUAjg6x8b2zwKV\/jt6dY6YdR2oAGxQWcfwUhdEB3XcH5NlvhjHUGSlAUPWnm6zjJAgd2MgFTKihm5f+gD+mtCN9sSjuoCyjb\/J+INEr+l8If9XkT6uujAFdNt62xgrprlhR\/4ZT3wgiZkdJcmZ4Hrkq2N2BnT7dMThz1hN6ZBcFgAAEAAQAAHCAABJjYB6TBYAAuAAEAABwgARsAAQgDAAAcIFkrjtdZIkZHrGIDaXJzA2dvdgCNfUC+vOaSAIQikt\/wOmN6FcRNH787rVK7vx8EOTihWPPbRHscOApvDuppsQAybpUJQDSnhmKXzmW0RGA6n2G0ciYqXXOsL0P3\/\/ygg+7XWZuYzKb304Zfx6QfhPLSsEP8shH+rTSNdno\/S62Ol7IpIPQ0RCioobQ2UR\/UDEXTGGbKuR4mDZJLFYeh5tIFpoqvTkHShLjF6v2OlcN8aKTXl7dgMdindVnqMLXbceQ\/g0+K8BgVnEE\/6MZYL80Ns\/V8grnGdCpO48BX8ffkLGatTdnf+50+sN\/QX2lbVRYMuygjrQrIMeAro+VDEin8TTXEdrj+U639Pp8xolDwNQMSwYAAAQABAAAcIAAEmNgLhMGAAC4AAQAAHCABGwABCAMAABwgWSuO11kiRkesYgNpcnMDZ292AFGjlQ0CcH7S\/YLa1DPEXyweqkjgV2S03PR6JP+jCFHGNKfmV2pVirBrldKkmIh6dGa0ltVAeBhTCcr+8ZtXfz6P7tUuUdPDHhVQPkdmbbxwRKzO5MP+LxNgOdYf4tNoaCzxD8LxFy+wV0RMK42Jdk0LKblpz2I4hl5Ot4PMa+kxYLse429gUV0OCwR8p415576bd12GBm3JlgMhjwLDn\/YULhBVE1vAdeWR\/mInSsz0Na1PaUUoZuz3dxaWAIii5OIt+dc2GSNtHPCTbsCAgkoPVDFmF7HzF0Pgp0r7IG7wKQDJuq4dAzHMJACT32pT6xgRHG+WdY8eMHRoAIggXq\/BkgABAAEAABwgAASY2AuFwZIALgABAAAcIAEbAAEIAwAAHCBZK47XWSJGR6xiA2lycwNnb3YAJ3yCZvDhJMpICeF2AdNj6dX83t1aIlZReudVBhsa5qliqrUuu1fMBb1RYQ38UscZhlrQBQAAAAAAAGEBAAAAAAAAQwAAAAAAAADE0AAAxA=="}
00210{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":72,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1467,"global_ts_usec":1495451756278993}
00310{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":5,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451756278993,"packet_id":72,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1467,"global_ts_usec":1495451756278993}
02313{"packet_event_id":1,"packet_event_name":"packet","packet_id":72,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1501,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1501,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcGPEgADcRhwSY2AekzLpQ5QA1Q8QLg5NBAMmEAAABAAIABQAPA25zMwNpcnMDZ292AAAcAAHADAAcAAEAABwgABAmEAAwIAAAUwAAAAAAAACQwAwALgABAAAcIAEbABwIAwAAHCBZK47XWSJGR6xiA2lycwNnb3YAggGB5zn+E1Pg+FLMqTHnbMA\/oOer5LeX4aIHpNS4o6eo3\/mQLBqkFditZ2io9gnZB4qh2JsMATiESYiHWEYj0bEtKixiKHmqgPaqgsClUlMc36a53fLyVtyHOsfb4Bn06ipKA\/mFDV0+OoNw8Y3Ho1jSbY7bHubvRM+pfr9JzoRxfb3DWL73ZWluCLfXSQajOLrJJnVQ+P2lNfaTK3czYjjMf3wRU9NKWnRGD4+bDy+2RctwKE\/IMs\/GjQVGFjztYPa6p\/mlAS1K5K4FizcZBjmrNEKa71WUgVe3uiPYOufTuXw7A\/z431698ylT38+Lw74o4px+sIHQ1lAUZBM4AMAQAAIAAQAAHCAABgNuczHAEMAQAAIAAQAAHCAABgNuczLAEMAQAAIAAQAAHCAAAsAMwBAAAgABAAAcIAAGA25zNMAQwBAALgABAAAcIAEbAAIIAgAAHCBZK47XWSJGR6xiA2lycwNnb3YAe+rn2tmycvJNbOGLWjldMLdA22UT7xzZh6HJYvuJrE5+qGxJ\/K9yON+rGW5STnO8kj2d7HsVVtkx7ts0\/\/XDYlHvMvWnWK\/Dq3C0qhX4Y4OXOL2k9lkOXDls5DytCZ+qVKg+alb58DzoDOU5yVHtP9rMKfk9VxtfA9LIEQBilUu0fUAjg6x8b2zwKV\/jt6dY6YdR2oAGxQWcfwUhdEB3XcH5NlvhjHUGSlAUPWnm6zjJAgd2MgFTKihm5f+gD+mtCN9sSjuoCyjb\/J+INEr+l8If9XkT6uujAFdNt62xgrprlhR\/4ZT3wgiZkdJcmZ4Hrkq2N2BnT7dMThz1hN6ZBcFsAAEAAQAAHCAABJjYB6TBbAAuAAEAABwgARsAAQgDAAAcIFkrjtdZIkZHrGIDaXJzA2dvdgCNfUC+vOaSAIQikt\/wOmN6FcRNH787rVK7vx8EOTihWPPbRHscOApvDuppsQAybpUJQDSnhmKXzmW0RGA6n2G0ciYqXXOsL0P3\/\/ygg+7XWZuYzKb304Zfx6QfhPLSsEP8shH+rTSNdno\/S62Ol7IpIPQ0RCioobQ2UR\/UDEXTGGbKuR4mDZJLFYeh5tIFpoqvTkHShLjF6v2OlcN8aKTXl7dgMdindVnqMLXbceQ\/g0+K8BgVnEE\/6MZYL80Ns\/V8grnGdCpO48BX8ffkLGatTdnf+50+sN\/QX2lbVRYMuygjrQrIMeAro+VDEin8TTXEdrj+U639Pp8xolDwNQMSwX4AAQABAAAcIAAEmNgHpcF+AC4AAQAAHCABGwABCAMAABwgWSuO11kiRkesYgNpcnMDZ292AAiDKcsFAKyZAPT6\/BqMm4YGNjnILP\/RiBRbrxE19HyRiZVJxwCUqilv0dC8z9SJfb+rPNQabkmaQAfOPcKhH1sxV5brmQeQEeenqlUiW5YLjefk+NMQgd+NRuOdvGYchkWl5fnmMau\/HlA+HBNsAZN1e+HH49Qw2zLGAFvFYJOqPF\/HCttPr0DY7fU3q\/deTFsRESwvpQebvinvb3rUKnldKnGamoYPobR4sa3Hc7XJ1UAcE0x56k\/d9TLBNjQCHoPmejklH71ALytcz1kqNyblcIX4lJZisb91+kN14GrJEgCW46spplu2sT6hC4lmdNpv9JaIXIh6VBVmBv4anY3ADAABAAEAABwgAASY2AuEwAwALgABAAAcIAEbAAEIAwAAHCBZK47XWSJGR6xiA2lycwNnb3YAUaOVDQJwftL9gtrUM8RfLB6qSOBXZLTc9Hok\/6MIUcY0p+ZXalXQBQAAAAAAAGEBAAAAAAAAQwAAAAAAAADE0AAAxA=="}
00209{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":73,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":728,"global_ts_usec":1495451760381738}
00309{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":6,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451760381738,"packet_id":73,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":728,"global_ts_usec":1495451760381738}
01301{"packet_event_id":1,"packet_event_name":"packet","packet_id":73,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":762,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":762,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcGAEgADMRnmeBBg0DzLpQ5QA1ohMIoLZgAPuEEAABAAMABAANBnRpbWUtYgRuaXN0A2dvdgAAAQABwAwAAQABAAAHCAAEgQYPHcAMAC4AAQAABwgAnAABBwMAAAcIWSqP21khSTdNKgRuaXN0A2dvdgB6DVGNpuOznKvdrQN8bwUpu4PENDRSb+5+syaMGo6RaYqni8IQRlgrlLmn0P9fWLeESttBnO35aSL8o+kaUL7kh56Tzeztgfxvi73UEVovSqcWPBrNHp06FMiCkzzWxYm3rwMsy7tgq5QiEQG82TMM5cM\/UdLrrVKTvePPvapChMAMAC4AAQAABwgAnAABBwMAAAcIWSqP21khSTdp9QRuaXN0A2dvdgAH3ZlJ1Plagxurcne6cVxPIYLgmEuZl+Z8WXRbQC0s7YxnKt0M7zxnZKNLd21OfZCww+HGwHXqGzXhrH5S539DqqjEfHlik\/EheQJBrs2wgJD6BuPbFqZ+\/m62e5E1TenoG46sJm2SbQR4t88KGGo41imZHHAUOlsfMJEWeIhOwsD3AAIAAQAABwgABgNnZWHA98D3AAIAAQAABwgABgNiZWHA98D3AC4AAQAABwgAnAACBwIAAAcIWSpvIFkhMlpNKgRuaXN0A2dvdgB\/AugCl6Rz+sTdMBLd\/b9WzbTmwtSJRElGSiFaNkIXGL85DwZ8CN5XIraessCeREIcUwZxVSCZqTN+jQfSqvs0RCCsELGmZy1\/6te8q\/BHGZ6r5Yfp\/FixyK0YEzCx9kE6yxKwCHgAiZ9RYjXpdk7jwKD9iHCh9psgrmi4EqWisMHDAC4AAQAABwgAnAACBwIAAAcIWSpvIFkhMlpp9QRuaXN0A2dvdgClTY7jIx2EAO1rRXMS+rZG5e8+PelDpKXOMRzGWIjrQbBJVXqIaZDLeBgBTWgx3tBkiLlUy1bOdR3MF5sPTTggHRJuEc8rRcMhHY6s0g2zr9CNylE8o5Mcs+HT"}
00208{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":74,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":38,"global_ts_usec":1495451763731982}
00308{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":7,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451763731982,"packet_id":74,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":38,"global_ts_usec":1495451763731982}
00371{"packet_event_id":1,"packet_event_name":"packet","packet_id":74,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"eLr5aHlnxDRrta3ICABFAAXcogYgAEARoZXMulDlS2GodAA12qEF7q5VMVqBoAABAA8ABAABA3d3dwNzc2QEbm9hYQNnb3YA"}
00208{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":75,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":74,"global_ts_usec":1495451779464126}
00308{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451779464126,"packet_id":75,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":74,"global_ts_usec":1495451779464126}
00421{"packet_event_id":1,"packet_event_name":"packet","packet_id":75,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":108,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcjkogADURn38YivwdzLpQ5QA1IBMGEoHof96EEwABAAAACAABB2R5bmFtaWMJbGliZXJ0eXByA25ldAAAHAABwBQABgABAAAOEAAkBWRucy0xwBQFYWRtaW7A"}
00208{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":76,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":74,"global_ts_usec":1495451779745556}
00308{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451779745556,"packet_id":76,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":74,"global_ts_usec":1495451779745556}
00421{"packet_event_id":1,"packet_event_name":"packet","packet_id":76,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":108,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcjksgADURn34YivwdzLpQ5QA1chAGEkLdh+yEEwABAAAACAABB2R5bmFtaWMJbGliZXJ0eXByA25ldAAAAQABwBQABgABAAAOEAAkBWRucy0xwBQFYWRtaW7A"}
00209{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":77,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":252,"global_ts_usec":1495451779762059}
00309{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":3,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451779762059,"packet_id":77,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":252,"global_ts_usec":1495451779762059}
00664{"packet_event_id":1,"packet_event_name":"packet","packet_id":77,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":286,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":286,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcB3MgADsR6J3HK4U1zLpQ5QA1x0sGxG739qGEEAABAAIABgANA3d3dwVpY2FubgNvcmcAAAEAAcAMAAUAAQAADhAACgN3d3cDdmlwwBDADAAuAAEAAA4QAKAABQcDAAAOEFkvMblZE0c+sGYFaWNhbm4Db3JnAFcOXWiLmAn+7RhE3TKRAZ5C+YCLPXSCXHhs6mLxoYLFSB9OmyFE9HQ90+HWIdUDemeRreC546O8dauCK16auNeVpMGVWBmAVkdmYo\/jYS\/f0rb0ZmripWbPcu3lWPDh7GnpYHF2BQ+z6kikiq9qTkmjhshwCrs5yNXSFD+OutJN\/jecwC8AAgABAAAOEAALBGd0bTEDbA=="}
00210{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":78,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1129,"global_ts_usec":1495451795488014}
00310{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451795488014,"packet_id":78,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1129,"global_ts_usec":1495451795488014}
01831{"packet_event_id":1,"packet_event_name":"packet","packet_id":78,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1163,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1163,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcnoIgADsRANkX04VDzLpQ5QA1ZoEP+cmJ9tyEAAABACEAAAAdBF9ub3MEX3RjcAdub3MtYXZnAmN6AAAhAAHADAAhAAEAAAcIAB0AZAAKAbsKZmUtc2VsZjAwNwdub3MtYXZnAmN6AMAMACEAAQAABwgAHQBkAAoBuwpmZS1zZWxmMDAyB25vcy1hdmcCY3oAwAwAIQABAAAHCAAcAGQACgBQCWZlLXByZzAwNAdub3MtYXZnAmN6AMAMACEAAQAABwgAHABkAAoBuwlmZS1wcmcwMDgHbm9zLWF2ZwJjegDADAAhAAEAAAcIAB0AZAAKAFAKZmUtc2VsZjAwNwdub3MtYXZnAmN6AMAMACEAAQAABwgAHQBkAAoAUApmZS1zZWxmMDAyB25vcy1hdmcCY3oAwAwAIQABAAAHCAAdAGQACgG7CmZlLXNlbGYwMDYHbm9zLWF2ZwJjegDADAAhAAEAAAcIABwAZAAKAbsJZmUtcHJnMDAzB25vcy1hdmcCY3oAwAwAIQABAAAHCAAcAGQACgBQCWZlLXByZzAwNgdub3MtYXZnAmN6AMAMACEAAQAABwgAHABkAAoAUAlmZS1wcmcwMDEHbm9zLWF2ZwJjegDADAAhAAEAAAcIAB0AZAAKAFAKZmUtc2VsZjAwMwdub3MtYXZnAmN6AMAMACEAAQAABwgAHQBkAAoAUApmZS1zZWxmMDA4B25vcy1hdmcCY3oAwAwAIQABAAAHCAAcAGQACgG7CWZlLXByZzAwNwdub3MtYXZnAmN6AMAMACEAAQAABwgAHABkAAoAUAlmZS1wcmcwMDIHbm9zLWF2ZwJjegDADAAhAAEAAAcIABwAZAAKAFAJZmUtcHJnMDAzB25vcy1hdmcCY3oAwAwAIQABAAAHCAAdAGQACgG7CmZlLXNlbGYwMDgHbm9zLWF2ZwJjegDADAAhAAEAAAcIAB0AZAAKAbsKZmUtc2VsZjAwNAdub3MtYXZnAmN6AMAMACEAAQAABwgAHABkAAoBuwlmZS1wcmcwMDUHbm9zLWF2ZwJjegDADAAhAAEAAAcIABwAZAAKAFAJZmUtcHJnMDA3B25vcy1hdmcCY3oAwAwAIQABAAAHCAAdAGQACgG7CmZlLXNlbGYwMDEHbm9zLWF2ZwJjegDADAAhAAEAAAcIABwAZAAKAFAJZmUtcHJnMDA1B25vcy1hdmcCY3oAwAwAIQABAAAHCAAcAGQACgBQCWZlLXByZzAwOAdub3MtYXZnAmN6AMAMACEAAQAABwgAHQBkAAoBuwpmZS1zZWxmMDAzB25vcy1hdmcCY3oAwAwAIQABAAAHCAAdAGQACgBQCmZlLXNlbGYwMDYHbm9zLWF2ZwJjegDADAAhAAEAAAcIAB0AZAAKAbsKZmUtc2VsZjAwNQdub3MtYXZnAmN6AMAMACEAAQAABwgAHABkAAoBuwlmZS1wcmcwMDQHbm9zLWF2ZwJjegDADAAhAAEAAAcIAB0AZAAKAFAKZmUtc2VsZjAwNAc="}
00209{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":79,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":675,"global_ts_usec":1495451801867184}
00309{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451801867184,"packet_id":79,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":675,"global_ts_usec":1495451801867184}
01232{"packet_event_id":1,"packet_event_name":"packet","packet_id":79,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":709,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":709,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcVUIgADoR311APsiTzLpQ5QA1HC4OMzJ8VlCEEAABAAIABgATA25zMgNucmMDZ292AAAcAAHADAAcAAEAAA4QABAgAUnw0GQABhAAAAAAAAGHwAwALgABAAAOEAEbABwHAwAADhBZlIDRWR3Z0YaKA25yYwNnb3YAPWJVgdJKgVrTRsYmmdfgVzqqFqEjtUkbPsBTAyhBqcDqUhyiJ9lBKi0APTMHaoRlm9hKhCaxBf4OosrfcZZZslLTdHCsdWT3HBqF8quhdYgBFhCMYj2GltCBFdXUFuG\/ZMZe\/CYWmCUJwAYCF1Nrid6tA42V3+7Xl7GskBZncS2WWlSxB29bNO5qp\/hzNCvZSu+2CoR2pxntdEHpFyHTMEFW1GIMYaBIBeKmZ9Doz3BzKpSAQQ+2gzTU0pwjmlklQze5+O\/T87VbIrIG0NI6rOWvlrdMZVPfgmbDRUgBonXYW7ys3J4xP6AACqxAfp0yxUWCfy9QuEQQgB+HEB0bVMBXAAIAAQAADhAAAsAMwFcAAgABAAAOEAAGA25zM8BXwFcAAgABAAAOEAAVB2Ruc3NlYzcHZGF0YW10bgNjb20AwFcAAgABAAAOEAALCGRuc3NlYzExwZTAVwACAAEAAA4QAAYDbnMxwFfAVwAuAAEAAA4QARsAAgcCAAAOEFmUgNFZHdnRhooDbnJjA2dvdgCZi7bFn+nZ2P6WVw6o+kkwQuaKLgQuorJ5umHdHNd9400r4gzeBn33Ed0Zu7gD64lr2vhaLbxzLduR1aVAh1X4VlSh2jIQFWHIeoJ8Onasxl0l5tBD7VY1PneeZ1c40Al01eURgN\/WP7woAAMGLHDFWcaVfxALKzEXvlThyjffaO1k\/60LDVhVBDOZ6qeLxCdDVAfYZWLOALT5G71UUp\/mfWeY+zuZZrL9Mg=="}
00209{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":80,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":276,"global_ts_usec":1495451802317438}
00309{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":3,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451802317438,"packet_id":80,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":276,"global_ts_usec":1495451802317438}
00695{"packet_event_id":1,"packet_event_name":"packet","packet_id":80,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":310,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":310,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXc7j0gADgRdoqiljgTzLpQ5QA13WQG3OQmOZmEAAABAAYABgABDXN0YXRpYy1hc3NldHMDdG9wB2NvbWNhc3QDbmV0AAAwAAHADAAwAAEAAAA8AIgBAAMFAwEAAdNI7Jg7FgzKcoFbbTVFnNS103uNlzSi57w6MSU8g4N7BY45c8wRU0sUX4wCfS5mnvFDJOVeri9\/brOPAihImJbUq1qtU1hWYhriE+Q5okjx68WWhd44ZtMny6bsYRvUiusoqWjg23bXi9ii\/7fg+pccZPnCpi15g6KH4Pi07RLdwAwAMAABAAAAPAEIAQEDBQMBAAHH50NT4xwBENYYIASJ2mD3BG9QGEiNhcrE595erpAhJx7YsU81LP9gTvm6xTLb7N7F1r2ajg=="}
00210{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":81,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1178,"global_ts_usec":1495451817304087}
00310{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451817304087,"packet_id":81,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1178,"global_ts_usec":1495451817304087}
01907{"packet_event_id":1,"packet_event_name":"packet","packet_id":81,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1212,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcsBogADIR1B2hNyACzLpQ5QA1FhYKYhxxeiOEEAABAAIABAAND2F2aWF0aW9ud2VhdGhlcgNnb3YAAAEAAcAMAAEAAQAAAHgABIxaZc\/ADAAuAAEAAAB4AScAAQUCAAAAeFkriyJZIlCiJtkPYXZpYXRpb253ZWF0aGVyA2dvdgBcAnaQGheMvunF5C4cR5MJ72dSM8drk3RcE\/+nxnzfOogtDZmIWC2uUpk1r8xGZG2a2jRIA\/aj7zKkRbvNWBJ7qmI7yE\/unpmntn5Dyz3Um2RQBCjsXFWyfJgY5adyFQrx82AJTn0XIJJWlgv2g8gLH5cB5vq1Yx2QwIizFaT84HOR9Ro7mx0vPzffSQYtz10RZTKVLepM1R9WCwQoAlCmj1FX3PJSAVW1ysoAcCz8VNw8RQVeI7UOQsrNyeoeQU4fT9ZJVxaQxHfWRAhaVBdW1NMrgGV8IGluYRAdA\/hJk+MHJtjXbnaSeicSZRZLPiWIrQ+9vEs51K9tviWP1U47wFMAAgABAAAAeAAMBG5zLWUEbm9hYcBjwFMAAgABAAAAeAAIBW5zLW13wXnAUwACAAEAAAB4AAgFbnMtbnfBecBTAC4AAQAAAHgBJwACBQIAAAB4WSuLIlkiUKIm2Q9hdmlhdGlvbndlYXRoZXIDZ292ACem07do6v1NXUbeeSFCIj1ItSvoyoZ\/MkEVoL5rYeAY9tnwbNm\/RpXbQs3WZA84dHc8qApmpHZjNOzbQez3KZG7OK1f97Akn7bH1Ky7MKcrTPKH1PCPR0y4c94s6MFoH7fD6SfpHkqVyFkaspk\/OJpadSYLEQw32h1fGec9Via\/3fvcfA9UaUVW48GZIkYFNWZU\/dMHVDul0koiW1RkbrGjSj9jrN8M5OzzGNtQWIjEdvi5TKW5kPQt9XYqkeohSO6NHXOBkElsykELYz0FoRto8wvtZYGKZxoLfRlDES0YDpe+inWG1xWUXgvmym\/DRCrMlOOt9xEshGof6J1Kr9DBdAABAAEAAVGAAASMWiHtwXQAHAABAAFRgAAQJhAAIIAAjAAAAAAAAAACN8GMAAEAAQABUYAABIysEe3BjAAcAAEAAVGAABAmEAAgiACMAAAAAAAAAAI3waAAAQABAAFRgAAEoTcgAsGgABwAAQABUYAAECYQACCMAIwAAAAAAAAAAALBdAAuAAEAAVGAARwAAQUDAAFRgFkri31ZIlD9PnMEbm9hYQNnb3YAHTxu3oTuiFuFiCLpTl\/MK89BN9JBGjfKVUZAF3gZCKhMwx34GFStLHWeXnyc0jpz6oB3UKoWYWqIzl5uLmkTVdATO05wGhRkXmoRFvqHJQ49RQ+pBTNvjvfsZjt4sxWFaBX6dcM71YC5bIV281hFIsnrSJ79QSihSBHieSy9t5YTGlF5LCJijNEWEHJYxDID1Mza+tXKdNXJWHbkQhQwRPJKGX91jqgFPlz4hmfje77PrtKaUJ8h5eApMH+gaNXsNFvzV3nB+6kGVXv2VWVXVPXI3XzMFa8CKHbYrFGd7LJ4f5PFB725JCBxTQ4KeEOuBE0WXVqE9VoK1uYoB4PAK8F0AC4AAQABUYAB"}
00209{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":82,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":240,"global_ts_usec":1495451840165795}
00309{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451840165795,"packet_id":82,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":240,"global_ts_usec":1495451840165795}
00647{"packet_event_id":1,"packet_event_name":"packet","packet_id":82,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":274,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcQSkgAOcRefuDTlH+zLpQ5QA1iN8GuEyAW62FkwABAAAADAABCkhJMDFXRUYwMDEDZXRuA2RsYQNtaWwAAAEAAcAbAAYAAQAAAycAMAhlYWdsZWliMQJhZMAbC3JhbmR5LnNtaXRowBt3sikrAAAqMAAABDgACTqAAAADhMAbAC4AAQAAAycAmwAGCAIAAAOEWS\/o5lkiq9Y2JANkbGEDbWlsAEPjY6zabVfm9vwk6mSh9m4kj9u7ZDlkxqtiglIZTh\/RONTC0jpNpQmC+rJg1+X5ptcybqG6dncq1KPvSJq3fG1w8VDIG7zJf7f6G9gikY9VMCGmBxLlsKtyxHORaw=="}
00209{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":83,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":290,"global_ts_usec":1495451840209084}
00309{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451840209084,"packet_id":83,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":290,"global_ts_usec":1495451840209084}
00712{"packet_event_id":1,"packet_event_name":"packet","packet_id":83,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":324,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":324,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcQccgAOcReV2DTlH+zLpQ5QA1iBUG6lPedjOFkwABAAAADAABCkhJMDFXRUYwMDEEbm9zYwNkbGEDbWlsAAABAAHAFwAGAAEAAABZADAIZWFnbGVpYjECYWTAHAtyYW5keS5zbWl0aMAcAAAHZgAAALQAAAASAAk6gAAAA4TAFwAuAAEAAABZAKAABggDAAAAtFkv4yBZIqYQMlUEbm9zYwNkbGEDbWlsAHAi\/\/IpY3Psvud3bXls8gvS7SxTXcJbJ2fO4LqoVAeoWw33Sok4nKe8G5wSzgrj+gHIwqz4AXRl3ZauyfrHZKtplIVp\/qYFFwFvnbKy4VuVxCDuV39nS0bYD6vwMZut5duIQsRD92AJMBuJaLwaFueObOvDDzhSu2qWb8T7Pru6wBcALgABAAAA"}
00209{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":84,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":249,"global_ts_usec":1495451840333990}
00309{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":3,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451840333990,"packet_id":84,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":249,"global_ts_usec":1495451840333990}
00660{"packet_event_id":1,"packet_event_name":"packet","packet_id":84,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":283,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":283,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcQ9AgAOcRd1SDTlH+zLpQ5QA1+V4GwcnHlaqFkwABAAAADAABCkhJMDFXRUYwMDEDb29iA2RsYQNtaWwAAAEAAcAbAAYAAQAAAZUAMAhlYWdsZWliMQJhZMAbC3JhbmR5LnNtaXRowBt3sikrAAAqMAAABDgACTqAAAADhMAbAC4AAQAAAZUAmwAGCAIAAAOEWS\/o5lkiq9Y2JANkbGEDbWlsAEPjY6zabVfm9vwk6mSh9m4kj9u7ZDlkxqtiglIZTh\/RONTC0jpNpQmC+rJg1+X5ptcybqG6dncq1KPvSJq3fG1w8VDIG7zJf7f6G9gikY9VMCGmBxLlsKtyxHORa\/AgRGTYgjUNSA=="}
00209{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":85,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":675,"global_ts_usec":1495451860723807}
00309{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451860723807,"packet_id":85,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":675,"global_ts_usec":1495451860723807}
01232{"packet_event_id":1,"packet_event_name":"packet","packet_id":85,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":709,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":709,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXctFYgADoRIiVBMSXFzLpQ5QA1N2wOM3VnSZ6EEAABAAIABgATA25zMQNucmMDZ292AAAcAAHADAAcAAEAAA4QABAgAQRwAAEAeiAAAAAAAACXwAwALgABAAAOEAEbABwHAwAADhBZlIDRWR3Z0YaKA25yYwNnb3YALVciLeV6\/9PVH3ix0oDMwPVXP+IuKi7iilwN8AXuICaEixRjMcL3k6CimR5Qqz2Ycw6GKR7q0Ru6zaeR+QYAjDqrD+MMW8dbCcINrpqJWjnqBRalN\/yYo\/yvsBa2wZPK3alx2x5VnRHoD2Js8UfeJJoW0zLMCnQkcnHnI8zIxKzPAlhcVwmcU+2j33B8sM29LmFlzJzazhfNwdxdRvaTNbUEhTzhlpB7woguGh3UcEHOLFrxazn6WmkxImFq2NBaB\/T0eDIozLqDuE+altkXto3Lyhd11i49paFgy0Mhg2C0ZQoPj1+cSeqFyHfhmq920VlYzrf1hk07KsH5DFRWS8BXAAIAAQAADhAAFghkbnNzZWMxMQdkYXRhbXRuA2NvbQDAVwACAAEAAA4QAAYDbnMzwFfAVwACAAEAAA4QAALADMBXAAIAAQAADhAACgdkbnNzZWM3wXXAVwACAAEAAA4QAAYDbnMywFfAVwAuAAEAAA4QARsAAgcCAAAOEFmUgNFZHdnRhooDbnJjA2dvdgCZi7bFn+nZ2P6WVw6o+kkwQuaKLgQuorJ5umHdHNd9400r4gzeBn33Ed0Zu7gD64lr2vhaLbxzLduR1aVAh1X4VlSh2jIQFWHIeoJ8Onasxl0l5tBD7VY1PneeZ1c40Al01eURgN\/WP7woAAMGLHDFWcaVfxALKzEXvlThyjffaO1k\/60LDVhVBDOZ6qeLxCdDVAfYZWLOALT5G71UUp\/mfWeY+zuZZrL9Mg=="}
00209{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":86,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":270,"global_ts_usec":1495451867062384}
00309{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451867062384,"packet_id":86,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":270,"global_ts_usec":1495451867062384}
00690{"packet_event_id":1,"packet_event_name":"packet","packet_id":86,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":304,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":304,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcqqsgAOcREHmDTlH+zLpQ5QA1TnkG1twua62FkwABAAAADAABClJDMDFXRUYwMDEEbmVtbwNkbGEDbWlsAAABAAHAFwAGAAEAAAA8ADAIZWFnbGVpYjECYWTAHAtyYW5keS5zbWl0aMAcd9p7lQAAKjAAAAQ4ABJ1AAAAA4TAFwAuAAEAAAA8AKAABggDAAAAPFkvM2hZIfZYHRkEbmVtbwNkbGEDbWlsAB1eP48NXB48YC39LxAk\/Khj2mVEQ6aS5HOSznEHbJsfSIIptRD6BtLuXwGHekuWL8Z8c4kWh5ITHm730bhtaFCQHR4MBMAUg\/QYfZB\/3QkezK+jd+kE5nVF\/tAkTs15nBpCsT3XFv1DW\/UqWuIhDZwgTv+++Q=="}
00209{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":87,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":169,"global_ts_usec":1495451874121400}
00309{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":3,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451874121400,"packet_id":87,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":169,"global_ts_usec":1495451874121400}
00552{"packet_event_id":1,"packet_event_name":"packet","packet_id":87,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":203,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcE+8gADUR5p1N8Pn0zLpQ5QA1XvoGcR\/WhA+EEAABAAIABQAHA25zMQNjc2MCbHQAAAEAAcAMAAEAAQABUYAABE3w+fTADAAuAAEAAVGAARoAAQcDAAFRgFkvGkZZB4jkr\/cDY3NjAmx0ALbKVVGDcRZDqk1lyGdWsP5IQ26mLHrrMMz2pPyson+cx8+CsnAw8\/PhfvXbGxejQaIrCYXN3lCaimZi4Ns9eAyNg0i42MNM14BM77qxS7I="}
00209{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":88,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":231,"global_ts_usec":1495451891093884}
00309{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451891093884,"packet_id":88,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":231,"global_ts_usec":1495451891093884}
00636{"packet_event_id":1,"packet_event_name":"packet","packet_id":88,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":265,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":265,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcxOggAOQR3V7OJiMDzLpQ5QA1oocGr2AqSlqFkwABAAAADAABClBIMDFXRUYwMDECYWQDZGxhA21pbAAAAQABwBoABgABAAACAgAtCGVhZ2xlaWIxwBcLcmFuZHkuc21pdGjAGneyKSsAACowAAAEOAAJOoAAAAOEwBoALgABAAACAgCbAAYIAgAAA4RZL+jmWSKr1jYkA2RsYQNtaWwAQ+NjrNptV+b2\/CTqZKH2biSP27tkOWTGq2KCUhlOH9E41MLSOk2lCYL6smDX5fmm1zJuobp2dyrUo+9Imrd8bXDxUMgbvMl\/t\/ob2CKRj1UwIaYHEuWwqw=="}
00210{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":89,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1155,"global_ts_usec":1495451910684938}
00310{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451910684938,"packet_id":89,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1155,"global_ts_usec":1495451910684938}
01886{"packet_event_id":1,"packet_event_name":"packet","packet_id":89,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1189,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1189,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcW3YgADURSGKMrBHtzLpQ5QA1nlwKS15OQ2CEEAABAAIABAANDmNhbWVvY2hlbWljYWxzBG5vYWEDZ292AAABAAHADAABAAEAAVGAAAShN0EOwAwALgABAAFRgAEcAAEFAwABUYBZK4t9WSJQ\/T5zBG5vYWEDZ292AIaf94KEuv9ZJnwf0eecIweTnGhU9b8l62tJ68k6dYKJPMmWgU+FCdyf\/QzA4d7evU\/WdY7C1qnmSAKUF\/jv82PtKEXWR9WzExnNSIkYyQ5Ek5HmxOvXRyAbUWYpnmzE31nJFS1DIaj6bHFKKyXa7kbE2lCLrY7Yw5mk7cXQ4OLgm8h\/Rf8PZUuRTxVYvWYo4+TVze1zHc8FD\/ypXkA55QgQpzIh2fdyiGaKmMRm4vEgVKR9qcV84hn2T6W953fnxyCiEAhN7\/HrL8+6Sed3bKvypaRqQ6VyWlurn4p4PS768LrGaurHjeTDHLHyOhT+cpJoI83IpDVd3ZFZXfga1z\/AVwACAAEAAVGAAAgFbnMtbnfAV8BXAAIAAQABUYAACAVucy1td8BXwFcAAgABAAFRgAAHBG5zLWXAV8BXAC4AAQABUYABHAACBQIAAVGAWSuLfVkiUP0+cwRub2FhA2dvdgB\/\/xDOV8RlACc0tJNxS+YKsLSQOBQbk6NLsQZG3YDTjO3iKsh7IcLqiw6uOc7SaLs86m+f\/kMHQskW6EQOmEHDMnbqN9IQMGQT4wsBbRrQmwjtM3XaVIfw2QRYEj4dnRSam\/XPSboR6M9\/hOGPVESZ\/uQ6WqFzbJ5fPUcerIlG\/kYoZuwvlZN9eWpmI2uvZVEJoNzzXHVFVxe+gyzQ2fX9CfzbU64wrazKsV4840AxDn9S8jSgjT7wrA1fAbUY1N1Z18MDcPXwCsgNM45SCTA3GR4LZG5q0wfZhRsvLTMW6nxaQfuphvLWLR4kFiw6usfYhcbxye3Gh4WdZwsuqUy1wZUAAQABAAFRgAAEjFoh7cGVABwAAQABUYAAECYQACCAAIwAAAAAAAAAAjfBgQABAAEAAVGAAASMrBHtwYEAHAABAAFRgAAQJhAAIIgAjAAAAAAAAAACN8FtAAEAAQABUYAABKE3IALBbQAcAAEAAVGAABAmEAAgjACMAAAAAAAAAAACwZUALgABAAFRgAEcAAEFAwABUYBZK4t9WSJQ\/T5zBG5vYWEDZ292AB08bt6E7ohbhYgi6U5fzCvPQTfSQRo3ylVGQBd4GQioTMMd+BhUrSx1nl58nNI6c+qAd1CqFmFqiM5ebi5pE1XQEztOcBoUZF5qERb6hyUOPUUPqQUzb4737GY7eLMVhWgV+nXDO9WAuWyFdvNYRSLJ60ie\/UEooUgR4nksvbeWExpReSwiYozRFhByWMQyA9TM2vrVynTVyVh25EIUMETyShl\/dY6oBT5c+IZn43u+z67SmlCfIeXgKTB\/oGjV7DRb81d5wfupBlV79lVlV1T1yN18zBWvAih22KxRneyyeH+TxQe9uSQgcU0OCnhDrgRNFl1ahPVaCtbmKAeDwCvBlQAuAAEAAVGAAQ=="}
00209{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":90,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":271,"global_ts_usec":1495451913554506}
00309{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451913554506,"packet_id":90,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":271,"global_ts_usec":1495451913554506}
00687{"packet_event_id":1,"packet_event_name":"packet","packet_id":90,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":305,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":305,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcoZEgAOcRGZODTlH+zLpQ5QA1hecG1xOqS+SFkwABAAAADAABC0NNSDBTLTUwNjI0BGRhYXMDZGxhA21pbAAAAQABwBgABgABAAAAPwAwCGVhZ2xlaWIxAmFkwB0LcmFuZHkuc21pdGjAHQExm5UAAAC0AAAAEgAJOoAAAAOEwBgALgABAAAAPwCgAAYIAwAAALRZLyttWSHuXTGGBGRhYXMDZGxhA21pbABfZgMcUaz74\/opjmPI6fIN7S4Ga9GN4s2JVqvb0uXXvbdLi9ee5JaFRYVlFB0RVerGRt3pX5esuSlY9ySHVHjOBX09ZI1nwdlSMxmFBY9ZemmmfYIR43tvzwqFnbufNVeL7\/vc0q83XBfNipWbDRE5bz+qVR8="}
00208{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":91,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":76,"global_ts_usec":1495451914068906}
00308{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":3,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451914068906,"packet_id":91,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":76,"global_ts_usec":1495451914068906}
00425{"packet_event_id":1,"packet_event_name":"packet","packet_id":91,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":110,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcXUggADgRPcyY2AuFzLpQ5QA1eM4GFPW9NOaEAwABAAAACAABC3NpcGludGVybmFsA2lycwNnb3YAAAEAASBlZmxia2RtZjJtY241ZWg0ZjB1OW9lZHN2bWFxODA="}
00209{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":92,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":452,"global_ts_usec":1495451914094306}
00309{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":4,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451914094306,"packet_id":92,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":452,"global_ts_usec":1495451914094306}
00932{"packet_event_id":1,"packet_event_name":"packet","packet_id":92,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":486,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":486,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFKAXcMaIgADQR\/37IE0oVzLpQ5QA1cggHjFp0zlSEEAABAAMABQAKA25zMgZwb3AtcHIDcm5wAmJyAAAcAAHADAAcAAEAAAEsABAoAQCCAAAABgAAAAAAAAAgwAwALgABAAABLAChABwFBAAAASxYVstzWC8+c5NwBnBvcC1wcgNybnACYnIA1\/aeIOiXLVAUlf7X0fXFedFXWKq9aABVNOZ7r5rykMv0fMN9YxDR4Cfp\/zKvuFMArhl0vnp4MXdTgWKEiqk59GY+\/xomF5ijzP3\/hVLiW7e0IYJ1yWiBQh1jhcv34Y3bAKrfDk1MJeqnDbo4Bp88Wdfr5Y21wV56qV8eT6SlXOXADAAuAAEAAAEsAKEAHAUEAAABLFhWy3NYLz5zpzoGcG9wLXByA3JucAJicgCVDEMFJZu9EAXpnfRWZ2RVItWA0n+KJu9IaIVJmIMhajSIQT3VrNMeLfYGRUUl45s\/7N7SoIMSnISlGlhJNpFBgZCcSGA0oztlFfMwzcS\/I5CcKCU3SWRb5uEagRV84Bme6gzJXmBlBbKvNmLJm1Vjve6LCM8hoD8VZqG7vv8jFcEKAAIAAQAAASwABQJuc8EKwQoAAgABAAABLAACwAzBCgAC"}
00209{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":93,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":240,"global_ts_usec":1495451915752227}
00309{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":5,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451915752227,"packet_id":93,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":240,"global_ts_usec":1495451915752227}
00647{"packet_event_id":1,"packet_event_name":"packet","packet_id":93,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":274,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcZssgAOcRVFmDTlH+zLpQ5QA1TRMGuBtHRUGFkwABAAAADAABCkhRMDFXRUYwMDEDRElSAkFEA0RMQQNNSUwAAAEAAcAeAAYAAQAAA2gALQhlYWdsZWliMcAbC3JhbmR5LnNtaXRowB53sikrAAAqMAAABDgACTqAAAADhMAeAC4AAQAAA2gAmwAGCAIAAAOEWS\/o5lkiq9Y2JANkbGEDbWlsAEPjY6zabVfm9vwk6mSh9m4kj9u7ZDlkxqtiglIZTh\/RONTC0jpNpQmC+rJg1+X5ptcybqG6dncq1KPvSJq3fG1w8VDIG7zJf7f6G9gikY9VMCGmBxLlsKtyxHORaw=="}
00559{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":93,"source":"badpackets.pcap","alias":"nDPId-test","packets-captured":93,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":204,"global_ts_usec":1495451915752227}
00559{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":93,"source":"badpackets.pcap","alias":"nDPId-test","packets-captured":93,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":194,"global_ts_usec":1495451915752227}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 93/0
~~ skipped flows.............: 0
@@ -214,6 +204,6 @@
~~ total memory freed........: 6034017 bytes
~~ total allocations/frees...: 121477/121477
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 212 chars
~~ json string min len.......: 312 chars
~~ json string max len.......: 2318 chars
~~ json string avg len.......: 1264 chars
~~ json string avg len.......: 1314 chars

22
test/results/capwap.pcap.out
View File

@@ -7,17 +7,17 @@
00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"capwap.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1422328963915032,"flow_dst_last_pkt_time":1422328963915032,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"thread_ts_usec":1422328963915032,"pkt":"\/\/\/\/\/\/\/\/uDhh8wWsCABFAABFAAEAAP8R8PTAqAoK\/\/\/\/\/8BrADUAMQAA9LUBAAABAAAAAAAAF0NJU0NPLUNBUFdBUC1DT05UUk9MTEVSAAABAAE="}
01001{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"capwap.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1422328963915032,"flow_src_last_pkt_time":1422328963915032,"flow_dst_last_pkt_time":1422328963915032,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1422328963915032,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":49259,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"cisco-capwap-controller","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"capwap.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1422328966914891,"flow_dst_last_pkt_time":1422328963915032,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"thread_ts_usec":1422328966914891,"pkt":"\/\/\/\/\/\/\/\/uDhh8wWsCABFAABFAAIAAP8R8PPAqAoK\/\/\/\/\/8BrADUAMQAA9LUBAAABAAAAAAAAF0NJU0NPLUNBUFdBUC1DT05UUk9MTEVSAAABAAE="}
00184{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":4,"source":"capwap.pcap","alias":"nDPId-test","layer_type":351,"global_ts_usec":1422328970067630}
00284{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1422328970067630,"packet_id":4,"source":"capwap.pcap","alias":"nDPId-test","layer_type":351,"global_ts_usec":1422328970067630}
00759{"packet_event_id":1,"packet_event_name":"packet","packet_id":4,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":365,"pkt_type":351,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":365,"pkt_l4_len":0,"thread_ts_usec":1422328966914891,"pkt":"AQAMzMzMuDhh8wWsAV+qqgMAAAwgAAK0db0AAQAUQVBiODM4LjYxZjMuMDVhYwAFAPJDaXNjbyBJT1MgU29mdHdhcmUsIEMyNjAwIFNvZnR3YXJlIChBUDNHMi1LOVc4LU0pLCBWZXJzaW9uIDE1LjIoNClKQTEsIFJFTEVBU0UgU09GVFdBUkUgKGZjMikKVGVjaG5pY2FsIFN1cHBvcnQ6IGh0dHA6Ly93d3cuY2lzY28uY29tL3RlY2hzdXBwb3J0CkNvcHlyaWdodCAoYykgMTk4Ni0yMDEzIGJ5IENpc2NvIFN5c3RlbXMsIEluYy4KQ29tcGlsZWQgVHVlIDMwLUp1bC0xMyAyMjo1NyBieSBwcm9kX3JlbF90ZWFtAAYAG2Npc2NvIEFJUi1DQVAyNjAySS1RLUs5AAIAEQAAAAEBAcwABMCoCgoAAwAUR2lnYWJpdEV0aGVybmV0MAAEAAgAAAADAAsABQE="}
00184{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":5,"source":"capwap.pcap","alias":"nDPId-test","layer_type":351,"global_ts_usec":1422328971066732}
00284{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1422328971066732,"packet_id":5,"source":"capwap.pcap","alias":"nDPId-test","layer_type":351,"global_ts_usec":1422328971066732}
00759{"packet_event_id":1,"packet_event_name":"packet","packet_id":5,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":365,"pkt_type":351,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":365,"pkt_l4_len":0,"thread_ts_usec":1422328966914891,"pkt":"AQAMzMzMuDhh8wWsAV+qqgMAAAwgAAK0db0AAQAUQVBiODM4LjYxZjMuMDVhYwAFAPJDaXNjbyBJT1MgU29mdHdhcmUsIEMyNjAwIFNvZnR3YXJlIChBUDNHMi1LOVc4LU0pLCBWZXJzaW9uIDE1LjIoNClKQTEsIFJFTEVBU0UgU09GVFdBUkUgKGZjMikKVGVjaG5pY2FsIFN1cHBvcnQ6IGh0dHA6Ly93d3cuY2lzY28uY29tL3RlY2hzdXBwb3J0CkNvcHlyaWdodCAoYykgMTk4Ni0yMDEzIGJ5IENpc2NvIFN5c3RlbXMsIEluYy4KQ29tcGlsZWQgVHVlIDMwLUp1bC0xMyAyMjo1NyBieSBwcm9kX3JlbF90ZWFtAAYAG2Npc2NvIEFJUi1DQVAyNjAySS1RLUs5AAIAEQAAAAEBAcwABMCoCgoAAwAUR2lnYWJpdEV0aGVybmV0MAAEAAgAAAADAAsABQE="}
00184{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":6,"source":"capwap.pcap","alias":"nDPId-test","layer_type":351,"global_ts_usec":1422328972066724}
00284{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":3,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1422328972066724,"packet_id":6,"source":"capwap.pcap","alias":"nDPId-test","layer_type":351,"global_ts_usec":1422328972066724}
00759{"packet_event_id":1,"packet_event_name":"packet","packet_id":6,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":365,"pkt_type":351,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":365,"pkt_l4_len":0,"thread_ts_usec":1422328966914891,"pkt":"AQAMzMzMuDhh8wWsAV+qqgMAAAwgAAK0db0AAQAUQVBiODM4LjYxZjMuMDVhYwAFAPJDaXNjbyBJT1MgU29mdHdhcmUsIEMyNjAwIFNvZnR3YXJlIChBUDNHMi1LOVc4LU0pLCBWZXJzaW9uIDE1LjIoNClKQTEsIFJFTEVBU0UgU09GVFdBUkUgKGZjMikKVGVjaG5pY2FsIFN1cHBvcnQ6IGh0dHA6Ly93d3cuY2lzY28uY29tL3RlY2hzdXBwb3J0CkNvcHlyaWdodCAoYykgMTk4Ni0yMDEzIGJ5IENpc2NvIFN5c3RlbXMsIEluYy4KQ29tcGlsZWQgVHVlIDMwLUp1bC0xMyAyMjo1NyBieSBwcm9kX3JlbF90ZWFtAAYAG2Npc2NvIEFJUi1DQVAyNjAySS1RLUs5AAIAEQAAAAEBAcwABMCoCgoAAwAUR2lnYWJpdEV0aGVybmV0MAAEAAgAAAADAAsABQE="}
00185{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":10,"source":"capwap.pcap","alias":"nDPId-test","layer_type":375,"global_ts_usec":1422328982066392}
00285{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":4,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1422328982066392,"packet_id":10,"source":"capwap.pcap","alias":"nDPId-test","layer_type":375,"global_ts_usec":1422328982066392}
00792{"packet_event_id":1,"packet_event_name":"packet","packet_id":10,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":389,"pkt_type":375,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":389,"pkt_l4_len":0,"thread_ts_usec":1422328966914891,"pkt":"AQAMzMzMuDhh8wWsAXeqqgMAAAwgAAK0iX0AAQAUQVBiODM4LjYxZjMuMDVhYwAFAPJDaXNjbyBJT1MgU29mdHdhcmUsIEMyNjAwIFNvZnR3YXJlIChBUDNHMi1LOVc4LU0pLCBWZXJzaW9uIDE1LjIoNClKQTEsIFJFTEVBU0UgU09GVFdBUkUgKGZjMikKVGVjaG5pY2FsIFN1cHBvcnQ6IGh0dHA6Ly93d3cuY2lzY28uY29tL3RlY2hzdXBwb3J0CkNvcHlyaWdodCAoYykgMTk4Ni0yMDEzIGJ5IENpc2NvIFN5c3RlbXMsIEluYy4KQ29tcGlsZWQgVHVlIDMwLUp1bC0xMyAyMjo1NyBieSBwcm9kX3JlbF90ZWFtAAYAG2Npc2NvIEFJUi1DQVAyNjAySS1RLUs5AAIAEQAAAAEBAcwABMCoCgoAAwAWR2lnYWJpdEV0aGVybmV0MC4xAAQACAAAAAMACwAFAQAQAAYyyAAZABCkjQAAAAA8KAAAMsg="}
00185{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":11,"source":"capwap.pcap","alias":"nDPId-test","layer_type":383,"global_ts_usec":1422328989070227}
00285{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":5,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1422328989070227,"packet_id":11,"source":"capwap.pcap","alias":"nDPId-test","layer_type":383,"global_ts_usec":1422328989070227}
00804{"packet_event_id":1,"packet_event_name":"packet","packet_id":11,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":397,"pkt_type":383,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":397,"pkt_l4_len":0,"thread_ts_usec":1422328966914891,"pkt":"AQAMzMzMuDhh8wWsAX+qqgMAAAwgAAK0cl0AAQAUQVBiODM4LjYxZjMuMDVhYwAFAPJDaXNjbyBJT1MgU29mdHdhcmUsIEMyNjAwIFNvZnR3YXJlIChBUDNHMi1LOVc4LU0pLCBWZXJzaW9uIDE1LjIoNClKQTEsIFJFTEVBU0UgU09GVFdBUkUgKGZjMikKVGVjaG5pY2FsIFN1cHBvcnQ6IGh0dHA6Ly93d3cuY2lzY28uY29tL3RlY2hzdXBwb3J0CkNvcHlyaWdodCAoYykgMTk4Ni0yMDEzIGJ5IENpc2NvIFN5c3RlbXMsIEluYy4KQ29tcGlsZWQgVHVlIDMwLUp1bC0xMyAyMjo1NyBieSBwcm9kX3JlbF90ZWFtAAYAG2Npc2NvIEFJUi1DQVAyNjAySS1RLUs5AAIAEQAAAAEBAcwABMCoCgoAAwAWR2lnYWJpdEV0aGVybmV0MC4xAAQACAAAAAMACwAFAQAPAAggAAAAABAABjLIABkAEKSNAAAAADwoAAAyyA=="}
00185{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":12,"source":"capwap.pcap","alias":"nDPId-test","layer_type":383,"global_ts_usec":1422328993294069}
00285{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":6,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1422328993294069,"packet_id":12,"source":"capwap.pcap","alias":"nDPId-test","layer_type":383,"global_ts_usec":1422328993294069}
00804{"packet_event_id":1,"packet_event_name":"packet","packet_id":12,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":397,"pkt_type":383,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":397,"pkt_l4_len":0,"thread_ts_usec":1422328966914891,"pkt":"AQAMzMzMuDhh8wWsAX+qqgMAAAwgAAK0cl0AAQAUQVBiODM4LjYxZjMuMDVhYwAFAPJDaXNjbyBJT1MgU29mdHdhcmUsIEMyNjAwIFNvZnR3YXJlIChBUDNHMi1LOVc4LU0pLCBWZXJzaW9uIDE1LjIoNClKQTEsIFJFTEVBU0UgU09GVFdBUkUgKGZjMikKVGVjaG5pY2FsIFN1cHBvcnQ6IGh0dHA6Ly93d3cuY2lzY28uY29tL3RlY2hzdXBwb3J0CkNvcHlyaWdodCAoYykgMTk4Ni0yMDEzIGJ5IENpc2NvIFN5c3RlbXMsIEluYy4KQ29tcGlsZWQgVHVlIDMwLUp1bC0xMyAyMjo1NyBieSBwcm9kX3JlbF90ZWFtAAYAG2Npc2NvIEFJUi1DQVAyNjAySS1RLUs5AAIAEQAAAAEBAcwABMCoCgoAAwAWR2lnYWJpdEV0aGVybmV0MC4xAAQACAAAAAMACwAFAQAPAAggAAAAABAABjLIABkAEKSNAAAAADwoAAAyyA=="}
00761{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"capwap.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1422329005766358,"flow_src_last_pkt_time":1422329005766358,"flow_dst_last_pkt_time":1422329005766358,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":123,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":123,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":123,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1422329005766358,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":12380,"dst_port":5246,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"capwap.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1422329005766358,"flow_dst_last_pkt_time":1422329005766358,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":165,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":165,"pkt_l4_len":131,"thread_ts_usec":1422329005766358,"pkt":"\/\/\/\/\/\/\/\/uDhh8wWsCABFwACXAARAAP8Rr9\/AqAoK\/\/\/\/\/zBcFH4AgwAAACACEAAAAAAGWAogaQ4g6AAAAAEAAGYAABQAAQAAJwAoAgIAAQBAlgAAAAAEAQAAAABAlgAAAQAEBwVmAABAlgAAAgAEDAQZAAApAAEEACwAAQEAJQAKAECWAADPAQAAAQAlABYAQJYAAAVBUGI4MzguNjFmMy4wNWFj"}
@@ -36,7 +36,7 @@
00720{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"capwap.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1422329018033268,"flow_dst_last_pkt_time":1422329017533285,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_usec":1422329018033268,"pkt":"JOmzR64guDhh8wWsCABFwADDAAJAAEARpATAqAoKwKgKCTBcFH8ArwAAACADIAAAAAABBAAAAAAAAABAAABYCiBpDiAAAAAAAABYCiBpDiAAAN0JAECWJQEFL9Qy3RsAQJYlAAEcq6fyE50AAEkACwAFKFJLQAQC3ePdGwBAliUAARyrp\/ITnQAAHQALAAUtdhsgDQK\/xN0bAECWJQABHKun8hOdAAAOAAsABS9iq+AIAt7o3RsAQJYlAAEcq6fyE50AAAwACwAFL7WkAA0C3+g="}
00838{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"capwap.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1422329018533282,"flow_dst_last_pkt_time":1422329017533285,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":296,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":296,"pkt_l4_len":262,"thread_ts_usec":1422329018533282,"pkt":"JOmzR64guDhh8wWsCABFwAEaAANAAEARo6zAqAoKwKgKCTBcFH8BBgAAACADIAAAAAABBAAAAAAAAABAAABYCiBpDiAAAAAAAABYCiBpDiAAAN0JAECWJQEFN3Va3RsAQJYlAAEcq6fyE50AACMACwAFMGt3IAoC5+ndGwBAliUAARyrp\/ITnQAAEwALAAUwdLNADQLo6d0bAECWJQABZICZPC30AAADAAsABTJ3KPD9AqWm3RsAQJYlAAH4Ht\/dIQ8AAB8ACwAFNejwUJoCvcLdGwBAliUAAfge390hDwAAEgALAAU2FOxglQK9wt0bAECWJQAB+B7f3SEPAAAcAAsABTZHxnCRAr\/A3RsAQJYlAAH4Ht\/dIQ8AAAcACwAFN246sJsCvr4="}
00760{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":176,"source":"capwap.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1422328963915032,"flow_src_last_pkt_time":1422328966914891,"flow_dst_last_pkt_time":1422328963915032,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1422329025532954,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":49259,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00186{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":192,"source":"capwap.pcap","alias":"nDPId-test","layer_type":375,"global_ts_usec":1422329034072795}
00286{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1422329034072795,"packet_id":192,"source":"capwap.pcap","alias":"nDPId-test","layer_type":375,"global_ts_usec":1422329034072795}
00793{"packet_event_id":1,"packet_event_name":"packet","packet_id":192,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":389,"pkt_type":375,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":389,"pkt_l4_len":0,"thread_ts_usec":1422329034032779,"pkt":"AQAMzMzMuDhh8wWsAXeqqgMAAAwgAAK0KHQAAQAUQVBiODM4LjYxZjMuMDVhYwAFAPJDaXNjbyBJT1MgU29mdHdhcmUsIEMyNjAwIFNvZnR3YXJlIChBUDNHMi1LOVc4LU0pLCBWZXJzaW9uIDE1LjIoNClKQTEsIFJFTEVBU0UgU09GVFdBUkUgKGZjMikKVGVjaG5pY2FsIFN1cHBvcnQ6IGh0dHA6Ly93d3cuY2lzY28uY29tL3RlY2hzdXBwb3J0CkNvcHlyaWdodCAoYykgMTk4Ni0yMDEzIGJ5IENpc2NvIFN5c3RlbXMsIEluYy4KQ29tcGlsZWQgVHVlIDMwLUp1bC0xMyAyMjo1NyBieSBwcm9kX3JlbF90ZWFtAAYAG2Npc2NvIEFJUi1DQVAyNjAySS1RLUs5AAIAEQAAAAEBAcwABMCoCgoAAwAWR2lnYWJpdEV0aGVybmV0MC4xAAQACAAAAAMACwAFAQAQAAY8KAAZABCkjQABAAA8KAAAMsg="}
02189{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":222,"source":"capwap.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":0,"flow_first_seen":1422329017533285,"flow_src_last_pkt_time":1422329049032294,"flow_dst_last_pkt_time":1422329017533285,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":80,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":283,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4909,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1422329049032294,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"192.168.10.9","src_port":12380,"dst_port":5247,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":499857,"avg":1016097.1,"max":3999845,"stddev":875106.2,"var":765810835456.0,"ent":4.6,"data": [499983,500014,499872,2999961,499995,500031,499980,499982,499890,499986,499975,499998,499999,999998,999993,500014,2999827,1000005,999991,500032,1999814,500016,499990,999989,500017,1499983,499857,1999983,999996,999993,3999845]},"pktlen": {"min":108,"avg":181.4,"max":311,"stddev":58.4,"var":3415.7,"ent":4.9,"data": [108,195,282,137,224,137,108,195,311,137,108,108,137,282,137,195,195,282,137,195,108,253,166,195,195,195,253,137,108,195,224,166]},"bins": {"c_to_s": [0,0,6,7,2,9,2,5,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"entropies": [4.322847843,4.775271893,5.243394375,4.682712078,4.886671543,4.761803627,4.409015179,4.971165657,5.125069618,4.609245777,4.380640507,4.355712414,4.823248386,4.982461452,4.627756596,4.929459095,4.873090267,5.032708645,4.636066914,4.873720646,4.399159431,4.936395168,4.818520069,5.070401192,4.945625305,4.792158127,4.963052750,4.698768139,4.306179047,4.887980938,4.937054634,4.651456833]},"ndpi": {"confidence": {"6":"DPI"},"proto":"CAPWAP","proto_id":"247","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00912{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":235,"source":"capwap.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1422329005766358,"flow_src_last_pkt_time":1422329005766854,"flow_dst_last_pkt_time":1422329005766358,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":123,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":123,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":246,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1422329056532011,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":12380,"dst_port":5246,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"CAPWAP","proto_id":"247","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
@@ -44,7 +44,7 @@
00920{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":235,"source":"capwap.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":83,"flow_dst_packets_processed":85,"flow_first_seen":1422329005767224,"flow_src_last_pkt_time":1422329054811998,"flow_dst_last_pkt_time":1422329054811504,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1457,"flow_dst_max_l4_payload_len":1457,"flow_src_tot_l4_payload_len":19173,"flow_dst_tot_l4_payload_len":19898,"midstream":0,"thread_ts_usec":1422329056532011,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12380,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"CAPWAP","proto_id":"247","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00910{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":250,"source":"capwap.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":57,"flow_dst_packets_processed":0,"flow_first_seen":1422329017533285,"flow_src_last_pkt_time":1422329067031684,"flow_dst_last_pkt_time":1422329017533285,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":80,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":283,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":7982,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1422329067031684,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"192.168.10.9","src_port":12380,"dst_port":5247,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"CAPWAP","proto_id":"247","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00760{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":270,"source":"capwap.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1422328963915032,"flow_src_last_pkt_time":1422328966914891,"flow_dst_last_pkt_time":1422328963915032,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1422329079031318,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":49259,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00186{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":293,"source":"capwap.pcap","alias":"nDPId-test","layer_type":375,"global_ts_usec":1422329091711112}
00286{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1422329091711112,"packet_id":293,"source":"capwap.pcap","alias":"nDPId-test","layer_type":375,"global_ts_usec":1422329091711112}
00793{"packet_event_id":1,"packet_event_name":"packet","packet_id":293,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":389,"pkt_type":375,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":389,"pkt_l4_len":0,"thread_ts_usec":1422329090053500,"pkt":"AQAMzMzMuDhh8wWsAXeqqgMAAAwgAAK0KHQAAQAUQVBiODM4LjYxZjMuMDVhYwAFAPJDaXNjbyBJT1MgU29mdHdhcmUsIEMyNjAwIFNvZnR3YXJlIChBUDNHMi1LOVc4LU0pLCBWZXJzaW9uIDE1LjIoNClKQTEsIFJFTEVBU0UgU09GVFdBUkUgKGZjMikKVGVjaG5pY2FsIFN1cHBvcnQ6IGh0dHA6Ly93d3cuY2lzY28uY29tL3RlY2hzdXBwb3J0CkNvcHlyaWdodCAoYykgMTk4Ni0yMDEzIGJ5IENpc2NvIFN5c3RlbXMsIEluYy4KQ29tcGlsZWQgVHVlIDMwLUp1bC0xMyAyMjo1NyBieSBwcm9kX3JlbF90ZWFtAAYAG2Npc2NvIEFJUi1DQVAyNjAySS1RLUs5AAIAEQAAAAEBAcwABMCoCgoAAwAWR2lnYWJpdEV0aGVybmV0MC4xAAQACAAAAAMACwAFAQAQAAY8KAAZABCkjQABAAA8KAAAMsg="}
00912{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":331,"source":"capwap.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1422329005766358,"flow_src_last_pkt_time":1422329005766854,"flow_dst_last_pkt_time":1422329005766358,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":123,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":123,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":246,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1422329110030492,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":12380,"dst_port":5246,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"CAPWAP","proto_id":"247","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00906{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":331,"source":"capwap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1422328949167396,"flow_src_last_pkt_time":1422328949167396,"flow_dst_last_pkt_time":1422328949167396,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":65,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":65,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":65,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1422329110030492,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12379,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"CAPWAP","proto_id":"247","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
@@ -52,7 +52,7 @@
00916{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":341,"source":"capwap.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":117,"flow_dst_packets_processed":1,"flow_first_seen":1422329017533285,"flow_src_last_pkt_time":1422329119530164,"flow_dst_last_pkt_time":1422329084348788,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":428,"flow_dst_max_l4_payload_len":126,"flow_src_tot_l4_payload_len":17249,"flow_dst_tot_l4_payload_len":126,"midstream":0,"thread_ts_usec":1422329119530164,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"192.168.10.9","src_port":12380,"dst_port":5247,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"CAPWAP","proto_id":"247","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00760{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":351,"source":"capwap.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1422328963915032,"flow_src_last_pkt_time":1422328966914891,"flow_dst_last_pkt_time":1422328963915032,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1422329129029842,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":49259,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"capwap.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1422329136181809,"flow_dst_last_pkt_time":1422329005766358,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":165,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":165,"pkt_l4_len":131,"thread_ts_usec":1422329136181809,"pkt":"\/\/\/\/\/\/\/\/uDhh8wWsCABFwACXAGlAAP8Rr3rAqAoK\/\/\/\/\/zBcFH4AgwAAACACEAAAAAAGWAogaQ4g\/wAAABMAAGYAABQAAQEAJwAoAgIAAQBAlgAAAAAEAQAAAABAlgAAAQAEBwVmAABAlgAAAgAEDAQZAAApAAEEACwAAQEAJQAKAECWAADPAQAAAQAlABYAQJYAAAVBUGI4MzguNjFmMy4wNWFj"}
00186{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":378,"source":"capwap.pcap","alias":"nDPId-test","layer_type":375,"global_ts_usec":1422329141909488}
00286{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1422329141909488,"packet_id":378,"source":"capwap.pcap","alias":"nDPId-test","layer_type":375,"global_ts_usec":1422329141909488}
00793{"packet_event_id":1,"packet_event_name":"packet","packet_id":378,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":389,"pkt_type":375,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":389,"pkt_l4_len":0,"thread_ts_usec":1422329141029509,"pkt":"AQAMzMzMuDhh8wWsAXeqqgMAAAwgAAK0KHQAAQAUQVBiODM4LjYxZjMuMDVhYwAFAPJDaXNjbyBJT1MgU29mdHdhcmUsIEMyNjAwIFNvZnR3YXJlIChBUDNHMi1LOVc4LU0pLCBWZXJzaW9uIDE1LjIoNClKQTEsIFJFTEVBU0UgU09GVFdBUkUgKGZjMikKVGVjaG5pY2FsIFN1cHBvcnQ6IGh0dHA6Ly93d3cuY2lzY28uY29tL3RlY2hzdXBwb3J0CkNvcHlyaWdodCAoYykgMTk4Ni0yMDEzIGJ5IENpc2NvIFN5c3RlbXMsIEluYy4KQ29tcGlsZWQgVHVlIDMwLUp1bC0xMyAyMjo1NyBieSBwcm9kX3JlbF90ZWFtAAYAG2Npc2NvIEFJUi1DQVAyNjAySS1RLUs5AAIAEQAAAAEBAcwABMCoCgoAAwAWR2lnYWJpdEV0aGVybmV0MC4xAAQACAAAAAMACwAFAQAQAAY8KAAZABCkjQABAAA8KAAAMsg="}
00904{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":379,"source":"capwap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1422328949167396,"flow_src_last_pkt_time":1422328949167396,"flow_dst_last_pkt_time":1422328949167396,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":65,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":65,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":65,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1422329141029509,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12379,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"CAPWAP","proto_id":"247","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00758{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":394,"source":"capwap.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1422328963915032,"flow_src_last_pkt_time":1422328966914891,"flow_dst_last_pkt_time":1422328963915032,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1422329152529070,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":49259,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -75,6 +75,6 @@
~~ total memory freed........: 6054274 bytes
~~ total allocations/frees...: 121927/121927
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 189 chars
~~ json string min len.......: 289 chars
~~ json string max len.......: 2194 chars
~~ json string avg len.......: 1190 chars
~~ json string avg len.......: 1240 chars

6
test/results/dlt_ppp.pcap.out
View File

@@ -1,5 +1,5 @@
00487{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dlt_ppp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":3265032704,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
00173{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":9,"packet_id":1,"source":"dlt_ppp.pcap","alias":"nDPId-test","protocol":33,"global_ts_usec":1031048}
00264{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":9,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1031048,"packet_id":1,"source":"dlt_ppp.pcap","alias":"nDPId-test","protocol":33,"global_ts_usec":1031048}
01933{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"dlt_ppp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1230,"pkt_type":33,"pkt_l3_offset":2,"pkt_l4_offset":0,"pkt_len":1230,"pkt_l4_len":0,"thread_ts_usec":1031048,"pkt":"ACFFAgTMQT1AAD8RDTPBpwD8wadkZKwzAbsEuAAAz\/8AAB0MtxIpOpsU8gzQWdyoBJhpwdcARJZ0OsZN0bl8VJfvOykoeuttM0eMWHJwpGpOPAqWh0GUfp9IIe82zPEOJxxbudM5\/pOWImGkMJYnZKC4oc+Wie817ZluT3qGlbT6FmvR7wgU3ZlqiJlO4+0DRHL4d\/DzL3RfCdhaKCfxoviWr9OOaF9xayHBTgloTkVIbSLderihnwr+mk7qqrStghVdXJFtnOWHTzAMdmPpzaY99oTPzZwWklZzjG9W5shdxiA8ok\/3pt2WMY3QJIDzbHzKP+7ZsLr5YGFFIYxx1JspmQXO5+U3jVl43o7+huGmMmGYHNdWbRYYgFoAkcV642cnCac+cZPVd9ar\/XFRGfd\/WaFVK+zvTNX+exQ7Y3ZIotGRLaPFvGpj3H1W9HNWBEKODu7hETU2OX\/NaZuNjAbfxxKVTC9o6LUxoTVjag4leuFawG3pE6XLxFh9fenfXyYspIGy40nX701+znmPySuhrrYghEKqHVTFz\/fjb5y59pxDqwfx2gz+0tLjNRNMLdNY1Ag+BpNZPQBZDxS1Q4nlCfUqLKWSJpEsd+mHyUC3pRaolG8Jpu68ULGXjJ4ZKS7952WY2QtbjEtiMSGVNPERp0foW+HREy8qKb+tFgJ65NsBWY0E9\/jJGGpFUnix\/C7BDjtX\/ZgK9gfyvVQabBdj7mBntuOhNmnilWaVEIOX7CKCv2V+0LQWQOOVtmTWBQy0XrnBP7R005Av3+pdvoITeQ2zEo762fyDmFlboLbmiVV7z4cyXPPQL6MPya78HzZSLTnm3Xxv8O87bNxZE+T0J9baS33P9HRocrLvAjLFAWSMQbXzM6RAx0uu2+2kxSt4LNQRr+Nvhj9iZm0i+9tU23DVWOg6UFW+uqUPF0ds+jp9XdVBP+b6UC3e79iGd\/QTg4M7OYt7pt75ojnbr+ZjxHE8B0GZ1bPhHUhQ\/439iohTEuvizuLosg\/9ETTUUdbasnXh9D\/+SO51ABAnZvM6SDJ1pj177GYIwa\/ZqyWvarQpS41HFFKu4RYpQHjOT56xqgSjrLEWXyerkTEX8shaJqUzTf0hupuyCJ\/APa3545+ZYzvcCDGD7g4mx1kJ6bCPcx5s\/v5xv0RJBodp9K1hK4v\/DTDZxZGtU5gN0XXnA0WlvhheGJ1S\/ZaCizvBvbTeu8i2DUwd4Wme2LeIVwWL1YRsoozl32VaoHYmsfd7GuS4nwcSIq7qOKc\/v0ngj3r3ND1Z2VcoyXNbqPLJo2kpXaoXlSfOfSzoS+BYoeB3qst\/3RnzIpMan+YfjUUqTAsAH+lgJatdqf9zS60Yl5fSUpCDIosbThj4VOLqNKWrLQjA8v+93FIA3\/NFEDMSuNxj605kSA9S9GRrTJHsR5osW14O2xZRF\/BiXyz77L3\/OW35KvEzzuGXD5Apmt9048cnckQ+W8pGZui61Z81+NpEDiVl5\/7woKFPqgJn9vKV42rT4DXlRToJ8qpzLeevd936RndwoN8DMGcbfT7BT7\/CndBaHTk\/Xoi\/g0FlSSofCargF+zZqnP61iuG15DY\/IC7bC0k3NnOEoXpUUSiCOrtQOJtDXQygOL8Gb9V"}
00543{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"dlt_ppp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":4,"global_ts_usec":1031048}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
@@ -14,6 +14,6 @@
~~ total memory freed........: 6034017 bytes
~~ total allocations/frees...: 121477/121477
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 178 chars
~~ json string min len.......: 269 chars
~~ json string max len.......: 1938 chars
~~ json string avg len.......: 866 chars
~~ json string avg len.......: 905 chars

18
test/results/dns_fragmented.pcap.out
View File

@@ -5,28 +5,28 @@
01003{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1558968008021140,"flow_src_last_pkt_time":1558968008021140,"flow_dst_last_pkt_time":1558968008021140,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1558968008021140,"l3_proto":"ip4","src_ip":"172.217.40.76","dst_ip":"193.24.227.238","src_port":56680,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","proto_id":"5.126","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"weberlab.de","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":48,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
02498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1558968008021140,"flow_dst_last_pkt_time":1558968008021712,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1558968008021712,"pkt":"AIac51UUAAwpil3XCABFAAXc0P4gAEARCebBGOPurNkoTAA13WgGrrRj1D+EEAABAAQAAAABCHdlYmVybGFiAmRlAAAwAAHADAAwAAEAAAA8AggBAQMKAwEAAd3v\/e0irXYKOwtYEB3VPe7z99qvi5le9\/y1XXyplp5y\/5xaqrm\/relG8pgx8GsNW2IgviJKAJ6UiU45ERKoH+fz2qf2SUFHFWwkweiWyLZ4EZHhowviCEx94P4OswNKXmdYHe38rlHPa+3OypW9gYfR9lhCKK3neCPq8\/aFFsTTI7dQ+Q2kERWiCMCybl4WOwsBo\/RlnPM4yufMKIlABiM5NWQPNmI6jYzAYpYoyUhd9HnnIIDlNQ89HpXQdFmysMraXYb7qDOoOEiOodttKH0y\/vtJ2SRU05RF4AEumacIUzAi5LL2cMQxC7t7rlDI4X42NRfOLAqGuOeclFjzqz3OdAJWeg\/AAnSbb02AGCkQ370TX1hWveAXt6xpPWOLgHXSLIF\/lz+wl+Dm8ZNWDnn5zEJuEj3xova1g8zmRXJOmqA6VhGqewxF8c+yKeNEOHz4X4\/RLmWHIuEbvboP00Dk5A9bhyZGVsytOJg+NwhFQtvBWLmD82FFtfSt2vmbFFNwAZOnRZWJOG9L7TFcGIm1OEULmohUyFLsBGMXDFOu1k0o6pqm495tsBuMyJNpfdQoPwOkUpsKi6jmNq6vRjvvNiJbcFylTQrqHGTGuOopuUsBbUXj\/nOr4I6j42k6GDIuTyLDkaVrdrxXmGnfNnStdqWmvHXo\/YFwdls9bcT7wAwAMAABAAAAPAEIAQADCgMBAAHQVNwo8VCsO0nmM2u3Mcqv14N851ULDM7hf1Hi2ooDrm7SR4cYS\/ptdvSMUJEyqPCUSF3Clw\/mlYs7YppfPvATwlxTT37RaXRQswUTRh4\/3GtYPxZXJOr+Wr2nwf4Rqm1imNixBim+ZLWFho\/CQdJqyhqg2VT8ongtHWFb9Nojmjr1IXZe0LYFcm0d1eoB5YaBtAcRvhm41KfjcjwpW7jDiMH5W1RgefeOj8kBkIJxjV9i9TB7pjmmAvw91J8s0GTTJqo\/ORsAzT8BHg3y6usJtQVH8ezMMHBFbjtgdGJlMoj4kn1KBk8Jtj9ZxjTIZWIo922PVb8sQqj0JytLOU69wAwALgABAAAAPAIfADAKAgAAADxdChURXOJ+MzN7CHdlYmVybGFiAmRlAB+yP4V\/njTX1ZrAUX52Q4ppNzTYQFwUb\/fZ7UyQYLNxrrstLuUEImGhNwZoGn47E0jCxJscYiApT\/lYiL2L1ySUl4RKqHIjPNuYuibs67t5ZabkYsahlYEA\/lOcM3eIQx9pu5Og7p1d2yBSUETOBiGw2mFf2+ESni6Ue4XPXEEYzAhiMRhuYOJAy8gBqoPjkRBcJfWJSQLCsK1uYySkTZfbAzgJeVM0nXd6azgG0BhRE+LeaO6rN3QVHDtfgnwRdZ0mqwEcP9Ixz7o9MUVSKZ24Kp1QfS5nvEHn5PilNALbZYZOO0cQAeV8BhlxVuALLDecEOLC8sY1mx6ozY5\/aRypyHA9HCrJT0qIHJwgtxE7ldoWyzsz32MKgZvCYMZSPOXK\/W3p61FPtD4iT4Id6xXDvyRuALL3waMUMwy3mSjXDHAdpXWaCOMfYx2IzRk4rN5TDQtUohYwaoSbystwDYKnhZGi9jS0G8FObyWhTrKCl7aTkMBaFEejCh0dfD5WJP+MDS\/TR32BG0S+GtGTl4n1Y8wgyP7nkz3\/REcevkIvpJRUImVc8A\/VPTI+9KvBSkoLPA9Za\/IpqUpgDVsKWU5bp0V0TdEryxvtwOnVXXdH0\/hJMgIgWhmZzY2\/UVoRBVGptWsAIhn5sO+UhcjvZ41p3t\/1mWp23BdUACblNtHcw2MALgABAAAAPAEfADAKAgAAADxdChURXOJ+M5BHCHdlYmVybGFiAmRlAHoYKuiyNMNSWsfXwtRR8n\/pKy73at02yEwt1EoWyfptV8sUoxs="}
01018{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1558968008021140,"flow_src_last_pkt_time":1558968008021140,"flow_dst_last_pkt_time":1558968008021712,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":1472,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":1472,"midstream":0,"thread_ts_usec":1558968008021712,"l3_proto":"ip4","src_ip":"172.217.40.76","dst_ip":"193.24.227.238","src_port":56680,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","proto_id":"5.126","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"weberlab.de","dns": {"num_queries":1,"num_answers":5,"reply_code":0,"query_type":48,"rsp_type":48,"rsp_addr":"0.0.0.0"}}}
00212{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":3,"source":"dns_fragmented.pcap","alias":"nDPId-test","l4_data_len":230,"global_ts_usec":1558968008021729}
00312{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1558968008021729,"packet_id":3,"source":"dns_fragmented.pcap","alias":"nDPId-test","l4_data_len":230,"global_ts_usec":1558968008021729}
00634{"packet_event_id":1,"packet_event_name":"packet","packet_id":3,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":264,"pkt_l4_len":0,"thread_ts_usec":1558968008021712,"pkt":"AIac51UUAAwpil3XCABFAAD60P4AuUARLg\/BGOPurNkoTJJWaQ8FS9tIHo+oVjY51cy6+fgiJNB2zCSb2h1J8D40RJyUZYc0lguNGrMzvogBYnbxInuDKD2B8SGaumxsynJulBSZTde74knucmk+7g4DbM0zyfRD0W3RhD3u0NFdji\/0zmiI817VkCE2GpVvuL3F8KDCC+EMYjJlOHqM+STJxPq9ZF8xJcVITkC6EY6CdRmYmQdqvRYWzDXPjGtyu5XT13H1VC8IJisNUehBDr2PeppANUdXFlyqVQ6mARL6UnTBT0xam7DpmuxycO7BOql2rC7KBJb4lykg9AAAKRAAAACAAAAA"}
00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1558968010233766,"flow_src_last_pkt_time":1558968010233766,"flow_dst_last_pkt_time":1558968010233766,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1558968010233766,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c03::10a","dst_ip":"2001:470:765b::a25:53","src_port":46433,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00604{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1558968010233766,"flow_dst_last_pkt_time":1558968010233766,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":120,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":120,"pkt_l4_len":66,"thread_ts_usec":1558968010233766,"pkt":"AAwpil3XAIac51UUht1gArj8AEIRayoAFFBAEwwDAAAAAAAAAQogAQRwdlsAAAAAAAAKJQBTtWEANQBC7JLpxAAQAAEAAAAAAAECcGEId2ViZXJsYWICZGUAABwAAQAAKRAAAACAAAAPAAgACwACOAAgAQRwHwsW"}
01017{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1558968010233766,"flow_src_last_pkt_time":1558968010233766,"flow_dst_last_pkt_time":1558968010233766,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1558968010233766,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c03::10a","dst_ip":"2001:470:765b::a25:53","src_port":46433,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"pa.weberlab.de","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
02479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1558968010233766,"flow_dst_last_pkt_time":1558968010234445,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1510,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":1510,"pkt_l4_len":1448,"thread_ts_usec":1558968010234445,"pkt":"AIac51UUAAwpil3Xht1gB4f9BbAsQCABBHB2WwAAAAAAAAolAFMqABRQQBMMAwAAAAAAAAEKEQAAAShAPAsANbVhBeUUjunEhBAAAQACAAMACQJwYQh3ZWJlcmxhYgJkZQAAHAABwAwAHAABAAAAPAAQIAEEcB8LECQAAAAAAAAAAsAMAC4AAQAAADwBHwAcCgMAAAA8XQZZ\/FzevuyQRwh3ZWJlcmxhYgJkZQC1pnXN9aJB47xcEl0t+RyJPr\/p+1OSRyBEPleyPVcVG13SY1au\/jvJTdnRA4lySA7r3bi4LlJCEattffR4fjevK4f+NrGd0s5mJ+PRg85+C1QnHQmbvL9v+MI2zPL2z8n5PSX3Yf1y4VNvPCJ7YmzWzkyABQys7VcUh58r0Vf2MDfcX+p\/oqdfN5wH3piEMrifXVk3S1jvEgqm3k\/0jIc5bfsXYFPDiziLSsKruSCkr5Ydv6DPypeAQh8lSdezjVxYVAOnbrtC88Q7QQ04+1dWXmZGW9cG+PBKFrFDsPDKsCvsJ0ggc3+bJXpyZZ0SaqfH4Zgi8NjO\/iMCsrSxLkS9wFoAAgABAAAAPAAPA25zMgh3ZWJlcmRuc8BjwFoAAgABAAAAPAAGA25zMcF3wFoALgABAAAAPAEfAAIKAgAAADxdCgDsXOJvNZBHCHdlYmVybGFiAmRlAHSoxNqqAKym4hw9iI9\/cGB9AOyri1gZ9PRCVa3kokohNFwwgJZHh\/GYLEe5aVQ16NDPaZsaEDNFKVzAqyIPhTpD66im4JiAdIma3+zQ6MM9+50XgE4zD34pXPziEN3\/hpyx0OsRaMDdi+fLJ+VSFGsK+dEf7olAlTzREwS8gAhMxbir6bK5GyMP0HpB+N56qoJQqvHlvC11N4HQ1PiAfHGM\/e0cnoTP4HtNoJs4zlO01ipMUjuZ2yl3aHqydGgSm9jswrVneievkN6cP9\/osHneUEe3pq+Na767DBQ6GotyiL0ifYjqRt+tp11FZgz+RwhCI599k5mxFSecocr80szBjgAcAAEAAA4QABAgAQRwdlsAAAAAAAAKJQBTwXMAHAABAAAOEAAQIAEEcB8LFrAAAAAACiYAU8GOAAEAAQAADhAABMEY4+7BcwABAAEAAA4QAATC9wUOwY4ALgABAAAOEACfAAEIAwAADhBdCiqqXOKPrjDwCHdlYmVyZG5zAmRlALFKzqMjh9BzTzk7te1fsFGook8hWPtH0Dh2qeLmkPiC00JY45Dj2PARXv44katX35tAeXg4ix8QZs+c1GIcPatTaDXZe6J7CgZjoERP+ecNOmJ3vNLtj8s3UGq5X1b66ao4qdZN6E8DXjYpPWxeaD+6KZd7ytQjBmRNzONHV4CNwY4ALgABAAAOEACfABwIAwAADhBdCiqqXOKPrjDwCHdlYmVyZG5zAmRlAEEPt\/jvpNYZTaxUf\/hq3Z6tUps6XBA9Yu325Bwy3LukMjtOntkxZ48rvFNij79Ioq3EbGxCb4PD0EVLtA5lKR6U69jYrdbsh11ahmIq4c0voBJAKVJkpfioqYTXkZCppD5DWEnFc7+3dmCZtR6n7cdLRMGXeU0ee7boqf+ntG0ywXMALgABAAAOEACfAAEIAwAADhBdCiqqXOKPrjDwCHdlYmVyZG5zAmRlAAdbeEFbg2lg4i3rnV+6yQt2VeYizGmT\/rDt7rXbe9Gvg0bs7cCzKvh3nLNc7lfkw3Toxu3h2m\/NqvAJNkxLRmrtfxw68cyy4lkHhL2NLL3Y19jvp2qm25mZVgwcJylB9Dlvk0ReqgeiL8E1GyKZ+bYJb4PW+X45ewaJrdYFgGv4wXMALgABAAAOEACfABwIAwAADhBdCiqqXOKPrjDwCHdlYmVyZG5zAmRlALY71RRfBids18YMqfb3pDV95vjCv9gQTwdXg7KIz9hcjsWC4LdX4rCK4Rics7xQ5QaBNODVJNd5alz0R5hMDerxbEpzVvoggNs6EwCYRezdSpP5C3DJFx6i88C2SQ=="}
01036{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1558968010233766,"flow_src_last_pkt_time":1558968010233766,"flow_dst_last_pkt_time":1558968010234445,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1558968010234445,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c03::10a","dst_ip":"2001:470:765b::a25:53","src_port":46433,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"pa.weberlab.de","dns": {"num_queries":1,"num_answers":14,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"32.1.4.112"}}}
00212{"error_event_id":12,"error_event_name":"nDPI IPv6\/L4 payload detection failed","datalink":1,"packet_id":6,"source":"dns_fragmented.pcap","alias":"nDPId-test","l4_data_len":89,"global_ts_usec":1558968010234463}
00312{"error_event_id":12,"error_event_name":"nDPI IPv6\/L4 payload detection failed","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1558968010234463,"packet_id":6,"source":"dns_fragmented.pcap","alias":"nDPId-test","l4_data_len":89,"global_ts_usec":1558968010234463}
00446{"packet_event_id":1,"packet_event_name":"packet","packet_id":6,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":123,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":123,"pkt_l4_len":0,"thread_ts_usec":1558968010234445,"pkt":"AIac51UUAAwpil3Xht1gB4f9AEUsQCABBHB2WwAAAAAAAAolAFMqABRQQBMMAwAAAAAAAAEKEQAFqChAPAtderZqHOphjXllMk8sHswGkSaaDoR\/AL9bqSnISQXKcnns5gAAKRAAAACAAAAPAAgACwACOAAgAQRwHwsW"}
00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1558968018074594,"flow_src_last_pkt_time":1558968018074594,"flow_dst_last_pkt_time":1558968018074594,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":59,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":59,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1558968018074594,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c06::105","dst_ip":"2001:470:765b::a25:53","src_port":63369,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1558968018074594,"flow_dst_last_pkt_time":1558968018074594,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":121,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":121,"pkt_l4_len":67,"thread_ts_usec":1558968018074594,"pkt":"AAwpil3XAIac51UUht1gCQGuAEMRayoAFFBAEwwGAAAAAAAAAQUgAQRwdlsAAAAAAAAKJQBT94kANQBDODsKMgAQAAEAAAAAAAEDZmcyCHdlYmVybGFiAmRlAAABAAEAACkQAAAAgAAADwAIAAsAAjgAIAEEcB8LFg=="}
01017{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1558968018074594,"flow_src_last_pkt_time":1558968018074594,"flow_dst_last_pkt_time":1558968018074594,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":59,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":59,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1558968018074594,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c06::105","dst_ip":"2001:470:765b::a25:53","src_port":63369,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"fg2.weberlab.de","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
02485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1558968018074594,"flow_dst_last_pkt_time":1558968018075178,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1510,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":1510,"pkt_l4_len":1448,"thread_ts_usec":1558968018075178,"pkt":"AIac51UUAAwpil3Xht1gAmIVBbAsQCABBHB2WwAAAAAAAAolAFMqABRQQBMMBgAAAAAAAAEFEQAAASR\/DLMANfeJBdraSAoyhBAAAQACAAMACQNmZzIId2ViZXJsYWICZGUAAAEAAcAMAAEAAQAAADwABML3BArADAAuAAEAAAA8AR8AAQoDAAAAPF0J+51c4m0NkEcId2ViZXJsYWICZGUATmqKLyXYlD7oC1wjnJdPzxr55pJoGn6h+biEYxUlvjgkAKYGVr2OkUzNi9dPZZCT1\/wXWro5BadVhTNlYhGA9J99DHUUB5NEITFfyeoCqRwORKOIN8F3N4260XT5uRwPgDtpnX9J6IRQN3Hg639ASVUfreGkxN2At0j1oxD21UcoFDfwz5Fn7owm5vE3RP6EyTqHCPkRSCJvvZO+Lb6nyRwRS\/BgbrTAjIDB9gxMtXs7GIKlm\/T21iqqa\/CM0K3y9nYSv2Mbgyh+nhDaTp4WmMKZfRzP6DKGL+Myx7893ekGgWnaQNeZGzB3BTQVSEJFLULyYavsqtvSpVIspLF1IcBPAAIAAQAAADwADwNuczIId2ViZXJkbnPAWMBPAAIAAQAAADwABgNuczHBbMBPAC4AAQAAADwBHwACCgIAAAA8XQoA7FzibzWQRwh3ZWJlcmxhYgJkZQB0qMTaqgCspuIcPYiPf3BgfQDsq4tYGfT0QlWt5KJKITRcMICWR4fxmCxHuWlUNejQz2mbGhAzRSlcwKsiD4U6Q+uopuCYgHSJmt\/s0OjDPfudF4BOMw9+KVz84hDd\/4acsdDrEWjA3YvnyyflUhRrCvnRH+6JQJU80RMEvIAITMW4q+myuRsjD9B6QfjeeqqCUKrx5bwtdTeB0NT4gHxxjP3tHJ6Ez+B7TaCbOM5TtNYqTFI7mdspd2h6snRoEpvY7MK1Z3onr5DenD\/f6LB53lBHt6avjWu+uwwUOhqLcoi9In2I6kbfraddRWYM\/kcIQiOffZOZsRUnnKHK\/NLMwYMAHAABAAAOEAAQIAEEcHZbAAAAAAAACiUAU8FoABwAAQAADhAAECABBHAfCxawAAAAAAomAFPBgwABAAEAAA4QAATBGOPuwWgAAQABAAAOEAAEwvcFDsGDAC4AAQAADhAAnwABCAMAAA4QXQoqqlzij64w8Ah3ZWJlcmRucwJkZQCxSs6jI4fQc085O7XtX7BRqKJPIVj7R9A4dqni5pD4gtNCWOOQ49jwEV7+OJGrV9+bQHl4OIsfEGbPnNRiHD2rU2g12XuiewoGY6BET\/nnDTpid7zS7Y\/LN1BquV9W+umqOKnWTehPA142KT1sXmg\/uimXe8rUIwZkTczjR1eAjcGDAC4AAQAADhAAnwAcCAMAAA4QXQoqqlzij64w8Ah3ZWJlcmRucwJkZQBBD7f476TWGU2sVH\/4at2erVKbOlwQPWLt9uQcMty7pDI7Tp7ZMWePK7xTYo+\/SKKtxGxsQm+Dw9BFS7QOZSkelOvY2K3W7IddWoZiKuHNL6ASQClSZKX4qKmE15GQqaQ+Q1hJxXO\/t3ZgmbUep+3HS0TBl3lNHnu26Kn\/p7RtMsFoAC4AAQAADhAAnwABCAMAAA4QXQoqqlzij64w8Ah3ZWJlcmRucwJkZQAHW3hBW4NpYOIt651fuskLdlXmIsxpk\/6w7e6123vRr4NG7O3Asyr4d5yzXO5X5MN06Mbt4dpvzarwCTZMS0Zq7X8cOvHMsuJZB4S9jSy92NfY76dqptuZmVYMHCcpQfQ5b5NEXqoHoi\/BNRsimfm2CW+D1vl+OXsGia3WBYBr+MFoAC4AAQAADhAAnwAcCAMAAA4QXQoqqlzij64w8Ah3ZWJlcmRucwJkZQC2O9UUXwYnbNfGDKn296Q1feb4wr\/YEE8HV4OyiM\/YXI7FguC3V+KwiuEYnLO8UOUGgTTg1STXeWpc9EeYTA3q8WxKc1b6IIDbOhMAmEXs3UqT+QtwyRceovPAtklderZqHOphjXllMg=="}
01037{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1558968018074594,"flow_src_last_pkt_time":1558968018074594,"flow_dst_last_pkt_time":1558968018075178,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":59,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":59,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1558968018075178,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c06::105","dst_ip":"2001:470:765b::a25:53","src_port":63369,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"fg2.weberlab.de","dns": {"num_queries":1,"num_answers":14,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"194.247.4.10"}}}
00212{"error_event_id":12,"error_event_name":"nDPI IPv6\/L4 payload detection failed","datalink":1,"packet_id":9,"source":"dns_fragmented.pcap","alias":"nDPId-test","l4_data_len":78,"global_ts_usec":1558968018075197}
00312{"error_event_id":12,"error_event_name":"nDPI IPv6\/L4 payload detection failed","datalink":1,"threshold_n":3,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1558968018075197,"packet_id":9,"source":"dns_fragmented.pcap","alias":"nDPId-test","l4_data_len":78,"global_ts_usec":1558968018075197}
00435{"packet_event_id":1,"packet_event_name":"packet","packet_id":9,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":112,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":112,"pkt_l4_len":0,"thread_ts_usec":1558968018075178,"pkt":"AIac51UUAAwpil3Xht1gAmIVADosQCABBHB2WwAAAAAAAAolAFMqABRQQBMMBgAAAAAAAAEFEQAFqCR\/DLNPLB7MBpEmmg6EfwC\/W6kpyEkFynJ57OYAACkQAAAAgAAADwAIAAsAAjgAIAEEcB8LFg=="}
00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1558968019069107,"flow_src_last_pkt_time":1558968019069107,"flow_dst_last_pkt_time":1558968019069107,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":59,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":59,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1558968019069107,"l3_proto":"ip4","src_ip":"173.194.169.104","dst_ip":"193.24.227.238","src_port":59464,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1558968019069107,"flow_dst_last_pkt_time":1558968019069107,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"thread_ts_usec":1558968019069107,"pkt":"AAwpil3XAIac51UUCABFAABXnz0AAGwRsyatwqlowRjj7uhIADUAQ+SwoX0AEAABAAAAAAABA2ZnMgh3ZWJlcmxhYgJkZQAAAQABAAApEAAAAIAAAA8ACAALAAI4ACABBHAfCxY="}
01009{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1558968019069107,"flow_src_last_pkt_time":1558968019069107,"flow_dst_last_pkt_time":1558968019069107,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":59,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":59,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1558968019069107,"l3_proto":"ip4","src_ip":"173.194.169.104","dst_ip":"193.24.227.238","src_port":59464,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","proto_id":"5.126","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fg2.weberlab.de","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
02485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1558968019069107,"flow_dst_last_pkt_time":1558968019069715,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1558968019069715,"pkt":"AIac51UUAAwpil3XCABFAAXc4hEgAEARds3BGOPurcKpaAA16EgF2oW\/oX2EEAABAAIAAwAJA2ZnMgh3ZWJlcmxhYgJkZQAAAQABwAwAAQABAAAAPAAEwvcECsAMAC4AAQAAADwBHwABCgMAAAA8XQn7nVzibQ2QRwh3ZWJlcmxhYgJkZQBOaoovJdiUPugLXCOcl0\/PGvnmkmgafqH5uIRjFSW+OCQApgZWvY6RTM2L109lkJPX\/BdaujkFp1WFM2ViEYD0n30MdRQHk0QhMV\/J6gKpHA5Eo4g3wXc3jbrRdPm5HA+AO2mdf0nohFA3ceDrf0BJVR+t4aTE3YC3SPWjEPbVRygUN\/DPkWfujCbm8TdE\/oTJOocI+RFIIm+9k74tvqfJHBFL8GButMCMgMH2DEy1ezsYgqWb9PbWKqpr8IzQrfL2dhK\/YxuDKH6eENpOnhaYwpl9HM\/oMoYv4zLHvz3d6QaBadpA15kbMHcFNBVIQkUtQvJhq+yq29KlUiyksXUhwE8AAgABAAAAPAAPA25zMQh3ZWJlcmRuc8BYwE8AAgABAAAAPAAGA25zMsFswE8ALgABAAAAPAEfAAIKAgAAADxdCgDsXOJvNZBHCHdlYmVybGFiAmRlAHSoxNqqAKym4hw9iI9\/cGB9AOyri1gZ9PRCVa3kokohNFwwgJZHh\/GYLEe5aVQ16NDPaZsaEDNFKVzAqyIPhTpD66im4JiAdIma3+zQ6MM9+50XgE4zD34pXPziEN3\/hpyx0OsRaMDdi+fLJ+VSFGsK+dEf7olAlTzREwS8gAhMxbir6bK5GyMP0HpB+N56qoJQqvHlvC11N4HQ1PiAfHGM\/e0cnoTP4HtNoJs4zlO01ipMUjuZ2yl3aHqydGgSm9jswrVneievkN6cP9\/osHneUEe3pq+Na767DBQ6GotyiL0ifYjqRt+tp11FZgz+RwhCI599k5mxFSecocr80szBaAABAAEAAA4QAATBGOPuwYMAAQABAAAOEAAEwvcFDsFoABwAAQAADhAAECABBHB2WwAAAAAAAAolAFPBgwAcAAEAAA4QABAgAQRwHwsWsAAAAAAKJgBTwWgALgABAAAOEACfAAEIAwAADhBdCiqqXOKPrjDwCHdlYmVyZG5zAmRlALFKzqMjh9BzTzk7te1fsFGook8hWPtH0Dh2qeLmkPiC00JY45Dj2PARXv44katX35tAeXg4ix8QZs+c1GIcPatTaDXZe6J7CgZjoERP+ecNOmJ3vNLtj8s3UGq5X1b66ao4qdZN6E8DXjYpPWxeaD+6KZd7ytQjBmRNzONHV4CNwWgALgABAAAOEACfABwIAwAADhBdCiqqXOKPrjDwCHdlYmVyZG5zAmRlAEEPt\/jvpNYZTaxUf\/hq3Z6tUps6XBA9Yu325Bwy3LukMjtOntkxZ48rvFNij79Ioq3EbGxCb4PD0EVLtA5lKR6U69jYrdbsh11ahmIq4c0voBJAKVJkpfioqYTXkZCppD5DWEnFc7+3dmCZtR6n7cdLRMGXeU0ee7boqf+ntG0ywYMALgABAAAOEACfAAEIAwAADhBdCiqqXOKPrjDwCHdlYmVyZG5zAmRlAAdbeEFbg2lg4i3rnV+6yQt2VeYizGmT\/rDt7rXbe9Gvg0bs7cCzKvh3nLNc7lfkw3Toxu3h2m\/NqvAJNkxLRmrtfxw68cyy4lkHhL2NLL3Y19jvp2qm25mZVgwcJylB9Dlvk0ReqgeiL8E1GyKZ+bYJb4PW+X45ewaJrdYFgGv4wYMALgABAAAOEACfABwIAwAADhBdCiqqXOKPrjDwCHdlYmVyZG5zAmRlALY71RRfBids18YMqfb3pDV95vjCv9gQTwdXg7KIz9hcjsWC4LdX4rCK4Rics7xQ5QaBNODVJNd5alz0R5hMDerxbEpzVvoggNs6EwCYRezdSpP5C3DJFx6i88C2SV16tmoc6mGNeWUyTywezAaRJpoOhH8Av1upKchJBcpyeezmAAApEAAAAIA="}
01029{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1558968019069107,"flow_src_last_pkt_time":1558968019069107,"flow_dst_last_pkt_time":1558968019069715,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":59,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":1472,"flow_src_tot_l4_payload_len":59,"flow_dst_tot_l4_payload_len":1472,"midstream":0,"thread_ts_usec":1558968019069715,"l3_proto":"ip4","src_ip":"173.194.169.104","dst_ip":"193.24.227.238","src_port":59464,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","proto_id":"5.126","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fg2.weberlab.de","dns": {"num_queries":1,"num_answers":14,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"194.247.4.10"}}}
00212{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":12,"source":"dns_fragmented.pcap","alias":"nDPId-test","l4_data_len":18,"global_ts_usec":1558968019069732}
00312{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":4,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1558968019069732,"packet_id":12,"source":"dns_fragmented.pcap","alias":"nDPId-test","l4_data_len":18,"global_ts_usec":1558968019069732}
00351{"packet_event_id":1,"packet_event_name":"packet","packet_id":12,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_usec":1558968019069715,"pkt":"AIac51UUAAwpil3XCABFAAAm4hEAuUARm8rBGOPurcKpaAAADwAIAAsAAjgAIAEEcB8LFg=="}
00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1558968021013672,"flow_src_last_pkt_time":1558968021013672,"flow_dst_last_pkt_time":1558968021013672,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":59,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":59,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1558968021013672,"l3_proto":"ip6","src_ip":"2a00:1450:400c:c00::106","dst_ip":"2001:470:765b::a25:53","src_port":54430,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1558968021013672,"flow_dst_last_pkt_time":1558968021013672,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":121,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":121,"pkt_l4_len":67,"thread_ts_usec":1558968021013672,"pkt":"AAwpil3XAIac51UUht1gBi\/8AEMRayoAFFBADAwAAAAAAAAAAQYgAQRwdlsAAAAAAAAKJQBT1J4ANQBDpiukOAAQAAEAAAAAAAEDZmcyCHdlYmVybGFiAmRlAAAcAAEAACkQAAAAgAAADwAIAAsAAjgAIAEEcB8LFg=="}
@@ -38,7 +38,7 @@
01004{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1558968021026749,"flow_src_last_pkt_time":1558968021026749,"flow_dst_last_pkt_time":1558968021026749,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1558968021026749,"l3_proto":"ip4","src_ip":"74.125.47.136","dst_ip":"193.24.227.238","src_port":59330,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","proto_id":"5.126","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"weberlab.de","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":48,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
02500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1558968021026749,"flow_dst_last_pkt_time":1558968021027012,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1558968021027012,"pkt":"AIac51UUAAwpil3XCABFAAXciTwgAEARrMjBGOPuSn0viAA158IGrsPBFaiEEAABAAQAAAABCHdlYmVybGFiAmRlAAAwAAHADAAwAAEAAAA8AQgBAAMKAwEAAdBU3CjxUKw7SeYza7cxyq\/Xg3znVQsMzuF\/UeLaigOubtJHhxhL+m129IxQkTKo8JRIXcKXD+aViztiml8+8BPCXFNPftFpdFCzBRNGHj\/ca1g\/Flck6v5avafB\/hGqbWKY2LEGKb5ktYWGj8JB0mrKGqDZVPyieC0dYVv02iOaOvUhdl7QtgVybR3V6gHlhoG0BxG+GbjUp+NyPClbuMOIwflbVGB5946PyQGQgnGNX2L1MHumOaYC\/D3UnyzQZNMmqj85GwDNPwEeDfLq6wm1BUfx7MwwcEVuO2B0YmUyiPiSfUoGTwm2P1nGNMhlYij3bY9VvyxCqPQnK0s5Tr3ADAAwAAEAAAA8AggBAQMKAwEAAd3v\/e0irXYKOwtYEB3VPe7z99qvi5le9\/y1XXyplp5y\/5xaqrm\/relG8pgx8GsNW2IgviJKAJ6UiU45ERKoH+fz2qf2SUFHFWwkweiWyLZ4EZHhowviCEx94P4OswNKXmdYHe38rlHPa+3OypW9gYfR9lhCKK3neCPq8\/aFFsTTI7dQ+Q2kERWiCMCybl4WOwsBo\/RlnPM4yufMKIlABiM5NWQPNmI6jYzAYpYoyUhd9HnnIIDlNQ89HpXQdFmysMraXYb7qDOoOEiOodttKH0y\/vtJ2SRU05RF4AEumacIUzAi5LL2cMQxC7t7rlDI4X42NRfOLAqGuOeclFjzqz3OdAJWeg\/AAnSbb02AGCkQ370TX1hWveAXt6xpPWOLgHXSLIF\/lz+wl+Dm8ZNWDnn5zEJuEj3xova1g8zmRXJOmqA6VhGqewxF8c+yKeNEOHz4X4\/RLmWHIuEbvboP00Dk5A9bhyZGVsytOJg+NwhFQtvBWLmD82FFtfSt2vmbFFNwAZOnRZWJOG9L7TFcGIm1OEULmohUyFLsBGMXDFOu1k0o6pqm495tsBuMyJNpfdQoPwOkUpsKi6jmNq6vRjvvNiJbcFylTQrqHGTGuOopuUsBbUXj\/nOr4I6j42k6GDIuTyLDkaVrdrxXmGnfNnStdqWmvHXo\/YFwdls9bcT7wAwALgABAAAAPAIfADAKAgAAADxdChURXOJ+MzN7CHdlYmVybGFiAmRlAB+yP4V\/njTX1ZrAUX52Q4ppNzTYQFwUb\/fZ7UyQYLNxrrstLuUEImGhNwZoGn47E0jCxJscYiApT\/lYiL2L1ySUl4RKqHIjPNuYuibs67t5ZabkYsahlYEA\/lOcM3eIQx9pu5Og7p1d2yBSUETOBiGw2mFf2+ESni6Ue4XPXEEYzAhiMRhuYOJAy8gBqoPjkRBcJfWJSQLCsK1uYySkTZfbAzgJeVM0nXd6azgG0BhRE+LeaO6rN3QVHDtfgnwRdZ0mqwEcP9Ixz7o9MUVSKZ24Kp1QfS5nvEHn5PilNALbZYZOO0cQAeV8BhlxVuALLDecEOLC8sY1mx6ozY5\/aRypyHA9HCrJT0qIHJwgtxE7ldoWyzsz32MKgZvCYMZSPOXK\/W3p61FPtD4iT4Id6xXDvyRuALL3waMUMwy3mSjXDHAdpXWaCOMfYx2IzRk4rN5TDQtUohYwaoSbystwDYKnhZGi9jS0G8FObyWhTrKCl7aTkMBaFEejCh0dfD5WJP+MDS\/TR32BG0S+GtGTl4n1Y8wgyP7nkz3\/REcevkIvpJRUImVc8A\/VPTI+9KvBSkoLPA9Za\/IpqUpgDVsKWU5bp0V0TdEryxvtwOnVXXdH0\/hJMgIgWhmZzY2\/UVoRBVGptWsAIhn5sO+UhcjvZ41p3t\/1mWp23BdUACblNtHcw2MALgABAAAAPAEfADAKAgAAADxdChURXOJ+M5BHCHdlYmVybGFiAmRlAHoYKuiyNMNSWsfXwtRR8n\/pKy73at02yEwt1EoWyfptV8sUoxs="}
01019{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1558968021026749,"flow_src_last_pkt_time":1558968021026749,"flow_dst_last_pkt_time":1558968021027012,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":1472,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":1472,"midstream":0,"thread_ts_usec":1558968021027012,"l3_proto":"ip4","src_ip":"74.125.47.136","dst_ip":"193.24.227.238","src_port":59330,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","proto_id":"5.126","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"weberlab.de","dns": {"num_queries":1,"num_answers":5,"reply_code":0,"query_type":48,"rsp_type":48,"rsp_addr":"0.0.0.0"}}}
00213{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":17,"source":"dns_fragmented.pcap","alias":"nDPId-test","l4_data_len":230,"global_ts_usec":1558968021027052}
00313{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":5,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1558968021027052,"packet_id":17,"source":"dns_fragmented.pcap","alias":"nDPId-test","l4_data_len":230,"global_ts_usec":1558968021027052}
00634{"packet_event_id":1,"packet_event_name":"packet","packet_id":17,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":264,"pkt_l4_len":0,"thread_ts_usec":1558968021027012,"pkt":"AIac51UUAAwpil3XCABFAAD6iTwAuUAR0PHBGOPuSn0viJJWaQ8FS9tIHo+oVjY51cy6+fgiJNB2zCSb2h1J8D40RJyUZYc0lguNGrMzvogBYnbxInuDKD2B8SGaumxsynJulBSZTde74knucmk+7g4DbM0zyfRD0W3RhD3u0NFdji\/0zmiI817VkCE2GpVvuL3F8KDCC+EMYjJlOHqM+STJxPq9ZF8xJcVITkC6EY6CdRmYmQdqvRYWzDXPjGtyu5XT13H1VC8IJisNUehBDr2PeppANUdXFlyqVQ6mARL6UnTBT0xam7DpmuxycO7BOql2rC7KBJb4lykg9AAAKRAAAACAAAAA"}
00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1558968031134211,"flow_src_last_pkt_time":1558968031134211,"flow_dst_last_pkt_time":1558968031134211,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":59,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":59,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1558968031134211,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c05::10e","dst_ip":"2001:470:765b::a25:53","src_port":34944,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1558968031134211,"flow_dst_last_pkt_time":1558968031134211,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":121,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":121,"pkt_l4_len":67,"thread_ts_usec":1558968031134211,"pkt":"AAwpil3XAIac51UUht1gCRS7AEMRbCoAFFBAEwwFAAAAAAAAAQ4gAQRwdlsAAAAAAAAKJQBTiIAANQBD+GeeBgAQAAEAAAAAAAEDZmcyCHdlYmVybGFiAmRlAAAcAAEAACkQAAAAgAAADwAIAAsAAjgAIAEEcB8LFg=="}
@@ -104,14 +104,14 @@
00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_src_last_pkt_time":1560869905222619,"flow_dst_last_pkt_time":1560869900222469,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":114,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":114,"pkt_l4_len":60,"thread_ts_usec":1560869905222619,"pkt":"CFsOoYNeAAwpfKTLht1gDZ0NADwRQCABBHAfCxawAgwp\/\/58pMsgAQRwdlsAAAAAAAAKJQBT2bEANQA8zxHCoAEgAAEAAAAAAAEId2ViZXJsYWICZGUAADAAAQAAKRAAAACAAAAMAAoACPFs5uYvfUZc"}
02472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_src_last_pkt_time":1560869905222619,"flow_dst_last_pkt_time":1560869905232984,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1494,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":1494,"pkt_l4_len":1432,"thread_ts_usec":1560869905232984,"pkt":"AAwpfKTLCFsOoYNeht1gC9IyBaAsPCABBHB2WwAAAAAAAAolAFMgAQRwHwsWsAIMKf\/+fKTLEQAAAQAABpoANdmxBspAOcKghQAAAQAEAAAAAQh3ZWJlcmxhYgJkZQAAMAABwAwAMAABAAAAPAIIAQEDCgMBAAHd7\/3tIq12CjsLWBAd1T3u8\/far4uZXvf8tV18qZaecv+cWqq5v63pRvKYMfBrDVtiIL4iSgCelIlOORESqB\/n89qn9klBRxVsJMHolsi2eBGR4aML4ghMfeD+DrMDSl5nWB3t\/K5Rz2vtzsqVvYGH0fZYQiit53gj6vP2hRbE0yO3UPkNpBEVogjAsm5eFjsLAaP0ZZzzOMrnzCiJQAYjOTVkDzZiOo2MwGKWKMlIXfR55yCA5TUPPR6V0HRZsrDK2l2G+6gzqDhIjqHbbSh9Mv77SdkkVNOUReABLpmnCFMwIuSy9nDEMQu7e65QyOF+NjUXziwKhrjnnJRY86s9znQCVnoPwAJ0m29NgBgpEN+9E19YVr3gF7esaT1ji4B10iyBf5c\/sJfg5vGTVg55+cxCbhI98aL2tYPM5kVyTpqgOlYRqnsMRfHPsinjRDh8+F+P0S5lhyLhG726D9NA5OQPW4cmRlbMrTiYPjcIRULbwVi5g\/NhRbX0rdr5mxRTcAGTp0WViThvS+0xXBiJtThFC5qIVMhS7ARjFwxTrtZNKOqapuPebbAbjMiTaX3UKD8DpFKbCouo5jaur0Y77zYiW3BcpU0K6hxkxrjqKblLAW1F4\/5zq+COo+NpOhgyLk8iw5Gla3a8V5hp3zZ0rXalprx16P2BcHZbPW3E+8AMADAAAQAAADwBCAEAAwoDAQAB0FTcKPFQrDtJ5jNrtzHKr9eDfOdVCwzO4X9R4tqKA65u0keHGEv6bXb0jFCRMqjwlEhdwpcP5pWLO2KaXz7wE8JcU09+0Wl0ULMFE0YeP9xrWD8WVyTq\/lq9p8H+EaptYpjYsQYpvmS1hYaPwkHSasoaoNlU\/KJ4LR1hW\/TaI5o69SF2XtC2BXJtHdXqAeWGgbQHEb4ZuNSn43I8KVu4w4jB+VtUYHn3jo\/JAZCCcY1fYvUwe6Y5pgL8PdSfLNBk0yaqPzkbAM0\/AR4N8urrCbUFR\/HszDBwRW47YHRiZTKI+JJ9SgZPCbY\/WcY0yGViKPdtj1W\/LEKo9CcrSzlOvcAMAC4AAQAAADwCHwAwCgIAAAA8XSexsF0AI8Ezewh3ZWJlcmxhYgJkZQDDZMohasNCzdZy+qXT+i9EuX\/inlaoHckoPQ6pZUM55HOKiXWwbCF2bgR2vTatltfgdQMYsjHLb9y8\/8K16x1bINo7jHhPhiQ3mZPnhRDbC819\/mg\/DAJlEfo4\/PIHroaOXHkEsxclA3Sfl5XzqMY8dIIjCMSIRohmpz3ajd1g8Q5nPhvruiTi3rbkkaFuvAu6JBazSxvplBTGRsLiwD\/keT1H0ch7BVc1oZ6xmkqy68vIsD63Fj1r1Prt7pmrCHTCuEgsO78D9dCQuWCLkJQxGUVXJj5CI3Hv7xFFgpu2WdK7EiEBH5rHphjb8hJPFep1cggzgdSO7gr4PL16UQJ4paFWEovlSSSKN6CqV0KlzY5UKpoC4bOcRMiiujkcgLRcJzDNjTcP59699eiRBYcnSUNu7NR\/AQOsLe1gcGBMYVI28uXABijFJJPUYQFFRKKQYYy7U8augfodJClNM+5PjDrN7VUaoyW\/CtbFigLZaje\/SbLFkod9oTkuhnetL7fyEnlGfxKmEZ218qPcsKDJRrRyymc+WdZ+tPcZvQXr6AVS7RZSoUTV\/+5dVd2kWuuF2w5rsnAIOU3wwIEPhsTwq9njhb9Bp9jOMH3FFbo4srNvY4pocOs9Lic1Os813bu7VyQz3Nrv\/xfPOPvvG\/\/ufcPEO13FnB7dwg\/ymTeeu8NjAC4AAQAAADwBHwAwCgIAAAA8XSexsF0AI8GQRwh3"}
01046{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":38,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1560869900222469,"flow_src_last_pkt_time":1560869905222619,"flow_dst_last_pkt_time":1560869905232984,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":1424,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":1424,"midstream":0,"thread_ts_usec":1560869905232984,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":55729,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"weberlab.de","dns": {"num_queries":1,"num_answers":5,"reply_code":0,"query_type":48,"rsp_type":48,"rsp_addr":"0.0.0.0"}}}
00214{"error_event_id":12,"error_event_name":"nDPI IPv6\/L4 payload detection failed","datalink":1,"packet_id":39,"source":"dns_fragmented.pcap","alias":"nDPId-test","l4_data_len":334,"global_ts_usec":1560869905233034}
00314{"error_event_id":12,"error_event_name":"nDPI IPv6\/L4 payload detection failed","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1560869905233034,"packet_id":39,"source":"dns_fragmented.pcap","alias":"nDPId-test","l4_data_len":334,"global_ts_usec":1560869905233034}
00779{"packet_event_id":1,"packet_event_name":"packet","packet_id":39,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":368,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":368,"pkt_l4_len":0,"thread_ts_usec":1560869905232984,"pkt":"AAwpfKTLCFsOoYNeht1gC9IyATosPCABBHB2WwAAAAAAAAolAFMgAQRwHwsWsAIMKf\/+fKTLEQAFmAAABpplYmVybGFiAmRlAKU8TJxFacYrnzjzribJyhzI\/PZTM81o7M0N53bVhGij+9zhJRNeoUG2ZbhJAUMEBAu7geapxJ7U1z+UqhkFSi8Qu6jROnMih5xzmixXOjO2RiHT8eMzQMHqilreexmdz+7rH4jCggpAg2YenRMzpvhrf0+OEWUNhwq6dNYVlNWg1Yf1oxCRsZ6Xiq2pemle4KOkgobWECgdELaMnIZKUJ0WtpAZJuCbAIPvak3YgHcNPR4Sbx1lKRTPW6QxjFsHJ5X\/B6mNMVtqG97wzaO\/ugVwH81Qt2Llpj5Wb873AtMbd7OQYLwhJ7fhxJ9xNJn6SlVRp6C+1P2Wyu\/7U0mgP+sAACkQAAAAgAAAHAAKABjxbObmL31GXCozdz5dCPwRZU4FwINgbJY="}
00762{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1560869910534637,"flow_src_last_pkt_time":1560869910534637,"flow_dst_last_pkt_time":1560869910534637,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1560869910534637,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"193.24.227.238","src_port":51791,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1560869910534637,"flow_dst_last_pkt_time":1560869910534637,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_usec":1560869910534637,"pkt":"CFsOoYNeAAwpfKTLCABFAABQVdgAAEARt8DC9wUGwRjj7spPADUAPG1Sic4BIAABAAAAAAABCHdlYmVybGFiAmRlAAAwAAEAACkQAAAAgAAADAAKAAgdxATcWA6WbA=="}
00997{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":40,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1560869910534637,"flow_src_last_pkt_time":1560869910534637,"flow_dst_last_pkt_time":1560869910534637,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1560869910534637,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"193.24.227.238","src_port":51791,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"weberlab.de","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":48,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
02498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_src_last_pkt_time":1560869910534637,"flow_dst_last_pkt_time":1560869910547607,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1560869910547607,"pkt":"AAwpfKTLCFsOoYNeCABFAAXc3KUgAEARC2fBGOPuwvcFBgA1yk8Gysn4ic6FAAABAAQAAAABCHdlYmVybGFiAmRlAAAwAAHADAAwAAEAAAA8AQgBAAMKAwEAAdBU3CjxUKw7SeYza7cxyq\/Xg3znVQsMzuF\/UeLaigOubtJHhxhL+m129IxQkTKo8JRIXcKXD+aViztiml8+8BPCXFNPftFpdFCzBRNGHj\/ca1g\/Flck6v5avafB\/hGqbWKY2LEGKb5ktYWGj8JB0mrKGqDZVPyieC0dYVv02iOaOvUhdl7QtgVybR3V6gHlhoG0BxG+GbjUp+NyPClbuMOIwflbVGB5946PyQGQgnGNX2L1MHumOaYC\/D3UnyzQZNMmqj85GwDNPwEeDfLq6wm1BUfx7MwwcEVuO2B0YmUyiPiSfUoGTwm2P1nGNMhlYij3bY9VvyxCqPQnK0s5Tr3ADAAwAAEAAAA8AggBAQMKAwEAAd3v\/e0irXYKOwtYEB3VPe7z99qvi5le9\/y1XXyplp5y\/5xaqrm\/relG8pgx8GsNW2IgviJKAJ6UiU45ERKoH+fz2qf2SUFHFWwkweiWyLZ4EZHhowviCEx94P4OswNKXmdYHe38rlHPa+3OypW9gYfR9lhCKK3neCPq8\/aFFsTTI7dQ+Q2kERWiCMCybl4WOwsBo\/RlnPM4yufMKIlABiM5NWQPNmI6jYzAYpYoyUhd9HnnIIDlNQ89HpXQdFmysMraXYb7qDOoOEiOodttKH0y\/vtJ2SRU05RF4AEumacIUzAi5LL2cMQxC7t7rlDI4X42NRfOLAqGuOeclFjzqz3OdAJWeg\/AAnSbb02AGCkQ370TX1hWveAXt6xpPWOLgHXSLIF\/lz+wl+Dm8ZNWDnn5zEJuEj3xova1g8zmRXJOmqA6VhGqewxF8c+yKeNEOHz4X4\/RLmWHIuEbvboP00Dk5A9bhyZGVsytOJg+NwhFQtvBWLmD82FFtfSt2vmbFFNwAZOnRZWJOG9L7TFcGIm1OEULmohUyFLsBGMXDFOu1k0o6pqm495tsBuMyJNpfdQoPwOkUpsKi6jmNq6vRjvvNiJbcFylTQrqHGTGuOopuUsBbUXj\/nOr4I6j42k6GDIuTyLDkaVrdrxXmGnfNnStdqWmvHXo\/YFwdls9bcT7wAwALgABAAAAPAIfADAKAgAAADxdJ7GwXQAjwTN7CHdlYmVybGFiAmRlAMNkyiFqw0LN1nL6pdP6L0S5f+KeVqgdySg9DqllQznkc4qJdbBsIXZuBHa9Nq2W1+B1AxiyMctv3Lz\/wrXrHVsg2juMeE+GJDeZk+eFENsLzX3+aD8MAmUR+jj88geuho5ceQSzFyUDdJ+XlfOoxjx0giMIxIhGiGanPdqN3WDxDmc+G+u6JOLetuSRoW68C7okFrNLG+mUFMZGwuLAP+R5PUfRyHsFVzWhnrGaSrLry8iwPrcWPWvU+u3umasIdMK4SCw7vwP10JC5YIuQlDEZRVcmPkIjce\/vEUWCm7ZZ0rsSIQEfmsemGNvyEk8V6nVyCDOB1I7uCvg8vXpRAniloVYSi+VJJIo3oKpXQqXNjlQqmgLhs5xEyKK6ORyAtFwnMM2NNw\/n3r316JEFhydJQ27s1H8BA6wt7WBwYExhUjby5cAGKMUkk9RhAUVEopBhjLtTxq6B+h0kKU0z7k+MOs3tVRqjJb8K1sWKAtlqN79JssWSh32hOS6Gd60vt\/ISeUZ\/EqYRnbXyo9ywoMlGtHLKZz5Z1n609xm9BevoBVLtFlKhRNX\/7l1V3aRa64XbDmuycAg5TfDAgQ+GxPCr2eOFv0Gn2M4wfcUVujiys29jimhw6z0uJzU6zzXdu7tXJDPc2u\/\/F884++8b\/+59w8Q7XcWcHt3CD\/KZN567w2MALgABAAAAPAEfADAKAgAAADxdJ7GwXQAjwZBHCHdlYmVybGFiAmRlAKU8TJxFacYrnzjzribJyhzI\/PZTM81o7M0N53bVhGij+9zhJRM="}
01012{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":41,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1560869910534637,"flow_src_last_pkt_time":1560869910534637,"flow_dst_last_pkt_time":1560869910547607,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":1472,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":1472,"midstream":0,"thread_ts_usec":1560869910547607,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"193.24.227.238","src_port":51791,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"weberlab.de","dns": {"num_queries":1,"num_answers":5,"reply_code":0,"query_type":48,"rsp_type":48,"rsp_addr":"0.0.0.0"}}}
00213{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":42,"source":"dns_fragmented.pcap","alias":"nDPId-test","l4_data_len":258,"global_ts_usec":1560869910547645}
00313{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1560869910547645,"packet_id":42,"source":"dns_fragmented.pcap","alias":"nDPId-test","l4_data_len":258,"global_ts_usec":1560869910547645}
00680{"packet_event_id":1,"packet_event_name":"packet","packet_id":42,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":292,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":292,"pkt_l4_len":0,"thread_ts_usec":1560869910547607,"pkt":"AAwpfKTLCFsOoYNeCABFAAEW3KUAuUARL3TBGOPuwvcFBl6hQbZluEkBQwQEC7uB5qnEntTXP5SqGQVKLxC7qNE6cyKHnHOaLFc6M7ZGIdPx4zNAweqKWt57GZ3P7usfiMKCCkCDZh6dEzOm+Gt\/T44RZQ2HCrp01hWU1aDVh\/WjEJGxnpeKral6aV7go6SChtYQKB0QtoychkpQnRa2kBkm4JsAg+9qTdiAdw09HhJvHWUpFM9bpDGMWwcnlf8HqY0xW2ob3vDNo7+6BXAfzVC3YuWmPlZvzvcC0xt3s5BgvCEnt+HEn3E0mfpKVVGnoL7U\/ZbK7\/tTSaA\/6wAAKRAAAACAAAAcAAoAGB3EBNxYDpZslD4VVl0I\/BakNFp6chM\/YQ=="}
00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1560869913732416,"flow_src_last_pkt_time":1560869913732416,"flow_dst_last_pkt_time":1560869913732416,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1560869913732416,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":60550,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00593{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1560869913732416,"flow_dst_last_pkt_time":1560869913732416,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":106,"pkt_l4_len":52,"thread_ts_usec":1560869913732416,"pkt":"CFsOoYNeAAwpfKTLht1gCfvPADQRQCABBHAfCxawAgwp\/\/58pMsmBkcARwAAAAAAAAAAABER7IYANQA07tw\/fwEAAAEAAAAAAAEDbnMyCHdlYmVyZG5zAmRlAAAcAAEAACkCAAAAAAAAAA=="}
@@ -158,6 +158,6 @@
~~ total memory freed........: 6072901 bytes
~~ total allocations/frees...: 121777/121777
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 217 chars
~~ json string min len.......: 317 chars
~~ json string max len.......: 2505 chars
~~ json string avg len.......: 1361 chars
~~ json string avg len.......: 1411 chars

246
test/results/dnscrypt-v1-and-resolver-pings.pcap.out
View File

@@ -6,12 +6,12 @@
00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946735705348955,"flow_src_last_pkt_time":946735705348955,"flow_dst_last_pkt_time":946735705348955,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946735705348955,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":45722,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":946735705348955,"flow_dst_last_pkt_time":946735705348955,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946735705348955,"pkt":"REREREREZmZmZmZmCABFAAXcCgAgAL0Rk+4KAAABlTjkLbKaAbsGBGxVf0QBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00880{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946735705348955,"flow_src_last_pkt_time":946735705348955,"flow_dst_last_pkt_time":946735705348955,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946735705348955,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":45722,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00226{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":3,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946735705348966}
00325{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":946735705348966,"packet_id":3,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946735705348966}
00421{"packet_event_id":1,"packet_event_name":"packet","packet_id":3,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946735705348955,"pkt":"REREREREZmZmZmZmCABFAABQCgAAub0RuMEKAAABlTjkLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946735705348987,"flow_src_last_pkt_time":946735705348987,"flow_dst_last_pkt_time":946735705348987,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946735705348987,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":35495,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":946735705348987,"flow_dst_last_pkt_time":946735705348987,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946735705348987,"pkt":"REREREREZmZmZmZmCABFAAXcCgEgAL0Rk+0KAAABlTjkLYqnAbsGBJRGf0YBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00880{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946735705348987,"flow_src_last_pkt_time":946735705348987,"flow_dst_last_pkt_time":946735705348987,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946735705348987,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":35495,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00226{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":5,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946735705348993}
00325{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":946735705348993,"packet_id":5,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946735705348993}
00421{"packet_event_id":1,"packet_event_name":"packet","packet_id":5,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946735705348987,"pkt":"REREREREZmZmZmZmCABFAABQCgEAub0RuMAKAAABlTjkLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946735705349002,"flow_src_last_pkt_time":946735705349002,"flow_dst_last_pkt_time":946735705349002,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946735705349002,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":33565,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01197{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":946735705349002,"flow_dst_last_pkt_time":946735705349002,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_usec":946735705349002,"pkt":"REREREREZmZmZmZmCABFAAIcCgJAAL0Rd6wKAAABlTjkLYMdAbsCCDw8f0UBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
@@ -19,7 +19,7 @@
00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946735705349019,"flow_src_last_pkt_time":946735705349019,"flow_dst_last_pkt_time":946735705349019,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946735705349019,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":35228,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":946735705349019,"flow_dst_last_pkt_time":946735705349019,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946735705349019,"pkt":"REREREREZmZmZmZmCABFAAXcCgMgAL0Rk+sKAAABlTjkLYmcAbsGBJVVf0IBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00880{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946735705349019,"flow_src_last_pkt_time":946735705349019,"flow_dst_last_pkt_time":946735705349019,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946735705349019,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":35228,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00226{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":8,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946735705349026}
00325{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":3,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":946735705349026,"packet_id":8,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946735705349026}
00421{"packet_event_id":1,"packet_event_name":"packet","packet_id":8,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946735705349019,"pkt":"REREREREZmZmZmZmCABFAABQCgMAub0RuL4KAAABlTjkLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946735705349060,"flow_src_last_pkt_time":946735705349060,"flow_dst_last_pkt_time":946735705349060,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946735705349060,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":60301,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01197{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":946735705349060,"flow_dst_last_pkt_time":946735705349060,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_usec":946735705349060,"pkt":"REREREREZmZmZmZmCABFAAIcCgRAAL0Rd6oKAAABlTjkLeuNAbsCCDw8f0MBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
@@ -43,17 +43,17 @@
00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739299327323,"flow_src_last_pkt_time":946739299327323,"flow_dst_last_pkt_time":946739299327323,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739299327323,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":43748,"dst_port":1053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":946739299327323,"flow_dst_last_pkt_time":946739299327323,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739299327323,"pkt":"REREREREZmZmZmZmCABFAAXcFy0gAL0RDQ4KAAABPtK0R6rkBB0GBCq4ByYBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczIIaXJpc2VkZW4CZnIAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00883{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739299327323,"flow_src_last_pkt_time":946739299327323,"flow_dst_last_pkt_time":946739299327323,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739299327323,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":43748,"dst_port":1053,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00227{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":20,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739299327335}
00326{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":946739299327335,"packet_id":20,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739299327335}
00422{"packet_event_id":1,"packet_event_name":"packet","packet_id":20,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739299327323,"pkt":"REREREREZmZmZmZmCABFAABQFy0Aub0RMeEKAAABPtK0RwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739299327384,"flow_src_last_pkt_time":946739299327384,"flow_dst_last_pkt_time":946739299327384,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739299327384,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":57395,"dst_port":1053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":946739299327384,"flow_dst_last_pkt_time":946739299327384,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739299327384,"pkt":"REREREREZmZmZmZmCABFAAXcFy4gAL0RDQ0KAAABPtK0R+AzBB0GBPVqByQBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczIIaXJpc2VkZW4CZnIAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00883{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739299327384,"flow_src_last_pkt_time":946739299327384,"flow_dst_last_pkt_time":946739299327384,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739299327384,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":57395,"dst_port":1053,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00227{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":22,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739299327399}
00326{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":946739299327399,"packet_id":22,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739299327399}
00422{"packet_event_id":1,"packet_event_name":"packet","packet_id":22,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739299327384,"pkt":"REREREREZmZmZmZmCABFAABQFy4Aub0RMeAKAAABPtK0RwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739299327408,"flow_src_last_pkt_time":946739299327408,"flow_dst_last_pkt_time":946739299327408,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739299327408,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":53299,"dst_port":1053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":946739299327408,"flow_dst_last_pkt_time":946739299327408,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739299327408,"pkt":"REREREREZmZmZmZmCABFAAXcFy8gAL0RDQwKAAABPtK0R9AzBB0GBAVtByIBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczIIaXJpc2VkZW4CZnIAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00883{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739299327408,"flow_src_last_pkt_time":946739299327408,"flow_dst_last_pkt_time":946739299327408,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739299327408,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":53299,"dst_port":1053,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00227{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":24,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739299327438}
00326{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":3,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":946739299327438,"packet_id":24,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739299327438}
00422{"packet_event_id":1,"packet_event_name":"packet","packet_id":24,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739299327408,"pkt":"REREREREZmZmZmZmCABFAABQFy8Aub0RMd8KAAABPtK0RwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00762{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":946739299327173,"flow_dst_last_pkt_time":946739299355250,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_usec":946739299355250,"pkt":"ZmZmZmZmRERERERECABFAADWguYAADURTls+0rRHCgAAAQQdxzwAwvgJByeBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANuczIIaXJpc2VkZW4CZnIAABAAAcAMABAAAQAAAAAAfXxETlNDAAEAAD603DX03HFYUGSUUMZQ5AFHqQDCbcRbndp5mF3SVu19eScXuGrpg2nLc5WDzV06y+FJw+Dah4cv34QVXrvZ7Q8nY1y4iPNLnPDmhCiX6M9Qv8kZOhpPDs+tmijF9ICJLydjXLiI80ucXop2NF6KdjRga6m0"}
00762{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":946739299327201,"flow_dst_last_pkt_time":946739299356160,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_usec":946739299356160,"pkt":"ZmZmZmZmRERERERECABFAADWguUAADQRT1w+0rRHCgAAAQQdzZwAwvGtByOBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANuczIIaXJpc2VkZW4CZnIAABAAAcAMABAAAQAAAAAAfXxETlNDAAEAAD603DX03HFYUGSUUMZQ5AFHqQDCbcRbndp5mF3SVu19eScXuGrpg2nLc5WDzV06y+FJw+Dah4cv34QVXrvZ7Q8nY1y4iPNLnPDmhCiX6M9Qv8kZOhpPDs+tmijF9ICJLydjXLiI80ucXop2NF6KdjRga6m0"}
@@ -63,12 +63,12 @@
00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739304328460,"flow_src_last_pkt_time":946739304328460,"flow_dst_last_pkt_time":946739304328460,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739304328460,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":37413,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01199{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":946739304328460,"flow_dst_last_pkt_time":946739304328460,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_usec":946739304328460,"pkt":"REREREREZmZmZmZmCABFAAIcHPpAAL0RYFwKAAABuYbEN5IlIPsCCECUfx8BAAABAAAAAAABATINZG5zY3J5cHQtY2VydARyZG5zBmZhZWxpeANuZXQAABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00881{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739304328460,"flow_src_last_pkt_time":946739304328460,"flow_dst_last_pkt_time":946739304328460,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739304328460,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":37413,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00227{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":29,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739304328481}
00326{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":4,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":946739304328481,"packet_id":29,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739304328481}
00422{"packet_event_id":1,"packet_event_name":"packet","packet_id":29,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739304328460,"pkt":"REREREREZmZmZmZmCABFAABQHPkAub0RoXAKAAABuYbENwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739304328494,"flow_src_last_pkt_time":946739304328494,"flow_dst_last_pkt_time":946739304328494,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739304328494,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":35005,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":946739304328494,"flow_dst_last_pkt_time":946739304328494,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739304328494,"pkt":"REREREREZmZmZmZmCABFAAXcHPsgAL0RfJsKAAABuYbEN4i9IPsGBFEJfxwBAAABAAAAAAABATINZG5zY3J5cHQtY2VydARyZG5zBmZhZWxpeANuZXQAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00884{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739304328494,"flow_src_last_pkt_time":946739304328494,"flow_dst_last_pkt_time":946739304328494,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739304328494,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":35005,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00227{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":31,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739304328516}
00326{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":5,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":946739304328516,"packet_id":31,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739304328516}
00422{"packet_event_id":1,"packet_event_name":"packet","packet_id":31,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739304328494,"pkt":"REREREREZmZmZmZmCABFAABQHPsAub0RoW4KAAABuYbENwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739304328530,"flow_src_last_pkt_time":946739304328530,"flow_dst_last_pkt_time":946739304328530,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739304328530,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":59405,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01199{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":946739304328530,"flow_dst_last_pkt_time":946739304328530,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_usec":946739304328530,"pkt":"REREREREZmZmZmZmCABFAAIcHPxAAL0RYFoKAAABuYbEN+gNIPsCCECUfx0BAAABAAAAAAABATINZG5zY3J5cHQtY2VydARyZG5zBmZhZWxpeANuZXQAABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
@@ -79,7 +79,7 @@
00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739304328639,"flow_src_last_pkt_time":946739304328639,"flow_dst_last_pkt_time":946739304328639,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739304328639,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55123,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":946739304328639,"flow_dst_last_pkt_time":946739304328639,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739304328639,"pkt":"REREREREZmZmZmZmCABFAAXcHP4gAL0RfJgKAAABuYbEN9dTIPsGBAJxfx4BAAABAAAAAAABATINZG5zY3J5cHQtY2VydARyZG5zBmZhZWxpeANuZXQAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00884{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739304328639,"flow_src_last_pkt_time":946739304328639,"flow_dst_last_pkt_time":946739304328639,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739304328639,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55123,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00227{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":35,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739304328653}
00326{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":6,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":946739304328653,"packet_id":35,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739304328653}
00422{"packet_event_id":1,"packet_event_name":"packet","packet_id":35,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739304328639,"pkt":"REREREREZmZmZmZmCABFAABQHP4Aub0RoWsKAAABuYbENwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_src_last_pkt_time":946739304328621,"flow_dst_last_pkt_time":946739304360382,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_usec":946739304360382,"pkt":"ZmZmZmZmRERERERECABFAADWmUJAADQRblq5hsQ3CgAAASD7xQMAwuTIfxuAAAABAAEAAAAAATINZG5zY3J5cHQtY2VydARyZG5zBmZhZWxpeANuZXQAABAAAcAMABAAAQAADhAAfXxETlNDAAEAADn5TxO0FAodB0MfyNII\/q4yfvBzna8lha8rHqMZH6brB0hzmteXf96oRMNtUVCp592lxf62HHwuDSbhBbtGtQcalorpuHO8PTt\/PSXI1nToKeQ\/\/4xUAF+WFp6Iz9p9KhqWium4c7w9AAAAAV7URQBxousA"}
00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_src_last_pkt_time":946739304328460,"flow_dst_last_pkt_time":946739304361228,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_usec":946739304361228,"pkt":"ZmZmZmZmRERERERECABFAADWmUFAADQRblu5hsQ3CgAAASD7kiUAwhejfx+AAAABAAEAAAAAATINZG5zY3J5cHQtY2VydARyZG5zBmZhZWxpeANuZXQAABAAAcAMABAAAQAADhAAfXxETlNDAAEAADn5TxO0FAodB0MfyNII\/q4yfvBzna8lha8rHqMZH6brB0hzmteXf96oRMNtUVCp592lxf62HHwuDSbhBbtGtQcalorpuHO8PTt\/PSXI1nToKeQ\/\/4xUAF+WFp6Iz9p9KhqWium4c7w9AAAAAV7URQBxousA"}
@@ -91,7 +91,7 @@
00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739304363260,"flow_src_last_pkt_time":946739304363260,"flow_dst_last_pkt_time":946739304363260,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739304363260,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":56997,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_src_last_pkt_time":946739304363260,"flow_dst_last_pkt_time":946739304363260,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739304363260,"pkt":"REREREREZmZmZmZmCABFAAXcylIgAL0RKVMKAAABaO66wN6lAbsGBMqkZFUBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAF2CGRuc2NyeXB0AnVrAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00884{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739304363260,"flow_src_last_pkt_time":946739304363260,"flow_dst_last_pkt_time":946739304363260,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739304363260,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":56997,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00227{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":42,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739304363265}
00326{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":7,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":946739304363265,"packet_id":42,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739304363265}
00422{"packet_event_id":1,"packet_event_name":"packet","packet_id":42,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739304363260,"pkt":"REREREREZmZmZmZmCABFAABQylIAub0RTiYKAAABaO66wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739304363274,"flow_src_last_pkt_time":946739304363274,"flow_dst_last_pkt_time":946739304363274,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739304363274,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":39655,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01199{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_src_last_pkt_time":946739304363274,"flow_dst_last_pkt_time":946739304363274,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_usec":946739304363274,"pkt":"REREREREZmZmZmZmCABFAAIcylNAAL0RDRIKAAABaO66wJrnAbsCCOaEZFYBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAF2CGRuc2NyeXB0AnVrAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
@@ -105,9 +105,9 @@
00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739304363284,"flow_src_last_pkt_time":946739304363284,"flow_dst_last_pkt_time":946739304363284,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739304363284,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":44491,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_src_last_pkt_time":946739304363284,"flow_dst_last_pkt_time":946739304363284,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739304363284,"pkt":"REREREREZmZmZmZmCABFAAXcylQgAL0RKVEKAAABaO66wK3LAbsGBPuAZFMBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAF2CGRuc2NyeXB0AnVrAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00884{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739304363284,"flow_src_last_pkt_time":946739304363284,"flow_dst_last_pkt_time":946739304363284,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739304363284,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":44491,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00227{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":47,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739304363288}
00326{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":8,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":946739304363288,"packet_id":47,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739304363288}
00422{"packet_event_id":1,"packet_event_name":"packet","packet_id":47,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739304363284,"pkt":"REREREREZmZmZmZmCABFAABQylQAub0RTiQKAAABaO66wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00227{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":48,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739304363289}
00326{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":9,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":946739304363289,"packet_id":48,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739304363289}
00422{"packet_event_id":1,"packet_event_name":"packet","packet_id":48,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739304363284,"pkt":"REREREREZmZmZmZmCABFAABQylYAub0RTiIKAAABaO66wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_src_last_pkt_time":946739304328530,"flow_dst_last_pkt_time":946739304367875,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_usec":946739304367875,"pkt":"ZmZmZmZmRERERERECABFAADWmUVAADQRble5hsQ3CgAAASD76A0AwsG8fx2AAAABAAEAAAAAATINZG5zY3J5cHQtY2VydARyZG5zBmZhZWxpeANuZXQAABAAAcAMABAAAQAADhAAfXxETlNDAAEAADn5TxO0FAodB0MfyNII\/q4yfvBzna8lha8rHqMZH6brB0hzmteXf96oRMNtUVCp592lxf62HHwuDSbhBbtGtQcalorpuHO8PTt\/PSXI1nToKeQ\/\/4xUAF+WFp6Iz9p9KhqWium4c7w9AAAAAV7URQBxousA"}
00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_src_last_pkt_time":946739304328639,"flow_dst_last_pkt_time":946739304369837,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_usec":946739304369837,"pkt":"ZmZmZmZmRERERERECABFAADWmUZAADQRbla5hsQ3CgAAASD711MAwtJ1fx6AAAABAAEAAAAAATINZG5zY3J5cHQtY2VydARyZG5zBmZhZWxpeANuZXQAABAAAcAMABAAAQAADhAAfXxETlNDAAEAADn5TxO0FAodB0MfyNII\/q4yfvBzna8lha8rHqMZH6brB0hzmteXf96oRMNtUVCp592lxf62HHwuDSbhBbtGtQcalorpuHO8PTt\/PSXI1nToKeQ\/\/4xUAF+WFp6Iz9p9KhqWium4c7w9AAAAAV7URQBxousA"}
@@ -123,12 +123,12 @@
00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739304599740,"flow_src_last_pkt_time":946739304599740,"flow_dst_last_pkt_time":946739304599740,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739304599740,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":56035,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_src_last_pkt_time":946739304599740,"flow_dst_last_pkt_time":946739304599740,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739304599740,"pkt":"REREREREZmZmZmZmCABFAAXcZhQgAL0R7isKAAAB0frxGdrjAbsGBM5Z8VQBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhtZWdhbmVyZAAAEAABAAAAAAAAAAAABccADAXDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00883{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739304599740,"flow_src_last_pkt_time":946739304599740,"flow_dst_last_pkt_time":946739304599740,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739304599740,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":56035,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00227{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":59,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739304599754}
00327{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":10,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":946739304599754,"packet_id":59,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739304599754}
00422{"packet_event_id":1,"packet_event_name":"packet","packet_id":59,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739304599740,"pkt":"REREREREZmZmZmZmCABFAABQZhQAub0REv8KAAAB0frxGQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":60,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739304599762,"flow_src_last_pkt_time":946739304599762,"flow_dst_last_pkt_time":946739304599762,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739304599762,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":37123,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_src_last_pkt_time":946739304599762,"flow_dst_last_pkt_time":946739304599762,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739304599762,"pkt":"REREREREZmZmZmZmCABFAAXcZhUgAL0R7ioKAAAB0frxGZEDAbsGBBg48VYBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhtZWdhbmVyZAAAEAABAAAAAAAAAAAABccADAXDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00883{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739304599762,"flow_src_last_pkt_time":946739304599762,"flow_dst_last_pkt_time":946739304599762,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739304599762,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":37123,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00227{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":61,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739304599775}
00327{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":11,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":946739304599775,"packet_id":61,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739304599775}
00422{"packet_event_id":1,"packet_event_name":"packet","packet_id":61,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739304599762,"pkt":"REREREREZmZmZmZmCABFAABQZhUAub0REv4KAAAB0frxGQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":62,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739304599857,"flow_src_last_pkt_time":946739304599857,"flow_dst_last_pkt_time":946739304599857,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739304599857,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":37950,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01199{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_src_last_pkt_time":946739304599857,"flow_dst_last_pkt_time":946739304599857,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_usec":946739304599857,"pkt":"REREREREZmZmZmZmCABFAAIcZhZAAL0R0ekKAAAB0frxGZQ+AbsCCIXq8VUBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhtZWdhbmVyZAAAEAABAAAAAAAAAAAAAcsADAHHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
@@ -139,7 +139,7 @@
00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":64,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739304599889,"flow_src_last_pkt_time":946739304599889,"flow_dst_last_pkt_time":946739304599889,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739304599889,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":59367,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_src_last_pkt_time":946739304599889,"flow_dst_last_pkt_time":946739304599889,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739304599889,"pkt":"REREREREZmZmZmZmCABFAAXcZhggAL0R7icKAAAB0frxGefnAbsGBMFR8VgBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhtZWdhbmVyZAAAEAABAAAAAAAAAAAABccADAXDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00883{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739304599889,"flow_src_last_pkt_time":946739304599889,"flow_dst_last_pkt_time":946739304599889,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739304599889,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":59367,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00227{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":65,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739304599904}
00327{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":12,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":946739304599904,"packet_id":65,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739304599904}
00422{"packet_event_id":1,"packet_event_name":"packet","packet_id":65,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739304599889,"pkt":"REREREREZmZmZmZmCABFAABQZhgAub0REvsKAAAB0frxGQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00755{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_src_last_pkt_time":946739304599728,"flow_dst_last_pkt_time":946739304626301,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"thread_ts_usec":946739304626301,"pkt":"ZmZmZmZmRERERERECABFAADPni1AADcRISDR+vEZCgAAAQG7gBkAu2Pi8VmBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhtZWdhbmVyZAAAEAABwAwAEAABAABwgAB9fEROU0MAAgAAfYAKepZwtScVP1uN5sT5N32akeuKSAV4oXU5Dhs9DYGIJJAdGKfXtNXiElvsQvm00KyC1gH3yBcsV0UHMhcHDXsbONUID12Y3+IJuxI0oT3pvizj3NQWIv0z50xYMyIaexs41QgPXZgAAAABX1N8A19UzYM="}
00756{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_src_last_pkt_time":946739304599740,"flow_dst_last_pkt_time":946739304626439,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"thread_ts_usec":946739304626439,"pkt":"ZmZmZmZmRERERERECABFAADPni5AADcRIR\/R+vEZCgAAAQG72uMAuwkd8VSBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhtZWdhbmVyZAAAEAABwAwAEAABAABwgAB9fEROU0MAAgAAfYAKepZwtScVP1uN5sT5N32akeuKSAV4oXU5Dhs9DYGIJJAdGKfXtNXiElvsQvm00KyC1gH3yBcsV0UHMhcHDXsbONUID12Y3+IJuxI0oT3pvizj3NQWIv0z50xYMyIaexs41QgPXZgAAAABX1N8A19UzYM="}
@@ -151,9 +151,9 @@
00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739304628383,"flow_src_last_pkt_time":946739304628383,"flow_dst_last_pkt_time":946739304628383,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739304628383,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":46229,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_src_last_pkt_time":946739304628383,"flow_dst_last_pkt_time":946739304628383,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739304628383,"pkt":"REREREREZmZmZmZmCABFAAXcpRogAL0RA94KAAABKU9FDbSVAbsGBIFBBsIBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJ0egRkMHduA2JpegAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00880{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":71,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739304628383,"flow_src_last_pkt_time":946739304628383,"flow_dst_last_pkt_time":946739304628383,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739304628383,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":46229,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00227{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":72,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739304628389}
00327{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":13,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":946739304628389,"packet_id":72,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739304628389}
00422{"packet_event_id":1,"packet_event_name":"packet","packet_id":72,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739304628383,"pkt":"REREREREZmZmZmZmCABFAABQpRkAub0RKLIKAAABKU9FDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00227{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":73,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739304628405}
00327{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":14,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":946739304628405,"packet_id":73,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739304628405}
00422{"packet_event_id":1,"packet_event_name":"packet","packet_id":73,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739304628383,"pkt":"REREREREZmZmZmZmCABFAABQpRoAub0RKLEKAAABKU9FDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739304628422,"flow_src_last_pkt_time":946739304628422,"flow_dst_last_pkt_time":946739304628422,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739304628422,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":56043,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_src_last_pkt_time":946739304628422,"flow_dst_last_pkt_time":946739304628422,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739304628422,"pkt":"REREREREZmZmZmZmCABFAAXcpRsgAL0RA90KAAABKU9FDdrrAbsGBFrpBsQBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJ0egRkMHduA2JpegAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
@@ -161,7 +161,7 @@
00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739304628431,"flow_src_last_pkt_time":946739304628431,"flow_dst_last_pkt_time":946739304628431,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739304628431,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":38136,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01199{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_src_last_pkt_time":946739304628431,"flow_dst_last_pkt_time":946739304628431,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_usec":946739304628431,"pkt":"REREREREZmZmZmZmCABFAAIcpRxAAL0R55sKAAABKU9FDZT4AbsCCDEyBsMBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJ0egRkMHduA2JpegAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00877{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":75,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739304628431,"flow_src_last_pkt_time":946739304628431,"flow_dst_last_pkt_time":946739304628431,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739304628431,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":38136,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00227{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":76,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739304628442}
00327{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":15,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":946739304628442,"packet_id":76,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739304628442}
00422{"packet_event_id":1,"packet_event_name":"packet","packet_id":76,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739304628431,"pkt":"REREREREZmZmZmZmCABFAABQpRsAub0RKLAKAAABKU9FDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739304628531,"flow_src_last_pkt_time":946739304628531,"flow_dst_last_pkt_time":946739304628531,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739304628531,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":56177,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01199{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_src_last_pkt_time":946739304628531,"flow_dst_last_pkt_time":946739304628531,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_usec":946739304628531,"pkt":"REREREREZmZmZmZmCABFAAIcpR1AAL0R55oKAAABKU9FDdtxAbsCCDEyBsEBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJ0egRkMHduA2JpegAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
@@ -178,21 +178,17 @@
00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739304789547,"flow_src_last_pkt_time":946739304789547,"flow_dst_last_pkt_time":946739304789547,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739304789547,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":38867,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_src_last_pkt_time":946739304789547,"flow_dst_last_pkt_time":946739304789547,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739304789547,"pkt":"REREREREZmZmZmZmCABFAAXc6z8gAL0RfgsKAAABMw96+pfTAbsGBFECxkYBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxzY2FsZXdheS1hbXMAABAAAQAAAAAAAAAAAAXDAAwFvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00882{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739304789547,"flow_src_last_pkt_time":946739304789547,"flow_dst_last_pkt_time":946739304789547,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739304789547,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":38867,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00227{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":84,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739304789570}
00327{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":16,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":946739304789570,"packet_id":84,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739304789570}
00422{"packet_event_id":1,"packet_event_name":"packet","packet_id":84,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739304789547,"pkt":"REREREREZmZmZmZmCABFAABQ6z8Aub0Rot4KAAABMw96+gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739304789691,"flow_src_last_pkt_time":946739304789691,"flow_dst_last_pkt_time":946739304789691,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739304789691,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":59709,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_src_last_pkt_time":946739304789691,"flow_dst_last_pkt_time":946739304789691,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739304789691,"pkt":"REREREREZmZmZmZmCABFAAXc60AgAL0RfgoKAAABMw96+uk9AbsGBP+VxkgBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxzY2FsZXdheS1hbXMAABAAAQAAAAAAAAAAAAXDAAwFvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00882{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":85,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739304789691,"flow_src_last_pkt_time":946739304789691,"flow_dst_last_pkt_time":946739304789691,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739304789691,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":59709,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00227{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":86,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739304789707}
00422{"packet_event_id":1,"packet_event_name":"packet","packet_id":86,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739304789691,"pkt":"REREREREZmZmZmZmCABFAABQ60AAub0Rot0KAAABMw96+gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":87,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739304789731,"flow_src_last_pkt_time":946739304789731,"flow_dst_last_pkt_time":946739304789731,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739304789731,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":36668,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01199{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_src_last_pkt_time":946739304789731,"flow_dst_last_pkt_time":946739304789731,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_usec":946739304789731,"pkt":"REREREREZmZmZmZmCABFAAIc60FAAL0RYckKAAABMw96+o88AbsCCHDfxkcBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxzY2FsZXdheS1hbXMAABAAAQAAAAAAAAAAAAHHAAwBwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00879{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739304789731,"flow_src_last_pkt_time":946739304789731,"flow_dst_last_pkt_time":946739304789731,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739304789731,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":36668,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":88,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739304789776,"flow_src_last_pkt_time":946739304789776,"flow_dst_last_pkt_time":946739304789776,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739304789776,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":39007,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_src_last_pkt_time":946739304789776,"flow_dst_last_pkt_time":946739304789776,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739304789776,"pkt":"REREREREZmZmZmZmCABFAAXc60IgAL0RfggKAAABMw96+phfAbsGBFB4xkQBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxzY2FsZXdheS1hbXMAABAAAQAAAAAAAAAAAAXDAAwFvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00882{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739304789776,"flow_src_last_pkt_time":946739304789776,"flow_dst_last_pkt_time":946739304789776,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739304789776,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":39007,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00227{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":89,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739304789813}
00422{"packet_event_id":1,"packet_event_name":"packet","packet_id":89,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739304789776,"pkt":"REREREREZmZmZmZmCABFAABQ60IAub0RotsKAAABMw96+gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":90,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739304789862,"flow_src_last_pkt_time":946739304789862,"flow_dst_last_pkt_time":946739304789862,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739304789862,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":38362,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01199{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_src_last_pkt_time":946739304789862,"flow_dst_last_pkt_time":946739304789862,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_usec":946739304789862,"pkt":"REREREREZmZmZmZmCABFAAIc60NAAL0RYccKAAABMw96+pXaAbsCCHDfxkUBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxzY2FsZXdheS1hbXMAABAAAQAAAAAAAAAAAAHHAAwBwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00879{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739304789862,"flow_src_last_pkt_time":946739304789862,"flow_dst_last_pkt_time":946739304789862,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739304789862,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":38362,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
@@ -219,18 +215,12 @@
00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":105,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739305155235,"flow_src_last_pkt_time":946739305155235,"flow_dst_last_pkt_time":946739305155235,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739305155235,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":43633,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_src_last_pkt_time":946739305155235,"flow_dst_last_pkt_time":946739305155235,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739305155235,"pkt":"REREREREZmZmZmZmCABFAAXcU1YgAL0RcE4KAAABizvIdKpxAbsGBMEKc5QBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJ1awAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00884{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":105,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739305155235,"flow_src_last_pkt_time":946739305155235,"flow_dst_last_pkt_time":946739305155235,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739305155235,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":43633,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":106,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739305155243}
00423{"packet_event_id":1,"packet_event_name":"packet","packet_id":106,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739305155235,"pkt":"REREREREZmZmZmZmCABFAABQU1YAub0RlSEKAAABizvIdAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":107,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739305155254,"flow_src_last_pkt_time":946739305155254,"flow_dst_last_pkt_time":946739305155254,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739305155254,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":37595,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_src_last_pkt_time":946739305155254,"flow_dst_last_pkt_time":946739305155254,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739305155254,"pkt":"REREREREZmZmZmZmCABFAAXcU1cgAL0RcE0KAAABizvIdJLbAbsGBNikc5ABAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJ1awAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00884{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":107,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739305155254,"flow_src_last_pkt_time":946739305155254,"flow_dst_last_pkt_time":946739305155254,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739305155254,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":37595,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":108,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739305155262}
00423{"packet_event_id":1,"packet_event_name":"packet","packet_id":108,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739305155254,"pkt":"REREREREZmZmZmZmCABFAABQU1cAub0RlSAKAAABizvIdAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":109,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739305155306,"flow_src_last_pkt_time":946739305155306,"flow_dst_last_pkt_time":946739305155306,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739305155306,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":59194,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_src_last_pkt_time":946739305155306,"flow_dst_last_pkt_time":946739305155306,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739305155306,"pkt":"REREREREZmZmZmZmCABFAAXcU1ggAL0RcEwKAAABizvIdOc6AbsGBIRDc5IBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJ1awAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00884{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739305155306,"flow_src_last_pkt_time":946739305155306,"flow_dst_last_pkt_time":946739305155306,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739305155306,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":59194,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":110,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739305155318}
00423{"packet_event_id":1,"packet_event_name":"packet","packet_id":110,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739305155306,"pkt":"REREREREZmZmZmZmCABFAABQU1gAub0RlR8KAAABizvIdAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00762{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_src_last_pkt_time":946739305155161,"flow_dst_last_pkt_time":946739305187672,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"thread_ts_usec":946739305187672,"pkt":"ZmZmZmZmRERERERECABFAADSF51AADcRFxKLO8h0CgAAAQG76FQAvuw2c5WBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJ1awAAEAABwAwAEAABAABwgAB9fEROU0MAAgAABjDMcMbz7yA0RLegztcBfq7VeYHKBaMLey+aMNVSTMo4Qj51\/gmF1JL4mny7Kl7CHKqU1ouuslp1lX1chQTTD+JLJw323p3g\/i9lq2cywGbzFxjIXwRFrAIdM6Cq64tY4ksnDfbeneAAAAABX1N7RV9UzMU="}
00763{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_src_last_pkt_time":946739305155210,"flow_dst_last_pkt_time":946739305189032,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"thread_ts_usec":946739305189032,"pkt":"ZmZmZmZmRERERERECABFAADSF55AADcRFxGLO8h0CgAAAQG7xJ8Avg\/uc5OBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJ1awAAEAABwAwAEAABAABwgAB9fEROU0MAAgAABjDMcMbz7yA0RLegztcBfq7VeYHKBaMLey+aMNVSTMo4Qj51\/gmF1JL4mny7Kl7CHKqU1ouuslp1lX1chQTTD+JLJw323p3g\/i9lq2cywGbzFxjIXwRFrAIdM6Cq64tY4ksnDfbeneAAAAABX1N7RV9UzMU="}
00762{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_src_last_pkt_time":946739305155166,"flow_dst_last_pkt_time":946739305189550,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"thread_ts_usec":946739305189550,"pkt":"ZmZmZmZmRERERERECABFAADSF59AADcRFxCLO8h0CgAAAQG7uO0Avhuic5GBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJ1awAAEAABwAwAEAABAABwgAB9fEROU0MAAgAABjDMcMbz7yA0RLegztcBfq7VeYHKBaMLey+aMNVSTMo4Qj51\/gmF1JL4mny7Kl7CHKqU1ouuslp1lX1chQTTD+JLJw323p3g\/i9lq2cywGbzFxjIXwRFrAIdM6Cq64tY4ksnDfbeneAAAAABX1N7RV9UzMU="}
@@ -244,22 +234,16 @@
00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":117,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739305192615,"flow_src_last_pkt_time":946739305192615,"flow_dst_last_pkt_time":946739305192615,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739305192615,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":34885,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01200{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_src_last_pkt_time":946739305192615,"flow_dst_last_pkt_time":946739305192615,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_usec":946739305192615,"pkt":"REREREREZmZmZmZmCABFAAIcZY1AAL0RdEwKAAABwx5eHIhFIPsCCOQQMswBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAVmZm11YwNuZXQAABAAAQAAAAAAAAAAAAHKAAwBxgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00880{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":117,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739305192615,"flow_src_last_pkt_time":946739305192615,"flow_dst_last_pkt_time":946739305192615,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739305192615,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":34885,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":118,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739305192620}
00423{"packet_event_id":1,"packet_event_name":"packet","packet_id":118,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739305192615,"pkt":"REREREREZmZmZmZmCABFAABQZYwAub0RtWAKAAABwx5eHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":119,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739305192703,"flow_src_last_pkt_time":946739305192703,"flow_dst_last_pkt_time":946739305192703,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739305192703,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":44093,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01200{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_src_last_pkt_time":946739305192703,"flow_dst_last_pkt_time":946739305192703,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_usec":946739305192703,"pkt":"REREREREZmZmZmZmCABFAAIcZY5AAL0RdEsKAAABwx5eHKw9IPsCCOQQMsoBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAVmZm11YwNuZXQAABAAAQAAAAAAAAAAAAHKAAwBxgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00880{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":119,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739305192703,"flow_src_last_pkt_time":946739305192703,"flow_dst_last_pkt_time":946739305192703,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739305192703,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":44093,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":120,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739305192710,"flow_src_last_pkt_time":946739305192710,"flow_dst_last_pkt_time":946739305192710,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739305192710,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":53811,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_src_last_pkt_time":946739305192710,"flow_dst_last_pkt_time":946739305192710,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739305192710,"pkt":"REREREREZmZmZmZmCABFAAXcZY8gAL0RkIoKAAABwx5eHNIzIPsGBOBTMskBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAVmZm11YwNuZXQAABAAAQAAAAAAAAAAAAXGAAwFwgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00883{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":120,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739305192710,"flow_src_last_pkt_time":946739305192710,"flow_dst_last_pkt_time":946739305192710,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739305192710,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":53811,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":121,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739305192727}
00423{"packet_event_id":1,"packet_event_name":"packet","packet_id":121,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739305192710,"pkt":"REREREREZmZmZmZmCABFAABQZY8Aub0RtV0KAAABwx5eHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00762{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_src_last_pkt_time":946739305155254,"flow_dst_last_pkt_time":946739305192746,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"thread_ts_usec":946739305192746,"pkt":"ZmZmZmZmRERERERECABFAADSF6JAADcRFw2LO8h0CgAAAQG7ktsAvkG1c5CBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJ1awAAEAABwAwAEAABAABwgAB9fEROU0MAAgAABjDMcMbz7yA0RLegztcBfq7VeYHKBaMLey+aMNVSTMo4Qj51\/gmF1JL4mny7Kl7CHKqU1ouuslp1lX1chQTTD+JLJw323p3g\/i9lq2cywGbzFxjIXwRFrAIdM6Cq64tY4ksnDfbeneAAAAABX1N7RV9UzMU="}
00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":123,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739305192763,"flow_src_last_pkt_time":946739305192763,"flow_dst_last_pkt_time":946739305192763,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739305192763,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":44282,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_src_last_pkt_time":946739305192763,"flow_dst_last_pkt_time":946739305192763,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739305192763,"pkt":"REREREREZmZmZmZmCABFAAXcZZAgAL0RkIkKAAABwx5eHKz6IPsGBAWJMs0BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAVmZm11YwNuZXQAABAAAQAAAAAAAAAAAAXGAAwFwgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00883{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":123,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739305192763,"flow_src_last_pkt_time":946739305192763,"flow_dst_last_pkt_time":946739305192763,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739305192763,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":44282,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":124,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739305192783}
00423{"packet_event_id":1,"packet_event_name":"packet","packet_id":124,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739305192763,"pkt":"REREREREZmZmZmZmCABFAABQZZAAub0RtVwKAAABwx5eHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00762{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_src_last_pkt_time":946739305155306,"flow_dst_last_pkt_time":946739305194519,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"thread_ts_usec":946739305194519,"pkt":"ZmZmZmZmRERERERECABFAADSF6NAADcRFwyLO8h0CgAAAQG75zoAvu1Tc5KBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJ1awAAEAABwAwAEAABAABwgAB9fEROU0MAAgAABjDMcMbz7yA0RLegztcBfq7VeYHKBaMLey+aMNVSTMo4Qj51\/gmF1JL4mny7Kl7CHKqU1ouuslp1lX1chQTTD+JLJw323p3g\/i9lq2cywGbzFxjIXwRFrAIdM6Cq64tY4ksnDfbeneAAAAABX1N7RV9UzMU="}
00758{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_src_last_pkt_time":946739305192615,"flow_dst_last_pkt_time":946739305214011,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"thread_ts_usec":946739305214011,"pkt":"ZmZmZmZmRERERERECABFAADQ+LRAADgRZ3HDHl4cCgAAASD7iEUAvOWBMsyAAAABAAEAAAAAATINZG5zY3J5cHQtY2VydAVmZm11YwNuZXQAABAAAcAMABAAAQAADhAAfXxETlNDAAEAANu1cuNn82W5kyvuIYj3yDd11LkL534iAFDK9fBQA07jnu8CUEQwYJt1XxEE91D0YyFd2wLooVHv9yyAcc0SAAB5FL6yNLYbucmv1fHy4RsAcOv\/0XhGDt+qQ0bl\/YNRIXkUvrI0thu5ATQ9Gl8jB9hnnVXw"}
00758{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":127,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_src_last_pkt_time":946739305192522,"flow_dst_last_pkt_time":946739305214065,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"thread_ts_usec":946739305214065,"pkt":"ZmZmZmZmRERERERECABFAADQ+LVAADgRZ3DDHl4cCgAAASD7uvkAvLLLMs6AAAABAAEAAAAAATINZG5zY3J5cHQtY2VydAVmZm11YwNuZXQAABAAAcAMABAAAQAADhAAfXxETlNDAAEAANu1cuNn82W5kyvuIYj3yDd11LkL534iAFDK9fBQA07jnu8CUEQwYJt1XxEE91D0YyFd2wLooVHv9yyAcc0SAAB5FL6yNLYbucmv1fHy4RsAcOv\/0XhGDt+qQ0bl\/YNRIXkUvrI0thu5ATQ9Gl8jB9hnnVXw"}
@@ -274,10 +258,6 @@
00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":132,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739305219319,"flow_src_last_pkt_time":946739305219319,"flow_dst_last_pkt_time":946739305219319,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739305219319,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":33071,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":132,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_src_last_pkt_time":946739305219319,"flow_dst_last_pkt_time":946739305219319,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739305219319,"pkt":"REREREREZmZmZmZmCABFAAXciBsgAL0RNMUKAAABjgTMb4EvAbsGBA3nAg4BAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00883{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":132,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739305219319,"flow_src_last_pkt_time":946739305219319,"flow_dst_last_pkt_time":946739305219319,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739305219319,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":33071,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":133,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739305219331}
00423{"packet_event_id":1,"packet_event_name":"packet","packet_id":133,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739305219319,"pkt":"REREREREZmZmZmZmCABFAABQiBwAub0RWZcKAAABjgTMbwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":134,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739305219342}
00423{"packet_event_id":1,"packet_event_name":"packet","packet_id":134,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739305219319,"pkt":"REREREREZmZmZmZmCABFAABQiBsAub0RWZgKAAABjgTMbwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":135,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739305219372,"flow_src_last_pkt_time":946739305219372,"flow_dst_last_pkt_time":946739305219372,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739305219372,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":43505,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01200{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_src_last_pkt_time":946739305219372,"flow_dst_last_pkt_time":946739305219372,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_usec":946739305219372,"pkt":"REREREREZmZmZmZmCABFAAIciB1AAL0RGIMKAAABjgTMb6nxAbsCCB1KAg8BAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00880{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":135,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739305219372,"flow_src_last_pkt_time":946739305219372,"flow_dst_last_pkt_time":946739305219372,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739305219372,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":43505,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
@@ -287,8 +267,6 @@
00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":137,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739305219453,"flow_src_last_pkt_time":946739305219453,"flow_dst_last_pkt_time":946739305219453,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739305219453,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":46856,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_src_last_pkt_time":946739305219453,"flow_dst_last_pkt_time":946739305219453,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739305219453,"pkt":"REREREREZmZmZmZmCABFAAXciB8gAL0RNMEKAAABjgTMb7cIAbsGBNgLAhABAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00883{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":137,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739305219453,"flow_src_last_pkt_time":946739305219453,"flow_dst_last_pkt_time":946739305219453,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739305219453,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":46856,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":138,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739305219467}
00423{"packet_event_id":1,"packet_event_name":"packet","packet_id":138,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739305219453,"pkt":"REREREREZmZmZmZmCABFAABQiB8Aub0RWZQKAAABjgTMbwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00758{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_src_last_pkt_time":946739305192710,"flow_dst_last_pkt_time":946739305220178,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"thread_ts_usec":946739305220178,"pkt":"ZmZmZmZmRERERERECABFAADQ+LhAADgRZ23DHl4cCgAAASD70jMAvJuWMsmAAAABAAEAAAAAATINZG5zY3J5cHQtY2VydAVmZm11YwNuZXQAABAAAcAMABAAAQAADhAAfXxETlNDAAEAANu1cuNn82W5kyvuIYj3yDd11LkL534iAFDK9fBQA07jnu8CUEQwYJt1XxEE91D0YyFd2wLooVHv9yyAcc0SAAB5FL6yNLYbucmv1fHy4RsAcOv\/0XhGDt+qQ0bl\/YNRIXkUvrI0thu5ATQ9Gl8jB9hnnVXw"}
00758{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_src_last_pkt_time":946739305192763,"flow_dst_last_pkt_time":946739305220691,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"thread_ts_usec":946739305220691,"pkt":"ZmZmZmZmRERERERECABFAADQ+LlAADgRZ2zDHl4cCgAAASD7rPoAvMDLMs2AAAABAAEAAAAAATINZG5zY3J5cHQtY2VydAVmZm11YwNuZXQAABAAAcAMABAAAQAADhAAfXxETlNDAAEAANu1cuNn82W5kyvuIYj3yDd11LkL534iAFDK9fBQA07jnu8CUEQwYJt1XxEE91D0YyFd2wLooVHv9yyAcc0SAAB5FL6yNLYbucmv1fHy4RsAcOv\/0XhGDt+qQ0bl\/YNRIXkUvrI0thu5ATQ9Gl8jB9hnnVXw"}
00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_src_last_pkt_time":946739305219398,"flow_dst_last_pkt_time":946739305326235,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_usec":946739305326235,"pkt":"ZmZmZmZmRERERERECABFAADWg00AADQR55mOBMxvCgAAAQG7zDwAwg0OAg2BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAcAMABAAAQAAAAAAfXxETlNDAAEAAG0rJMeHQmadAAjPo7oVfCGn+vVnYNn+3VnMSzQY0rAkl3fyY6FeDYzevPOP9Wx6CFjMcHM\/npT74\/JxSlg\/ZQ+xYYapuSWJmSy0bkM5eaAYWq1iOjOwzrlApye0OOzsPbFhhqm5JYmZWX62h1l+todsSrmH"}
@@ -300,21 +278,15 @@
00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":145,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739305327882,"flow_src_last_pkt_time":946739305327882,"flow_dst_last_pkt_time":946739305327882,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739305327882,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":40009,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":145,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_src_last_pkt_time":946739305327882,"flow_dst_last_pkt_time":946739305327882,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739305327882,"pkt":"REREREREZmZmZmZmCABFAAXcwI4gAL0RUUsKAAABlXBwCpxJIPsGBPr0a\/0BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAVxdWFkOQNuZXQAABAAAQAAAAAAAAAAAAXGAAwFwgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00885{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":145,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739305327882,"flow_src_last_pkt_time":946739305327882,"flow_dst_last_pkt_time":946739305327882,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739305327882,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":40009,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":146,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739305327899}
00423{"packet_event_id":1,"packet_event_name":"packet","packet_id":146,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739305327882,"pkt":"REREREREZmZmZmZmCABFAABQwI4Aub0Rdh4KAAABlXBwCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":147,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739305327955,"flow_src_last_pkt_time":946739305327955,"flow_dst_last_pkt_time":946739305327955,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739305327955,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":56022,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":147,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_src_last_pkt_time":946739305327955,"flow_dst_last_pkt_time":946739305327955,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739305327955,"pkt":"REREREREZmZmZmZmCABFAAXcwI8gAL0RUUoKAAABlXBwCtrWIPsGBLxpa\/sBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAVxdWFkOQNuZXQAABAAAQAAAAAAAAAAAAXGAAwFwgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00885{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":147,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739305327955,"flow_src_last_pkt_time":946739305327955,"flow_dst_last_pkt_time":946739305327955,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739305327955,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":56022,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":148,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739305327973}
00423{"packet_event_id":1,"packet_event_name":"packet","packet_id":148,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739305327955,"pkt":"REREREREZmZmZmZmCABFAABQwI8Aub0Rdh0KAAABlXBwCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":149,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739305327975,"flow_src_last_pkt_time":946739305327975,"flow_dst_last_pkt_time":946739305327975,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739305327975,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":42570,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":149,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_src_last_pkt_time":946739305327975,"flow_dst_last_pkt_time":946739305327975,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739305327975,"pkt":"REREREREZmZmZmZmCABFAAXcwJEgAL0RUUgKAAABlXBwCqZKIPsGBPDxa\/8BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAVxdWFkOQNuZXQAABAAAQAAAAAAAAAAAAXGAAwFwgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00885{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":149,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739305327975,"flow_src_last_pkt_time":946739305327975,"flow_dst_last_pkt_time":946739305327975,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739305327975,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":42570,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":150,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739305327975,"flow_src_last_pkt_time":946739305327975,"flow_dst_last_pkt_time":946739305327975,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739305327975,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":57465,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01201{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":150,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_src_last_pkt_time":946739305327975,"flow_dst_last_pkt_time":946739305327975,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_usec":946739305327975,"pkt":"REREREREZmZmZmZmCABFAAIcwJBAAL0RNQkKAAABlXBwCuB5IPsCCMhQa\/4BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAVxdWFkOQNuZXQAABAAAQAAAAAAAAAAAAHKAAwBxgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00882{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":150,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739305327975,"flow_src_last_pkt_time":946739305327975,"flow_dst_last_pkt_time":946739305327975,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739305327975,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":57465,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":151,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739305327986}
00423{"packet_event_id":1,"packet_event_name":"packet","packet_id":151,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739305327975,"pkt":"REREREREZmZmZmZmCABFAABQwJEAub0RdhsKAAABlXBwCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":152,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739305328010,"flow_src_last_pkt_time":946739305328010,"flow_dst_last_pkt_time":946739305328010,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739305328010,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":55482,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01201{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":152,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_src_last_pkt_time":946739305328010,"flow_dst_last_pkt_time":946739305328010,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_usec":946739305328010,"pkt":"REREREREZmZmZmZmCABFAAIcwJJAAL0RNQcKAAABlXBwCti6IPsCCMhQa\/wBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAVxdWFkOQNuZXQAABAAAQAAAAAAAAAAAAHKAAwBxgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00882{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":152,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739305328010,"flow_src_last_pkt_time":946739305328010,"flow_dst_last_pkt_time":946739305328010,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739305328010,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":55482,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
@@ -324,15 +296,9 @@
00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":2,"flow_src_last_pkt_time":946739305327882,"flow_dst_last_pkt_time":946739305348735,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_usec":946739305348735,"pkt":"ZmZmZmZmRERERERECABFAABHTCJAADsRLU2VcHAKCgAAASD7nEkAM5Mra\/2AAAABAAAAAAAAATINZG5zY3J5cHQtY2VydAVxdWFkOQNuZXQAABAAAQ=="}
01199{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":946739305348929,"flow_dst_last_pkt_time":946735705453738,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_usec":946739305348929,"pkt":"REREREREZmZmZmZmCABFAAIcCf9AAL0Rd68KAAABlTjkLZX0AbsCCDw8f0cBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
02482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":946739305348955,"flow_dst_last_pkt_time":946735705457244,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739305348955,"pkt":"REREREREZmZmZmZmCABFAAXcCgAgAL0Rk+4KAAABlTjkLbKaAbsGBGxVf0QBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":159,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739305348966}
00423{"packet_event_id":1,"packet_event_name":"packet","packet_id":159,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739305348955,"pkt":"REREREREZmZmZmZmCABFAABQCgAAub0RuMEKAAABlTjkLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
02482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":160,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":946739305348987,"flow_dst_last_pkt_time":946735705460564,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739305348987,"pkt":"REREREREZmZmZmZmCABFAAXcCgEgAL0Rk+0KAAABlTjkLYqnAbsGBJRGf0YBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":161,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739305348993}
00423{"packet_event_id":1,"packet_event_name":"packet","packet_id":161,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739305348987,"pkt":"REREREREZmZmZmZmCABFAABQCgEAub0RuMAKAAABlTjkLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
01199{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":162,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":946739305349002,"flow_dst_last_pkt_time":946735705461257,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_usec":946739305349002,"pkt":"REREREREZmZmZmZmCABFAAIcCgJAAL0Rd6wKAAABlTjkLYMdAbsCCDw8f0UBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
02482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":163,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":946739305349019,"flow_dst_last_pkt_time":946735705459813,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739305349019,"pkt":"REREREREZmZmZmZmCABFAAXcCgMgAL0Rk+sKAAABlTjkLYmcAbsGBJVVf0IBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":164,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739305349026}
00423{"packet_event_id":1,"packet_event_name":"packet","packet_id":164,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739305349019,"pkt":"REREREREZmZmZmZmCABFAABQCgMAub0RuL4KAAABlTjkLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":165,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_src_last_pkt_time":946739305327834,"flow_dst_last_pkt_time":946739305349030,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_usec":946739305349030,"pkt":"ZmZmZmZmRERERERECABFAABHIUUAADsRmCqVcHAKCgAAASD7w3MAM2v+bACAAAABAAAAAAAAATINZG5zY3J5cHQtY2VydAVxdWFkOQNuZXQAABAAAQ=="}
01199{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":946739305349060,"flow_dst_last_pkt_time":946735705457124,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_usec":946739305349060,"pkt":"REREREREZmZmZmZmCABFAAIcCgRAAL0Rd6oKAAABlTjkLeuNAbsCCDw8f0MBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":2,"flow_src_last_pkt_time":946739305327975,"flow_dst_last_pkt_time":946739305350183,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_usec":946739305350183,"pkt":"ZmZmZmZmRERERERECABFAABHTCRAADsRLUuVcHAKCgAAASD7pkoAM4koa\/+AAAABAAAAAAAAATINZG5zY3J5cHQtY2VydAVxdWFkOQNuZXQAABAAAQ=="}
@@ -345,13 +311,9 @@
00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":178,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739306241775,"flow_src_last_pkt_time":946739306241775,"flow_dst_last_pkt_time":946739306241775,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739306241775,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":50913,"dst_port":1443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_src_last_pkt_time":946739306241775,"flow_dst_last_pkt_time":946739306241775,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739306241775,"pkt":"REREREREZmZmZmZmCABFAAXc+mAgAL0REzsKAAABrGhdUMbhBaMGBCsUtDYBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJqcAR0aWFyA2FwcAAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00884{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739306241775,"flow_src_last_pkt_time":946739306241775,"flow_dst_last_pkt_time":946739306241775,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739306241775,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":50913,"dst_port":1443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":179,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739306241786}
00423{"packet_event_id":1,"packet_event_name":"packet","packet_id":179,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739306241775,"pkt":"REREREREZmZmZmZmCABFAABQ+mAAub0ROA4KAAABrGhdUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":180,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739306241796,"flow_src_last_pkt_time":946739306241796,"flow_dst_last_pkt_time":946739306241796,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739306241796,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":41800,"dst_port":1443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":180,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_src_last_pkt_time":946739306241796,"flow_dst_last_pkt_time":946739306241796,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739306241796,"pkt":"REREREREZmZmZmZmCABFAAXc+mEgAL0REzoKAAABrGhdUKNIBaMGBE6vtDQBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJqcAR0aWFyA2FwcAAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00884{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":180,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739306241796,"flow_src_last_pkt_time":946739306241796,"flow_dst_last_pkt_time":946739306241796,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739306241796,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":41800,"dst_port":1443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":181,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739306241823}
00423{"packet_event_id":1,"packet_event_name":"packet","packet_id":181,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739306241796,"pkt":"REREREREZmZmZmZmCABFAABQ+mEAub0ROA0KAAABrGhdUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":182,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739306241870,"flow_src_last_pkt_time":946739306241870,"flow_dst_last_pkt_time":946739306241870,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739306241870,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":38283,"dst_port":1443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01200{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_src_last_pkt_time":946739306241870,"flow_dst_last_pkt_time":946739306241870,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_usec":946739306241870,"pkt":"REREREREZmZmZmZmCABFAAIc+mJAAL0R9vgKAAABrGhdUJWLBaMCCMyOtDUBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJqcAR0aWFyA2FwcAAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00881{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":182,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739306241870,"flow_src_last_pkt_time":946739306241870,"flow_dst_last_pkt_time":946739306241870,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739306241870,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":38283,"dst_port":1443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
@@ -361,8 +323,6 @@
00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":184,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739306241927,"flow_src_last_pkt_time":946739306241927,"flow_dst_last_pkt_time":946739306241927,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739306241927,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":56902,"dst_port":1443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_src_last_pkt_time":946739306241927,"flow_dst_last_pkt_time":946739306241927,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739306241927,"pkt":"REREREREZmZmZmZmCABFAAXc+mQgAL0REzcKAAABrGhdUN5GBaMGBBOttDgBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJqcAR0aWFyA2FwcAAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00884{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":184,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739306241927,"flow_src_last_pkt_time":946739306241927,"flow_dst_last_pkt_time":946739306241927,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739306241927,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":56902,"dst_port":1443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":185,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739306241945}
00423{"packet_event_id":1,"packet_event_name":"packet","packet_id":185,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739306241927,"pkt":"REREREREZmZmZmZmCABFAABQ+mQAub0ROAoKAAABrGhdUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00948{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":186,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":2,"flow_src_last_pkt_time":946739306241769,"flow_dst_last_pkt_time":946739306433658,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":361,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":361,"pkt_l4_len":327,"thread_ts_usec":946739306433658,"pkt":"ZmZmZmZmRERERERECABFAAFbc7kAADgRQ2SsaF1QCgAAAQWjwWgBRx3ktDmBgAABAAIAAAAAATINZG5zY3J5cHQtY2VydAJqcAR0aWFyA2FwcAAAEAABwAwAEAABAAAAAAB9fEROU0MAAgAARetMpee6oZgp6bqFLigcb0SLVmyPyCbHZR6HuGkwY4G1zZ8bDjrU7\/iD1UD40EN1uvlcdqls0BZMl43HwVwZARZAkJHggho4ekmN0Zb884jA2erV10Cju7fjg6Pz8KRbF0CQkeCCGjhfU2UoX1NlKF9UtqjADAAQAAEAAAAAAH18RE5TQwABAACIFa1N+k0s+4iBtwxUZ\/VXDn6QTrqbz7JAjEb6C42munCjxleQqYGFgM5AgV1cY1L\/xiUTddAkkuTfkcOlN9YEFkCQkeCCGjh6SY3RlvzziMDZ6tXXQKO7t+ODo\/PwpFsWQJCR4IIaOF9TZShfU2UoX1S2qA=="}
00949{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":187,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":2,"flow_src_last_pkt_time":946739306241888,"flow_dst_last_pkt_time":946739306434568,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":361,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":361,"pkt_l4_len":327,"thread_ts_usec":946739306434568,"pkt":"ZmZmZmZmRERERERECABFAAFbc70AADgRQ2CsaF1QCgAAAQWj6GEBR\/bstDeBgAABAAIAAAAAATINZG5zY3J5cHQtY2VydAJqcAR0aWFyA2FwcAAAEAABwAwAEAABAAAAAAB9fEROU0MAAgAARetMpee6oZgp6bqFLigcb0SLVmyPyCbHZR6HuGkwY4G1zZ8bDjrU7\/iD1UD40EN1uvlcdqls0BZMl43HwVwZARZAkJHggho4ekmN0Zb884jA2erV10Cju7fjg6Pz8KRbF0CQkeCCGjhfU2UoX1NlKF9UtqjADAAQAAEAAAAAAH18RE5TQwABAACIFa1N+k0s+4iBtwxUZ\/VXDn6QTrqbz7JAjEb6C42munCjxleQqYGFgM5AgV1cY1L\/xiUTddAkkuTfkcOlN9YEFkCQkeCCGjh6SY3RlvzziMDZ6tXXQKO7t+ODo\/PwpFsWQJCR4IIaOF9TZShfU2UoX1S2qA=="}
00948{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":188,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":2,"flow_src_last_pkt_time":946739306241775,"flow_dst_last_pkt_time":946739306434825,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":361,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":361,"pkt_l4_len":327,"thread_ts_usec":946739306434825,"pkt":"ZmZmZmZmRERERERECABFAAFbc7oAADgRQ2OsaF1QCgAAAQWjxuEBRxhutDaBgAABAAIAAAAAATINZG5zY3J5cHQtY2VydAJqcAR0aWFyA2FwcAAAEAABwAwAEAABAAAAAAB9fEROU0MAAgAARetMpee6oZgp6bqFLigcb0SLVmyPyCbHZR6HuGkwY4G1zZ8bDjrU7\/iD1UD40EN1uvlcdqls0BZMl43HwVwZARZAkJHggho4ekmN0Zb884jA2erV10Cju7fjg6Pz8KRbF0CQkeCCGjhfU2UoX1NlKF9UtqjADAAQAAEAAAAAAH18RE5TQwABAACIFa1N+k0s+4iBtwxUZ\/VXDn6QTrqbz7JAjEb6C42munCjxleQqYGFgM5AgV1cY1L\/xiUTddAkkuTfkcOlN9YEFkCQkeCCGjh6SY3RlvzziMDZ6tXXQKO7t+ODo\/PwpFsWQJCR4IIaOF9TZShfU2UoX1S2qA=="}
@@ -390,15 +350,9 @@
00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":196,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739311153527,"flow_src_last_pkt_time":946739311153527,"flow_dst_last_pkt_time":946739311153527,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739311153527,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":38278,"dst_port":553,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":196,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_src_last_pkt_time":946739311153527,"flow_dst_last_pkt_time":946739311153527,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739311153527,"pkt":"REREREREZmZmZmZmCABFAAXctEYgAL0RIOAKAAABzbl0dJWGAikGBDIonSYBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAdmcmVldHNhA29yZwAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00885{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":196,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739311153527,"flow_src_last_pkt_time":946739311153527,"flow_dst_last_pkt_time":946739311153527,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739311153527,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":38278,"dst_port":553,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":197,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739311153537}
00423{"packet_event_id":1,"packet_event_name":"packet","packet_id":197,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739311153527,"pkt":"REREREREZmZmZmZmCABFAABQtEUAub0RRbQKAAABzbl0dAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":198,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739311153540}
00423{"packet_event_id":1,"packet_event_name":"packet","packet_id":198,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739311153527,"pkt":"REREREREZmZmZmZmCABFAABQtEYAub0RRbMKAAABzbl0dAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":199,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739311153654,"flow_src_last_pkt_time":946739311153654,"flow_dst_last_pkt_time":946739311153654,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739311153654,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":55822,"dst_port":553,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_src_last_pkt_time":946739311153654,"flow_dst_last_pkt_time":946739311153654,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739311153654,"pkt":"REREREREZmZmZmZmCABFAAXctEcgAL0RIN8KAAABzbl0dNoOAikGBO2dnSgBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAdmcmVldHNhA29yZwAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00885{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":199,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739311153654,"flow_src_last_pkt_time":946739311153654,"flow_dst_last_pkt_time":946739311153654,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739311153654,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":55822,"dst_port":553,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":200,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739311153670}
00423{"packet_event_id":1,"packet_event_name":"packet","packet_id":200,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739311153654,"pkt":"REREREREZmZmZmZmCABFAABQtEcAub0RRbIKAAABzbl0dAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":2,"flow_src_last_pkt_time":946739311153446,"flow_dst_last_pkt_time":946739311306630,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"thread_ts_usec":946739311306630,"pkt":"ZmZmZmZmRERERERECABFAADShQAAADIRADHNuXR0CgAAAQIpqggAvpKvnSmBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAdmcmVldHNhA29yZwAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAn\/hr1LBKsWo8ISWGing3CJIxyJebVH0i+FiEft0kNqLwa8d8MG0HYasP8XBuGRRYuXbJWON+8OmftD\/GOCqkDQBv6De0v2\/+w89vsWNxuh1o1S9D9qyf\/kIslLiOA5h7AG\/oN7S\/b\/5fU2VhX1NlYV9UtuE="}
00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":202,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":2,"flow_src_last_pkt_time":946739311153426,"flow_dst_last_pkt_time":946739311308261,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"thread_ts_usec":946739311308261,"pkt":"ZmZmZmZmRERERERECABFAADShP8AADIRADLNuXR0CgAAAQIpl98AvqTWnSuBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAdmcmVldHNhA29yZwAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAn\/hr1LBKsWo8ISWGing3CJIxyJebVH0i+FiEft0kNqLwa8d8MG0HYasP8XBuGRRYuXbJWON+8OmftD\/GOCqkDQBv6De0v2\/+w89vsWNxuh1o1S9D9qyf\/kIslLiOA5h7AG\/oN7S\/b\/5fU2VhX1NlYV9UtuE="}
00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":203,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":2,"flow_src_last_pkt_time":946739311153416,"flow_dst_last_pkt_time":946739311310248,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"thread_ts_usec":946739311310248,"pkt":"ZmZmZmZmRERERERECABFAADShQEAADIRADDNuXR0CgAAAQIplc0AvqbsnSeBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAdmcmVldHNhA29yZwAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAn\/hr1LBKsWo8ISWGing3CJIxyJebVH0i+FiEft0kNqLwa8d8MG0HYasP8XBuGRRYuXbJWON+8OmftD\/GOCqkDQBv6De0v2\/+w89vsWNxuh1o1S9D9qyf\/kIslLiOA5h7AG\/oN7S\/b\/5fU2VhX1NlYV9UtuE="}
@@ -414,21 +368,15 @@
00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":209,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739311802400,"flow_src_last_pkt_time":946739311802400,"flow_dst_last_pkt_time":946739311802400,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739311802400,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":52911,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01200{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":209,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_src_last_pkt_time":946739311802400,"flow_dst_last_pkt_time":946739311802400,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_usec":946739311802400,"pkt":"REREREREZmZmZmZmCABFAAIcgvBAAL0RWGEKAAABNEHrgc6vAbsCCOKYCnEBAAABAAAAAAABATINZG5zY3J5cHQtY2VydApkZWZmZXItZG5zAmF1AAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00880{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":209,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739311802400,"flow_src_last_pkt_time":946739311802400,"flow_dst_last_pkt_time":946739311802400,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739311802400,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":52911,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":210,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739311802405}
00423{"packet_event_id":1,"packet_event_name":"packet","packet_id":210,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739311802400,"pkt":"REREREREZmZmZmZmCABFAABQgu8Aub0RmXUKAAABNEHrgQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":211,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739311802444,"flow_src_last_pkt_time":946739311802444,"flow_dst_last_pkt_time":946739311802444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739311802444,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":47685,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":211,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_src_last_pkt_time":946739311802444,"flow_dst_last_pkt_time":946739311802444,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739311802444,"pkt":"REREREREZmZmZmZmCABFAAXcgvEgAL0RdKAKAAABNEHrgbpFAbsGBAozCm4BAAABAAAAAAABATINZG5zY3J5cHQtY2VydApkZWZmZXItZG5zAmF1AAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00883{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":211,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739311802444,"flow_src_last_pkt_time":946739311802444,"flow_dst_last_pkt_time":946739311802444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739311802444,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":47685,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":212,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739311802455,"flow_src_last_pkt_time":946739311802455,"flow_dst_last_pkt_time":946739311802455,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739311802455,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":55979,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01200{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":212,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_src_last_pkt_time":946739311802455,"flow_dst_last_pkt_time":946739311802455,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_usec":946739311802455,"pkt":"REREREREZmZmZmZmCABFAAIcgvJAAL0RWF8KAAABNEHrgdqrAbsCCOKYCm8BAAABAAAAAAABATINZG5zY3J5cHQtY2VydApkZWZmZXItZG5zAmF1AAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00880{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":212,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739311802455,"flow_src_last_pkt_time":946739311802455,"flow_dst_last_pkt_time":946739311802455,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739311802455,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":55979,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":213,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739311802465}
00423{"packet_event_id":1,"packet_event_name":"packet","packet_id":213,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739311802455,"pkt":"REREREREZmZmZmZmCABFAABQgvEAub0RmXMKAAABNEHrgQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":214,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739311802507,"flow_src_last_pkt_time":946739311802507,"flow_dst_last_pkt_time":946739311802507,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739311802507,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":55409,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_src_last_pkt_time":946739311802507,"flow_dst_last_pkt_time":946739311802507,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739311802507,"pkt":"REREREREZmZmZmZmCABFAAXcgvMgAL0RdJ4KAAABNEHrgdhxAbsGBOwCCnIBAAABAAAAAAABATINZG5zY3J5cHQtY2VydApkZWZmZXItZG5zAmF1AAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00883{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":214,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739311802507,"flow_src_last_pkt_time":946739311802507,"flow_dst_last_pkt_time":946739311802507,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739311802507,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":55409,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":215,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739311802526}
00423{"packet_event_id":1,"packet_event_name":"packet","packet_id":215,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739311802507,"pkt":"REREREREZmZmZmZmCABFAABQgvMAub0RmXEKAAABNEHrgQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":2,"flow_src_last_pkt_time":946739311802321,"flow_dst_last_pkt_time":946739312102709,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"thread_ts_usec":946739312102709,"pkt":"ZmZmZmZmRERERERECABFAADUhiJAACkR6nc0QeuBCgAAAQG72hoAwNtICnOBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydApkZWZmZXItZG5zAmF1AAAQAAHADAAQAAEAAHCAAH18RE5TQwACAAAHR7dJhGoyFx8KdrkIsoh61C8rxtxAaFzxQo\/agVQzzjpZ5APiE6q3FOpAI96QjakMreCrdTAjP8EJbJX\/I6UH9uHXHTkXq4cOyA70iJwlafDxONoi+u6\/0zTNviG6FU724dcdORerhwAAAAFfU2DvX1Sybw=="}
00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":2,"flow_src_last_pkt_time":946739311802400,"flow_dst_last_pkt_time":946739312103356,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"thread_ts_usec":946739312103356,"pkt":"ZmZmZmZmRERERERECABFAADUhiRAACkR6nU0QeuBCgAAAQG7zq8AwOa1CnGBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydApkZWZmZXItZG5zAmF1AAAQAAHADAAQAAEAAHCAAH18RE5TQwACAAAHR7dJhGoyFx8KdrkIsoh61C8rxtxAaFzxQo\/agVQzzjpZ5APiE6q3FOpAI96QjakMreCrdTAjP8EJbJX\/I6UH9uHXHTkXq4cOyA70iJwlafDxONoi+u6\/0zTNviG6FU724dcdORerhwAAAAFfU2DvX1Sybw=="}
00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":2,"flow_src_last_pkt_time":946739311802386,"flow_dst_last_pkt_time":946739312103386,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"thread_ts_usec":946739312103386,"pkt":"ZmZmZmZmRERERERECABFAADUhiNAACgR63Y0QeuBCgAAAQG7tOkAwAB9CnCBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydApkZWZmZXItZG5zAmF1AAAQAAHADAAQAAEAAHCAAH18RE5TQwACAAAHR7dJhGoyFx8KdrkIsoh61C8rxtxAaFzxQo\/agVQzzjpZ5APiE6q3FOpAI96QjakMreCrdTAjP8EJbJX\/I6UH9uHXHTkXq4cOyA70iJwlafDxONoi+u6\/0zTNviG6FU724dcdORerhwAAAAFfU2DvX1Sybw=="}
@@ -437,22 +385,16 @@
02483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_src_last_pkt_time":946739312105460,"flow_dst_last_pkt_time":946739312105460,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739312105460,"pkt":"REREREREZmZmZmZmCABFAAXcRfwgAL0RYAgKAAABMw8+QZecAbsGBGX0xUgBAAABAAAAAAABATINZG5zY3J5cHQtY2VydA5za3lmaWdodGVyLWRucwNjb20AABAAAQAAAAAAAAAAAAW9AAwFuQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00881{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":220,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739312105460,"flow_src_last_pkt_time":946739312105460,"flow_dst_last_pkt_time":946739312105460,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739312105460,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":38812,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":2,"flow_src_last_pkt_time":946739311802507,"flow_dst_last_pkt_time":946739312105464,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"thread_ts_usec":946739312105464,"pkt":"ZmZmZmZmRERERERECABFAADUhiZAACkR6nM0QeuBCgAAAQG72HEAwNzyCnKBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydApkZWZmZXItZG5zAmF1AAAQAAHADAAQAAEAAHCAAH18RE5TQwACAAAHR7dJhGoyFx8KdrkIsoh61C8rxtxAaFzxQo\/agVQzzjpZ5APiE6q3FOpAI96QjakMreCrdTAjP8EJbJX\/I6UH9uHXHTkXq4cOyA70iJwlafDxONoi+u6\/0zTNviG6FU724dcdORerhwAAAAFfU2DvX1Sybw=="}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":222,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739312105484}
00423{"packet_event_id":1,"packet_event_name":"packet","packet_id":222,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739312105464,"pkt":"REREREREZmZmZmZmCABFAABQRfwAub0RhNsKAAABMw8+QQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":223,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739312105560,"flow_src_last_pkt_time":946739312105560,"flow_dst_last_pkt_time":946739312105560,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739312105560,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":45993,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01200{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":223,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_src_last_pkt_time":946739312105560,"flow_dst_last_pkt_time":946739312105560,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_usec":946739312105560,"pkt":"REREREREZmZmZmZmCABFAAIcRf1AAL0RQ8cKAAABMw8+QbOpAbsCCDQmxUkBAAABAAAAAAABATINZG5zY3J5cHQtY2VydA5za3lmaWdodGVyLWRucwNjb20AABAAAQAAAAAAAAAAAAHBAAwBvQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00878{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":223,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739312105560,"flow_src_last_pkt_time":946739312105560,"flow_dst_last_pkt_time":946739312105560,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739312105560,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":45993,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":224,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739312105609,"flow_src_last_pkt_time":946739312105609,"flow_dst_last_pkt_time":946739312105609,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739312105609,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":56688,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":224,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_src_last_pkt_time":946739312105609,"flow_dst_last_pkt_time":946739312105609,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739312105609,"pkt":"REREREREZmZmZmZmCABFAAXcRf4gAL0RYAYKAAABMw8+Qd1wAbsGBCAixUYBAAABAAAAAAABATINZG5zY3J5cHQtY2VydA5za3lmaWdodGVyLWRucwNjb20AABAAAQAAAAAAAAAAAAW9AAwFuQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00881{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":224,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739312105609,"flow_src_last_pkt_time":946739312105609,"flow_dst_last_pkt_time":946739312105609,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739312105609,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":56688,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":225,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739312105630}
00423{"packet_event_id":1,"packet_event_name":"packet","packet_id":225,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739312105609,"pkt":"REREREREZmZmZmZmCABFAABQRf4Aub0RhNkKAAABMw8+QQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":2,"flow_src_last_pkt_time":946739311802455,"flow_dst_last_pkt_time":946739312105709,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"thread_ts_usec":946739312105709,"pkt":"ZmZmZmZmRERERERECABFAADUhidAACgR63I0QeuBCgAAAQG72qsAwNq7Cm+BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydApkZWZmZXItZG5zAmF1AAAQAAHADAAQAAEAAHCAAH18RE5TQwACAAAHR7dJhGoyFx8KdrkIsoh61C8rxtxAaFzxQo\/agVQzzjpZ5APiE6q3FOpAI96QjakMreCrdTAjP8EJbJX\/I6UH9uHXHTkXq4cOyA70iJwlafDxONoi+u6\/0zTNviG6FU724dcdORerhwAAAAFfU2DvX1Sybw=="}
00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":227,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739312105859,"flow_src_last_pkt_time":946739312105859,"flow_dst_last_pkt_time":946739312105859,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739312105859,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":33521,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":227,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_src_last_pkt_time":946739312105859,"flow_dst_last_pkt_time":946739312105859,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739312105859,"pkt":"REREREREZmZmZmZmCABFAAXcRf8gAL0RYAUKAAABMw8+QYLxAbsGBHqjxUQBAAABAAAAAAABATINZG5zY3J5cHQtY2VydA5za3lmaWdodGVyLWRucwNjb20AABAAAQAAAAAAAAAAAAW9AAwFuQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00881{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":227,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739312105859,"flow_src_last_pkt_time":946739312105859,"flow_dst_last_pkt_time":946739312105859,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739312105859,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":33521,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":228,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739312105877}
00423{"packet_event_id":1,"packet_event_name":"packet","packet_id":228,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739312105859,"pkt":"REREREREZmZmZmZmCABFAABQRf8Aub0RhNgKAAABMw8+QQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":229,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739312105922,"flow_src_last_pkt_time":946739312105922,"flow_dst_last_pkt_time":946739312105922,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739312105922,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":43714,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01200{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":229,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_src_last_pkt_time":946739312105922,"flow_dst_last_pkt_time":946739312105922,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_usec":946739312105922,"pkt":"REREREREZmZmZmZmCABFAAIcRgBAAL0RQ8QKAAABMw8+QarCAbsCCDQmxUUBAAABAAAAAAABATINZG5zY3J5cHQtY2VydA5za3lmaWdodGVyLWRucwNjb20AABAAAQAAAAAAAAAAAAHBAAwBvQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00878{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":229,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739312105922,"flow_src_last_pkt_time":946739312105922,"flow_dst_last_pkt_time":946739312105922,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739312105922,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":43714,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
@@ -467,13 +409,9 @@
00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":234,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739312132111,"flow_src_last_pkt_time":946739312132111,"flow_dst_last_pkt_time":946739312132111,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739312132111,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":37890,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":234,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_src_last_pkt_time":946739312132111,"flow_dst_last_pkt_time":946739312132111,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739312132111,"pkt":"REREREREZmZmZmZmCABFAAXcwbUgAL0RbKUKAAABLZm7YJQCEPcGBM6aMPUBAAABAAAAAAABATINZG5zY3J5cHQtY2VydA9zdGgtZG5zY3J5cHQtc2UAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00884{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":234,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739312132111,"flow_src_last_pkt_time":946739312132111,"flow_dst_last_pkt_time":946739312132111,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739312132111,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":37890,"dst_port":4343,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":235,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739312132131}
00423{"packet_event_id":1,"packet_event_name":"packet","packet_id":235,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739312132111,"pkt":"REREREREZmZmZmZmCABFAABQwbUAub0RkXgKAAABLZm7YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":236,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739312132157,"flow_src_last_pkt_time":946739312132157,"flow_dst_last_pkt_time":946739312132157,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739312132157,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":45987,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":236,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_src_last_pkt_time":946739312132157,"flow_dst_last_pkt_time":946739312132157,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739312132157,"pkt":"REREREREZmZmZmZmCABFAAXcwbYgAL0RbKQKAAABLZm7YLOjEPcGBK77MPMBAAABAAAAAAABATINZG5zY3J5cHQtY2VydA9zdGgtZG5zY3J5cHQtc2UAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00884{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":236,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739312132157,"flow_src_last_pkt_time":946739312132157,"flow_dst_last_pkt_time":946739312132157,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739312132157,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":45987,"dst_port":4343,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":237,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739312132174}
00423{"packet_event_id":1,"packet_event_name":"packet","packet_id":237,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739312132157,"pkt":"REREREREZmZmZmZmCABFAABQwbYAub0RkXcKAAABLZm7YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":238,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739312132193,"flow_src_last_pkt_time":946739312132193,"flow_dst_last_pkt_time":946739312132193,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739312132193,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":46063,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01200{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":238,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_src_last_pkt_time":946739312132193,"flow_dst_last_pkt_time":946739312132193,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_usec":946739312132193,"pkt":"REREREREZmZmZmZmCABFAAIcwbdAAL0RUGMKAAABLZm7YLPvEPcCCKvPMPYBAAABAAAAAAABATINZG5zY3J5cHQtY2VydA9zdGgtZG5zY3J5cHQtc2UAABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00881{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":238,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739312132193,"flow_src_last_pkt_time":946739312132193,"flow_dst_last_pkt_time":946739312132193,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739312132193,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":46063,"dst_port":4343,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
@@ -483,8 +421,6 @@
00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":240,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739312132266,"flow_src_last_pkt_time":946739312132266,"flow_dst_last_pkt_time":946739312132266,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739312132266,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":40451,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":240,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_src_last_pkt_time":946739312132266,"flow_dst_last_pkt_time":946739312132266,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739312132266,"pkt":"REREREREZmZmZmZmCABFAAXcwbkgAL0RbKEKAAABLZm7YJ4DEPcGBMSXMPcBAAABAAAAAAABATINZG5zY3J5cHQtY2VydA9zdGgtZG5zY3J5cHQtc2UAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00884{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":240,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739312132266,"flow_src_last_pkt_time":946739312132266,"flow_dst_last_pkt_time":946739312132266,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739312132266,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":40451,"dst_port":4343,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":241,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739312132283}
00423{"packet_event_id":1,"packet_event_name":"packet","packet_id":241,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739312132266,"pkt":"REREREREZmZmZmZmCABFAABQwbkAub0RkXQKAAABLZm7YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00768{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":242,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":2,"flow_src_last_pkt_time":946739312105859,"flow_dst_last_pkt_time":946739312132855,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"thread_ts_usec":946739312132855,"pkt":"ZmZmZmZmRERERERECABFAADZ1M0AADURfjozDz5BCgAAAQG7gvEAxUKLxUSBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydA5za3lmaWdodGVyLWRucwNjb20AABAAAcAMABAAAQAAcIAAfXxETlNDAAIAAG60zsERLlFII2wj6zTIwofCbgq4wxjKMp9YEu9fS884Cf11c1Q4cTQ+J+ZjK7ZH4aaqK8VPbAGFYW80ueYrfwU8FAQJxEup2Hwk1EI2Qz7npiyDDRkpQyGDCxkaPRZtbjwUBAnES6nYAAAAAV9TrQRfVP6E"}
00768{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":243,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":2,"flow_src_last_pkt_time":946739312105560,"flow_dst_last_pkt_time":946739312133331,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"thread_ts_usec":946739312133331,"pkt":"ZmZmZmZmRERERERECABFAADZ1MoAADURfj0zDz5BCgAAAQG7s6kAxRHOxUmBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydA5za3lmaWdodGVyLWRucwNjb20AABAAAcAMABAAAQAAcIAAfXxETlNDAAIAAG60zsERLlFII2wj6zTIwofCbgq4wxjKMp9YEu9fS884Cf11c1Q4cTQ+J+ZjK7ZH4aaqK8VPbAGFYW80ueYrfwU8FAQJxEup2Hwk1EI2Qz7npiyDDRkpQyGDCxkaPRZtbjwUBAnES6nYAAAAAV9TrQRfVP6E"}
00768{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":244,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":2,"flow_src_last_pkt_time":946739312106245,"flow_dst_last_pkt_time":946739312136620,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"thread_ts_usec":946739312136620,"pkt":"ZmZmZmZmRERERERECABFAADZ1M4AADURfjkzDz5BCgAAAQG77T8Axdg5xUeBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydA5za3lmaWdodGVyLWRucwNjb20AABAAAcAMABAAAQAAcIAAfXxETlNDAAIAAG60zsERLlFII2wj6zTIwofCbgq4wxjKMp9YEu9fS884Cf11c1Q4cTQ+J+ZjK7ZH4aaqK8VPbAGFYW80ueYrfwU8FAQJxEup2Hwk1EI2Qz7npiyDDRkpQyGDCxkaPRZtbjwUBAnES6nYAAAAAV9TrQRfVP6E"}
@@ -501,24 +437,18 @@
00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":253,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739312286028,"flow_src_last_pkt_time":946739312286028,"flow_dst_last_pkt_time":946739312286028,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739312286028,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":48448,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":253,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_src_last_pkt_time":946739312286028,"flow_dst_last_pkt_time":946739312286028,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739312286028,"pkt":"REREREREZmZmZmZmCABFAAXcaDMgAL0RTlkKAAABQlUec71AAbsGBPfPLCkBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00882{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":253,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739312286028,"flow_src_last_pkt_time":946739312286028,"flow_dst_last_pkt_time":946739312286028,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739312286028,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":48448,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":254,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739312286045}
00423{"packet_event_id":1,"packet_event_name":"packet","packet_id":254,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739312286028,"pkt":"REREREREZmZmZmZmCABFAABQaDMAub0RcywKAAABQlUecwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":255,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739312286047,"flow_src_last_pkt_time":946739312286047,"flow_dst_last_pkt_time":946739312286047,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739312286047,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":40099,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01200{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":255,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_src_last_pkt_time":946739312286047,"flow_dst_last_pkt_time":946739312286047,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_usec":946739312286047,"pkt":"REREREREZmZmZmZmCABFAAIcaDRAAL0RMhgKAAABQlUec5yjAbsCCCOeLCoBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00879{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":255,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739312286047,"flow_src_last_pkt_time":946739312286047,"flow_dst_last_pkt_time":946739312286047,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739312286047,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":40099,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":256,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739312286137,"flow_src_last_pkt_time":946739312286137,"flow_dst_last_pkt_time":946739312286137,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739312286137,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":47432,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_src_last_pkt_time":946739312286137,"flow_dst_last_pkt_time":946739312286137,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739312286137,"pkt":"REREREREZmZmZmZmCABFAAXcaDUgAL0RTlcKAAABQlUec7lIAbsGBPvFLCsBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00883{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":256,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739312286137,"flow_src_last_pkt_time":946739312286137,"flow_dst_last_pkt_time":946739312286137,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739312286137,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":47432,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":257,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739312286155}
00423{"packet_event_id":1,"packet_event_name":"packet","packet_id":257,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739312286137,"pkt":"REREREREZmZmZmZmCABFAABQaDUAub0RcyoKAAABQlUecwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":258,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739312286168,"flow_src_last_pkt_time":946739312286168,"flow_dst_last_pkt_time":946739312286168,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739312286168,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":54112,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01201{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":258,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_src_last_pkt_time":946739312286168,"flow_dst_last_pkt_time":946739312286168,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_usec":946739312286168,"pkt":"REREREREZmZmZmZmCABFAAIcaDZAAL0RMhYKAAABQlUec9NgAbsCCCOeLCgBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00880{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":258,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739312286168,"flow_src_last_pkt_time":946739312286168,"flow_dst_last_pkt_time":946739312286168,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739312286168,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":54112,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":259,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739312286182,"flow_src_last_pkt_time":946739312286182,"flow_dst_last_pkt_time":946739312286182,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739312286182,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":35634,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":259,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_src_last_pkt_time":946739312286182,"flow_dst_last_pkt_time":946739312286182,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739312286182,"pkt":"REREREREZmZmZmZmCABFAAXcaDcgAL0RTlUKAAABQlUec4syAbsGBCngLCcBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00883{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":259,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739312286182,"flow_src_last_pkt_time":946739312286182,"flow_dst_last_pkt_time":946739312286182,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739312286182,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":35634,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":260,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739312286200}
00423{"packet_event_id":1,"packet_event_name":"packet","packet_id":260,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739312286182,"pkt":"REREREREZmZmZmZmCABFAABQaDcAub0RcygKAAABQlUecwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":2,"flow_src_last_pkt_time":946739312286168,"flow_dst_last_pkt_time":946739312399677,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"thread_ts_usec":946739312399677,"pkt":"ZmZmZmZmRERERERECABFAADUFOhAADYRDa1CVR5zCgAAAQG702AAwE8ILCiBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAHADAAQAAEAAHCAAH18RE5TQwACAADd8l9MieIsifjQGavIzw6tdHygby+pfz9uNV\/2so9cMC7hGKDfc+LzmB07CCRnhhWiHEKH9gFPecA8dSkDUDQHbk9p0e06j3wfoDIfK8NHA0t38M\/xpcLwZlzH2416A0JuT2nR7TqPfAAAAAFfU1T+X1Smfg=="}
00766{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":262,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":2,"flow_src_last_pkt_time":946739312286003,"flow_dst_last_pkt_time":946739312400829,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"thread_ts_usec":946739312400829,"pkt":"ZmZmZmZmRERERERECABFAADUFOlAADYRDaxCVR5zCgAAAQG72lgAwEgMLCyBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAHADAAQAAEAAHCAAH18RE5TQwACAADd8l9MieIsifjQGavIzw6tdHygby+pfz9uNV\/2so9cMC7hGKDfc+LzmB07CCRnhhWiHEKH9gFPecA8dSkDUDQHbk9p0e06j3wfoDIfK8NHA0t38M\/xpcLwZlzH2416A0JuT2nR7TqPfAAAAAFfU1T+X1Smfg=="}
00766{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":263,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":2,"flow_src_last_pkt_time":946739312286028,"flow_dst_last_pkt_time":946739312401005,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"thread_ts_usec":946739312401005,"pkt":"ZmZmZmZmRERERERECABFAADUFOpAADYRDatCVR5zCgAAAQG7vUAAwGUnLCmBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAHADAAQAAEAAHCAAH18RE5TQwACAADd8l9MieIsifjQGavIzw6tdHygby+pfz9uNV\/2so9cMC7hGKDfc+LzmB07CCRnhhWiHEKH9gFPecA8dSkDUDQHbk9p0e06j3wfoDIfK8NHA0t38M\/xpcLwZlzH2416A0JuT2nR7TqPfAAAAAFfU1T+X1Smfg=="}
@@ -528,24 +458,18 @@
00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":265,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739312402248,"flow_src_last_pkt_time":946739312402248,"flow_dst_last_pkt_time":946739312402248,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739312402248,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":49186,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":265,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_src_last_pkt_time":946739312402248,"flow_dst_last_pkt_time":946739312402248,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739312402248,"pkt":"REREREREZmZmZmZmCABFAAXc7t4gAL0R6HAKAAABXV\/ipcAiAbsGBEBnx+kBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANpczIEZDB3bgNiaXoAABAAAQAAAAAAAAAAAAXDAAwFvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00884{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":265,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739312402248,"flow_src_last_pkt_time":946739312402248,"flow_dst_last_pkt_time":946739312402248,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739312402248,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":49186,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":266,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739312402267}
00424{"packet_event_id":1,"packet_event_name":"packet","packet_id":266,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739312402248,"pkt":"REREREREZmZmZmZmCABFAABQ7t4Aub0RDUQKAAABXV\/ipQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":267,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739312402318,"flow_src_last_pkt_time":946739312402318,"flow_dst_last_pkt_time":946739312402318,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739312402318,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":58113,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_src_last_pkt_time":946739312402318,"flow_dst_last_pkt_time":946739312402318,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739312402318,"pkt":"REREREREZmZmZmZmCABFAAXc7t8gAL0R6G8KAAABXV\/ipeMBAbsGBB2Gx+sBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANpczIEZDB3bgNiaXoAABAAAQAAAAAAAAAAAAXDAAwFvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00884{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":267,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739312402318,"flow_src_last_pkt_time":946739312402318,"flow_dst_last_pkt_time":946739312402318,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739312402318,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":58113,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":268,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739312402323,"flow_src_last_pkt_time":946739312402323,"flow_dst_last_pkt_time":946739312402323,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739312402323,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":42156,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01202{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_src_last_pkt_time":946739312402323,"flow_dst_last_pkt_time":946739312402323,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_usec":946739312402323,"pkt":"REREREREZmZmZmZmCABFAAIc7uBAAL0RzC4KAAABXV\/ipaSsAbsCCALbx+oBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANpczIEZDB3bgNiaXoAABAAAQAAAAAAAAAAAAHHAAwBwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00881{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":268,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739312402323,"flow_src_last_pkt_time":946739312402323,"flow_dst_last_pkt_time":946739312402323,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739312402323,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":42156,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":269,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739312402335}
00424{"packet_event_id":1,"packet_event_name":"packet","packet_id":269,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739312402323,"pkt":"REREREREZmZmZmZmCABFAABQ7t8Aub0RDUMKAAABXV\/ipQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":270,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739312402350,"flow_src_last_pkt_time":946739312402350,"flow_dst_last_pkt_time":946739312402350,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739312402350,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":58936,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01202{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":270,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_src_last_pkt_time":946739312402350,"flow_dst_last_pkt_time":946739312402350,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_usec":946739312402350,"pkt":"REREREREZmZmZmZmCABFAAIc7uFAAL0RzC0KAAABXV\/ipeY4AbsCCALbx+gBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANpczIEZDB3bgNiaXoAABAAAQAAAAAAAAAAAAHHAAwBwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00881{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":270,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739312402350,"flow_src_last_pkt_time":946739312402350,"flow_dst_last_pkt_time":946739312402350,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739312402350,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":58936,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":271,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739312402392,"flow_src_last_pkt_time":946739312402392,"flow_dst_last_pkt_time":946739312402392,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739312402392,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":40595,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":271,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_src_last_pkt_time":946739312402392,"flow_dst_last_pkt_time":946739312402392,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739312402392,"pkt":"REREREREZmZmZmZmCABFAAXc7uIgAL0R6GwKAAABXV\/ipZ6TAbsGBGH4x+cBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANpczIEZDB3bgNiaXoAABAAAQAAAAAAAAAAAAXDAAwFvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00884{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":271,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739312402392,"flow_src_last_pkt_time":946739312402392,"flow_dst_last_pkt_time":946739312402392,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739312402392,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":40595,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":272,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739312402408}
00424{"packet_event_id":1,"packet_event_name":"packet","packet_id":272,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739312402392,"pkt":"REREREREZmZmZmZmCABFAABQ7uIAub0RDUAKAAABXV\/ipQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00766{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":273,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":2,"flow_src_last_pkt_time":946739312286047,"flow_dst_last_pkt_time":946739312405003,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"thread_ts_usec":946739312405003,"pkt":"ZmZmZmZmRERERERECABFAADUFOtAADYRDapCVR5zCgAAAQG7nKMAwIXDLCqBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAHADAAQAAEAAHCAAH18RE5TQwACAADd8l9MieIsifjQGavIzw6tdHygby+pfz9uNV\/2so9cMC7hGKDfc+LzmB07CCRnhhWiHEKH9gFPecA8dSkDUDQHbk9p0e06j3wfoDIfK8NHA0t38M\/xpcLwZlzH2416A0JuT2nR7TqPfAAAAAFfU1T+X1Smfg=="}
00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":2,"flow_src_last_pkt_time":946739312286137,"flow_dst_last_pkt_time":946739312406315,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"thread_ts_usec":946739312406315,"pkt":"ZmZmZmZmRERERERECABFAADUFOxAADYRDalCVR5zCgAAAQG7uUgAwGkdLCuBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAHADAAQAAEAAHCAAH18RE5TQwACAADd8l9MieIsifjQGavIzw6tdHygby+pfz9uNV\/2so9cMC7hGKDfc+LzmB07CCRnhhWiHEKH9gFPecA8dSkDUDQHbk9p0e06j3wfoDIfK8NHA0t38M\/xpcLwZlzH2416A0JuT2nR7TqPfAAAAAFfU1T+X1Smfg=="}
00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":275,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":2,"flow_src_last_pkt_time":946739312286182,"flow_dst_last_pkt_time":946739312407141,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"thread_ts_usec":946739312407141,"pkt":"ZmZmZmZmRERERERECABFAADUFO1AADYRDahCVR5zCgAAAQG7izIAwJc3LCeBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAHADAAQAAEAAHCAAH18RE5TQwACAADd8l9MieIsifjQGavIzw6tdHygby+pfz9uNV\/2so9cMC7hGKDfc+LzmB07CCRnhhWiHEKH9gFPecA8dSkDUDQHbk9p0e06j3wfoDIfK8NHA0t38M\/xpcLwZlzH2416A0JuT2nR7TqPfAAAAAFfU1T+X1Smfg=="}
@@ -558,13 +482,9 @@
00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":280,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739317403317,"flow_src_last_pkt_time":946739317403317,"flow_dst_last_pkt_time":946739317403317,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739317403317,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":47257,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":280,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_src_last_pkt_time":946739317403317,"flow_dst_last_pkt_time":946739317403317,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739317403317,"pkt":"REREREREZmZmZmZmCABFAAXcmsIgAL0RopIKAAABM56mYbiZAbsGBBC9B18BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxhY3NhY3Nhci1hbXMDY29tAAAQAAEAAAAAAAAAAAAFvwAMBbsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00884{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":280,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739317403317,"flow_src_last_pkt_time":946739317403317,"flow_dst_last_pkt_time":946739317403317,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739317403317,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":47257,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":281,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739317403330}
00423{"packet_event_id":1,"packet_event_name":"packet","packet_id":281,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739317403317,"pkt":"REREREREZmZmZmZmCABFAABQmsIAub0Rx2UKAAABM56mYQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":282,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739317403338,"flow_src_last_pkt_time":946739317403338,"flow_dst_last_pkt_time":946739317403338,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739317403338,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":46066,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":282,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":1,"flow_src_last_pkt_time":946739317403338,"flow_dst_last_pkt_time":946739317403338,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739317403338,"pkt":"REREREREZmZmZmZmCABFAAXcmsMgAL0RopEKAAABM56mYbPyAbsGBBVmB10BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxhY3NhY3Nhci1hbXMDY29tAAAQAAEAAAAAAAAAAAAFvwAMBbsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00884{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":282,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739317403338,"flow_src_last_pkt_time":946739317403338,"flow_dst_last_pkt_time":946739317403338,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739317403338,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":46066,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":283,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739317403350}
00423{"packet_event_id":1,"packet_event_name":"packet","packet_id":283,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739317403338,"pkt":"REREREREZmZmZmZmCABFAABQmsMAub0Rx2QKAAABM56mYQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":284,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739317403392,"flow_src_last_pkt_time":946739317403392,"flow_dst_last_pkt_time":946739317403392,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739317403392,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":56494,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01201{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":284,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":1,"flow_src_last_pkt_time":946739317403392,"flow_dst_last_pkt_time":946739317403392,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_usec":946739317403392,"pkt":"REREREREZmZmZmZmCABFAAIcmsRAAL0RhlAKAAABM56mYdyuAbsCCJzVB2ABAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxhY3NhY3Nhci1hbXMDY29tAAAQAAEAAAAAAAAAAAABwwAMAb8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00881{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":284,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739317403392,"flow_src_last_pkt_time":946739317403392,"flow_dst_last_pkt_time":946739317403392,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739317403392,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":56494,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
@@ -574,8 +494,6 @@
00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":286,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739317403417,"flow_src_last_pkt_time":946739317403417,"flow_dst_last_pkt_time":946739317403417,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739317403417,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":48065,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":286,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":1,"flow_src_last_pkt_time":946739317403417,"flow_dst_last_pkt_time":946739317403417,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739317403417,"pkt":"REREREREZmZmZmZmCABFAAXcmsUgAL0Roo8KAAABM56mYbvBAbsGBA2TB2EBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxhY3NhY3Nhci1hbXMDY29tAAAQAAEAAAAAAAAAAAAFvwAMBbsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00884{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":286,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739317403417,"flow_src_last_pkt_time":946739317403417,"flow_dst_last_pkt_time":946739317403417,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739317403417,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":48065,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":287,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739317403429}
00423{"packet_event_id":1,"packet_event_name":"packet","packet_id":287,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739317403417,"pkt":"REREREREZmZmZmZmCABFAABQmsUAub0Rx2IKAAABM56mYQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00773{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":288,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":2,"flow_src_last_pkt_time":946739317403292,"flow_dst_last_pkt_time":946739317428375,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"thread_ts_usec":946739317428375,"pkt":"ZmZmZmZmRERERERECABFAADXKhpAADMRgkAznqZhCgAAAQG7kKsAw\/s4B2KBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAxhY3NhY3Nhci1hbXMDY29tAAAQAAHADAAQAAEAAHCAAH18RE5TQwACAAAQt4OLzm4x3OBnTPVYOyWbwQ07ZuPzfh5UHeUSDpkuLilk8PnzqIG19XCvUsQGZmTzZ+d2RjpSDvvlP\/+37YoDPjwKVuBVGSevZiWx3QxU\/Ww92uJXMr1\/GUOUVCxbO0A+PApW4FUZJwAAAAFfU6w6X1T9ug=="}
00772{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":289,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":2,"flow_src_last_pkt_time":946739317403392,"flow_dst_last_pkt_time":946739317429999,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"thread_ts_usec":946739317429999,"pkt":"ZmZmZmZmRERERERECABFAADXKh1AADMRgj0znqZhCgAAAQG73K4Aw683B2CBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAxhY3NhY3Nhci1hbXMDY29tAAAQAAHADAAQAAEAAHCAAH18RE5TQwACAAAQt4OLzm4x3OBnTPVYOyWbwQ07ZuPzfh5UHeUSDpkuLilk8PnzqIG19XCvUsQGZmTzZ+d2RjpSDvvlP\/+37YoDPjwKVuBVGSevZiWx3QxU\/Ww92uJXMr1\/GUOUVCxbO0A+PApW4FUZJwAAAAFfU6w6X1T9ug=="}
00772{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":2,"flow_src_last_pkt_time":946739317403317,"flow_dst_last_pkt_time":946739317431691,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"thread_ts_usec":946739317431691,"pkt":"ZmZmZmZmRERERERECABFAADXKhtAADQRgT8znqZhCgAAAQG7uJkAw9NNB1+BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAxhY3NhY3Nhci1hbXMDY29tAAAQAAHADAAQAAEAAHCAAH18RE5TQwACAAAQt4OLzm4x3OBnTPVYOyWbwQ07ZuPzfh5UHeUSDpkuLilk8PnzqIG19XCvUsQGZmTzZ+d2RjpSDvvlP\/+37YoDPjwKVuBVGSevZiWx3QxU\/Ww92uJXMr1\/GUOUVCxbO0A+PApW4FUZJwAAAAFfU6w6X1T9ug=="}
@@ -587,24 +505,18 @@
00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":294,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739317432603,"flow_src_last_pkt_time":946739317432603,"flow_dst_last_pkt_time":946739317432603,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739317432603,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":55046,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":294,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":1,"flow_src_last_pkt_time":946739317432603,"flow_dst_last_pkt_time":946739317432603,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739317432603,"pkt":"REREREREZmZmZmZmCABFAAXc144gAL0RoeEKAAABsDjtq9cGAbsGBFSSsmQBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjEIZG5zY3J5cHQCZXUAABAAAQAAAAAAAAAAAAW6AAwFtgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00885{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":294,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739317432603,"flow_src_last_pkt_time":946739317432603,"flow_dst_last_pkt_time":946739317432603,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739317432603,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":55046,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":295,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739317432615}
00423{"packet_event_id":1,"packet_event_name":"packet","packet_id":295,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739317432603,"pkt":"REREREREZmZmZmZmCABFAABQ144Aub0RxrQKAAABsDjtqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":296,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739317432619,"flow_src_last_pkt_time":946739317432619,"flow_dst_last_pkt_time":946739317432619,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739317432619,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":51363,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01201{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":296,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":1,"flow_src_last_pkt_time":946739317432619,"flow_dst_last_pkt_time":946739317432619,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_usec":946739317432619,"pkt":"REREREREZmZmZmZmCABFAAIc149AAL0RhaAKAAABsDjtq8ijAbsCCGC6smUBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjEIZG5zY3J5cHQCZXUAABAAAQAAAAAAAAAAAAG+AAwBugAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00882{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":296,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739317432619,"flow_src_last_pkt_time":946739317432619,"flow_dst_last_pkt_time":946739317432619,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739317432619,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":51363,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":297,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739317432660,"flow_src_last_pkt_time":946739317432660,"flow_dst_last_pkt_time":946739317432660,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739317432660,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":36676,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":297,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":1,"flow_src_last_pkt_time":946739317432660,"flow_dst_last_pkt_time":946739317432660,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739317432660,"pkt":"REREREREZmZmZmZmCABFAAXc15AgAL0Rod8KAAABsDjtq49EAbsGBJxWsmIBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjEIZG5zY3J5cHQCZXUAABAAAQAAAAAAAAAAAAW6AAwFtgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00885{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":297,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739317432660,"flow_src_last_pkt_time":946739317432660,"flow_dst_last_pkt_time":946739317432660,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739317432660,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":36676,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":298,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739317432673}
00423{"packet_event_id":1,"packet_event_name":"packet","packet_id":298,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739317432660,"pkt":"REREREREZmZmZmZmCABFAABQ15AAub0RxrIKAAABsDjtqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":299,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739317432695,"flow_src_last_pkt_time":946739317432695,"flow_dst_last_pkt_time":946739317432695,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739317432695,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":49008,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01201{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":1,"flow_src_last_pkt_time":946739317432695,"flow_dst_last_pkt_time":946739317432695,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_usec":946739317432695,"pkt":"REREREREZmZmZmZmCABFAAIc15JAAL0RhZ0KAAABsDjtq79wAbsCCGC6smMBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjEIZG5zY3J5cHQCZXUAABAAAQAAAAAAAAAAAAG+AAwBugAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00882{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":299,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739317432695,"flow_src_last_pkt_time":946739317432695,"flow_dst_last_pkt_time":946739317432695,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739317432695,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":49008,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":300,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739317432697,"flow_src_last_pkt_time":946739317432697,"flow_dst_last_pkt_time":946739317432697,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739317432697,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":48325,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":1,"flow_src_last_pkt_time":946739317432697,"flow_dst_last_pkt_time":946739317432697,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739317432697,"pkt":"REREREREZmZmZmZmCABFAAXc15EgAL0Rod4KAAABsDjtq7zFAbsGBG7RsmYBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjEIZG5zY3J5cHQCZXUAABAAAQAAAAAAAAAAAAW6AAwFtgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00885{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":300,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739317432697,"flow_src_last_pkt_time":946739317432697,"flow_dst_last_pkt_time":946739317432697,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739317432697,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":48325,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":301,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739317432711}
00423{"packet_event_id":1,"packet_event_name":"packet","packet_id":301,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739317432697,"pkt":"REREREREZmZmZmZmCABFAABQ15EAub0RxrEKAAABsDjtqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00772{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":302,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":2,"flow_src_last_pkt_time":946739317403417,"flow_dst_last_pkt_time":946739317434574,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"thread_ts_usec":946739317434574,"pkt":"ZmZmZmZmRERERERECABFAADXKh9AADQRgTsznqZhCgAAAQG7u8EAw9AjB2GBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAxhY3NhY3Nhci1hbXMDY29tAAAQAAHADAAQAAEAAHCAAH18RE5TQwACAAAQt4OLzm4x3OBnTPVYOyWbwQ07ZuPzfh5UHeUSDpkuLilk8PnzqIG19XCvUsQGZmTzZ+d2RjpSDvvlP\/+37YoDPjwKVuBVGSevZiWx3QxU\/Ww92uJXMr1\/GUOUVCxbO0A+PApW4FUZJwAAAAFfU6w6X1T9ug=="}
00774{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":115,"flow_packet_id":2,"flow_src_last_pkt_time":946739317432544,"flow_dst_last_pkt_time":946739317460347,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":234,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":234,"pkt_l4_len":200,"thread_ts_usec":946739317460347,"pkt":"ZmZmZmZmRERERERECABFAADcYmUAADoRvwuwOO2rCgAAAQG7ovUAyPSjsmeBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjEIZG5zY3J5cHQCZXUAABAAAcAMABAAAQAAAAAAfXxETlNDAAIAABl3+ykQSZujAz2k88UgiWZ8EW8WsV\/cZTbX4vJmZY7W5pQMpzujkuwlfjXc+3bckBxwziAxuzLgEVuJhZegpADIiVqOfVhh6bINcwjX2cKXslxwpVLP3wwY1fcQglCKacmJWo59WGHpX1OncV9Tp3FfVPjx"}
00774{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":304,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":2,"flow_src_last_pkt_time":946739317432603,"flow_dst_last_pkt_time":946739317461291,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":234,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":234,"pkt_l4_len":200,"thread_ts_usec":946739317461291,"pkt":"ZmZmZmZmRERERERECABFAADcYmYAADkRwAqwOO2rCgAAAQG71wYAyMCVsmSBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjEIZG5zY3J5cHQCZXUAABAAAcAMABAAAQAAAAAAfXxETlNDAAIAABl3+ykQSZujAz2k88UgiWZ8EW8WsV\/cZTbX4vJmZY7W5pQMpzujkuwlfjXc+3bckBxwziAxuzLgEVuJhZegpADIiVqOfVhh6bINcwjX2cKXslxwpVLP3wwY1fcQglCKacmJWo59WGHpX1OncV9Tp3FfVPjx"}
@@ -619,18 +531,12 @@
00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":309,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739317462335,"flow_src_last_pkt_time":946739317462335,"flow_dst_last_pkt_time":946739317462335,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739317462335,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":53117,"dst_port":2053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01201{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":309,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":1,"flow_src_last_pkt_time":946739317462335,"flow_dst_last_pkt_time":946739317462335,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_usec":946739317462335,"pkt":"REREREREZmZmZmZmCABFAAIcwF1AAL0Rvf8KAAABstjJ3s99CAUCCD+NfSUBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlzb2x0eXNpYWsDY29tAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00884{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":309,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739317462335,"flow_src_last_pkt_time":946739317462335,"flow_dst_last_pkt_time":946739317462335,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739317462335,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":53117,"dst_port":2053,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":310,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739317462337}
00424{"packet_event_id":1,"packet_event_name":"packet","packet_id":310,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739317462335,"pkt":"REREREREZmZmZmZmCABFAABQwFwAub0R\/xMKAAABstjJ3gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":311,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739317462369,"flow_src_last_pkt_time":946739317462369,"flow_dst_last_pkt_time":946739317462369,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739317462369,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":52221,"dst_port":2053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":1,"flow_src_last_pkt_time":946739317462369,"flow_dst_last_pkt_time":946739317462369,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739317462369,"pkt":"REREREREZmZmZmZmCABFAAXcwF4gAL0R2j4KAAABstjJ3sv9CAUGBG7NfSIBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlzb2x0eXNpYWsDY29tAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00887{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":311,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739317462369,"flow_src_last_pkt_time":946739317462369,"flow_dst_last_pkt_time":946739317462369,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739317462369,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":52221,"dst_port":2053,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":312,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739317462376,"flow_src_last_pkt_time":946739317462376,"flow_dst_last_pkt_time":946739317462376,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739317462376,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":38594,"dst_port":2053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":1,"flow_src_last_pkt_time":946739317462376,"flow_dst_last_pkt_time":946739317462376,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739317462376,"pkt":"REREREREZmZmZmZmCABFAAXcwF8gAL0R2j0KAAABstjJ3pbCCAUGBKQEfSYBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlzb2x0eXNpYWsDY29tAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00887{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":312,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739317462376,"flow_src_last_pkt_time":946739317462376,"flow_dst_last_pkt_time":946739317462376,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739317462376,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":38594,"dst_port":2053,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":313,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739317462379}
00424{"packet_event_id":1,"packet_event_name":"packet","packet_id":313,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739317462376,"pkt":"REREREREZmZmZmZmCABFAABQwF4Aub0R\/xEKAAABstjJ3gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":314,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739317462388}
00424{"packet_event_id":1,"packet_event_name":"packet","packet_id":314,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739317462376,"pkt":"REREREREZmZmZmZmCABFAABQwF8Aub0R\/xAKAAABstjJ3gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":315,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739317462404,"flow_src_last_pkt_time":946739317462404,"flow_dst_last_pkt_time":946739317462404,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739317462404,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":58740,"dst_port":2053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01201{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":315,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":126,"flow_packet_id":1,"flow_src_last_pkt_time":946739317462404,"flow_dst_last_pkt_time":946739317462404,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_usec":946739317462404,"pkt":"REREREREZmZmZmZmCABFAAIcwGBAAL0RvfwKAAABstjJ3uV0CAUCCD+NfSMBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlzb2x0eXNpYWsDY29tAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00884{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":315,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739317462404,"flow_src_last_pkt_time":946739317462404,"flow_dst_last_pkt_time":946739317462404,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739317462404,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":58740,"dst_port":2053,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
@@ -647,8 +553,6 @@
00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":324,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739317496730,"flow_src_last_pkt_time":946739317496730,"flow_dst_last_pkt_time":946739317496730,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739317496730,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":55267,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":324,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":128,"flow_packet_id":1,"flow_src_last_pkt_time":946739317496730,"flow_dst_last_pkt_time":946739317496730,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739317496730,"pkt":"REREREREZmZmZmZmCABFAAXcbs0gAL0RChwKAAABLUxxH9fjAbsGBNdkZBYBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANkbnMEc2VieQJpbwAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00883{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":324,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739317496730,"flow_src_last_pkt_time":946739317496730,"flow_dst_last_pkt_time":946739317496730,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739317496730,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":55267,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":325,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739317496749}
00423{"packet_event_id":1,"packet_event_name":"packet","packet_id":325,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739317496730,"pkt":"REREREREZmZmZmZmCABFAABQbs0Aub0RLu8KAAABLUxxHwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":326,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739317496759,"flow_src_last_pkt_time":946739317496759,"flow_dst_last_pkt_time":946739317496759,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739317496759,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":51589,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01201{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":326,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":129,"flow_packet_id":1,"flow_src_last_pkt_time":946739317496759,"flow_dst_last_pkt_time":946739317496759,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_usec":946739317496759,"pkt":"REREREREZmZmZmZmCABFAAIcbs5AAL0R7doKAAABLUxxH8mFAbsCCGFBZBcBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANkbnMEc2VieQJpbwAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00880{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":326,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739317496759,"flow_src_last_pkt_time":946739317496759,"flow_dst_last_pkt_time":946739317496759,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739317496759,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":51589,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
@@ -661,10 +565,6 @@
00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":329,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739317496872,"flow_src_last_pkt_time":946739317496872,"flow_dst_last_pkt_time":946739317496872,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739317496872,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52069,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":329,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":132,"flow_packet_id":1,"flow_src_last_pkt_time":946739317496872,"flow_dst_last_pkt_time":946739317496872,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739317496872,"pkt":"REREREREZmZmZmZmCABFAAXcbtEgAL0RChgKAAABLUxxH8tlAbsGBOPgZBgBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANkbnMEc2VieQJpbwAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00883{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":329,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739317496872,"flow_src_last_pkt_time":946739317496872,"flow_dst_last_pkt_time":946739317496872,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739317496872,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52069,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":330,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739317496883}
00423{"packet_event_id":1,"packet_event_name":"packet","packet_id":330,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739317496872,"pkt":"REREREREZmZmZmZmCABFAABQbtEAub0RLusKAAABLUxxHwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":331,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739317496886}
00423{"packet_event_id":1,"packet_event_name":"packet","packet_id":331,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739317496872,"pkt":"REREREREZmZmZmZmCABFAABQbtAAub0RLuwKAAABLUxxHwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00768{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":332,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":2,"flow_src_last_pkt_time":946739317496865,"flow_dst_last_pkt_time":946739317810353,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"thread_ts_usec":946739317810353,"pkt":"ZmZmZmZmRERERERECABFAADSA+ZAAC8R6A0tTHEfCgAAAQG7qwAAvmKSZBWBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANkbnMEc2VieQJpbwAAEAABwAwAEAABAABwgAB9fEROU0MAAgAAr5zEv1WGx7jem2pK2nflqiaMVF6rzF7WHGlvrWl\/ySW6UfM8aTB84zwXL6LFGFBJtiDl\/1MLBjf7\/4+Tj2baBU4DeMBZ\/3\/bX+\/ckKf+At437jBg5+agLK3mfgxAT218TgN4wFn\/f9sAAAABX1NRj19Uow8="}
00768{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":333,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":129,"flow_packet_id":2,"flow_src_last_pkt_time":946739317496759,"flow_dst_last_pkt_time":946739317819516,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"thread_ts_usec":946739317819516,"pkt":"ZmZmZmZmRERERERECABFAADSA+dAAC8R6AwtTHEfCgAAAQG7yYUAvkQLZBeBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANkbnMEc2VieQJpbwAAEAABwAwAEAABAABwgAB9fEROU0MAAgAAr5zEv1WGx7jem2pK2nflqiaMVF6rzF7WHGlvrWl\/ySW6UfM8aTB84zwXL6LFGFBJtiDl\/1MLBjf7\/4+Tj2baBU4DeMBZ\/3\/bX+\/ckKf+At437jBg5+agLK3mfgxAT218TgN4wFn\/f9sAAAABX1NRj19Uow8="}
00768{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":334,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":2,"flow_src_last_pkt_time":946739317496868,"flow_dst_last_pkt_time":946739317819696,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"thread_ts_usec":946739317819696,"pkt":"ZmZmZmZmRERERERECABFAADSA+tAAC8R6AgtTHEfCgAAAQG76TsAviRYZBSBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANkbnMEc2VieQJpbwAAEAABwAwAEAABAABwgAB9fEROU0MAAgAAr5zEv1WGx7jem2pK2nflqiaMVF6rzF7WHGlvrWl\/ySW6UfM8aTB84zwXL6LFGFBJtiDl\/1MLBjf7\/4+Tj2baBU4DeMBZ\/3\/bX+\/ckKf+At437jBg5+agLK3mfgxAT218TgN4wFn\/f9sAAAABX1NRj19Uow8="}
@@ -680,18 +580,12 @@
00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":340,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739318038059,"flow_src_last_pkt_time":946739318038059,"flow_dst_last_pkt_time":946739318038059,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739318038059,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":47729,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":340,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":1,"flow_src_last_pkt_time":946739318038059,"flow_dst_last_pkt_time":946739318038059,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739318038059,"pkt":"REREREREZmZmZmZmCABFAAXc+3QgAL0Rpj8KAAABl1DeT7pxAbsGBJ0gXC0BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAdvcGVubmljBGkycGQDeHl6AAAQAAEAAAAAAAAAAAAFvwAMBbsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00884{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":340,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739318038059,"flow_src_last_pkt_time":946739318038059,"flow_dst_last_pkt_time":946739318038059,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739318038059,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":47729,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":341,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739318038062}
00423{"packet_event_id":1,"packet_event_name":"packet","packet_id":341,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739318038059,"pkt":"REREREREZmZmZmZmCABFAABQ+3MAub0RyxMKAAABl1DeTwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":342,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739318038076}
00423{"packet_event_id":1,"packet_event_name":"packet","packet_id":342,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739318038059,"pkt":"REREREREZmZmZmZmCABFAABQ+3QAub0RyxIKAAABl1DeTwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":343,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739318038155,"flow_src_last_pkt_time":946739318038155,"flow_dst_last_pkt_time":946739318038155,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739318038155,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":52040,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01201{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":136,"flow_packet_id":1,"flow_src_last_pkt_time":946739318038155,"flow_dst_last_pkt_time":946739318038155,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_usec":946739318038155,"pkt":"REREREREZmZmZmZmCABFAAIc+3VAAL0Rif4KAAABl1DeT8tIAbsCCDh2XDABAAABAAAAAAABATINZG5zY3J5cHQtY2VydAdvcGVubmljBGkycGQDeHl6AAAQAAEAAAAAAAAAAAABwwAMAb8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00881{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":343,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739318038155,"flow_src_last_pkt_time":946739318038155,"flow_dst_last_pkt_time":946739318038155,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739318038155,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":52040,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":344,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739318038168,"flow_src_last_pkt_time":946739318038168,"flow_dst_last_pkt_time":946739318038168,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739318038168,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":57636,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":1,"flow_src_last_pkt_time":946739318038168,"flow_dst_last_pkt_time":946739318038168,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739318038168,"pkt":"REREREREZmZmZmZmCABFAAXc+3YgAL0Rpj0KAAABl1DeT+EkAbsGBHZpXDEBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAdvcGVubmljBGkycGQDeHl6AAAQAAEAAAAAAAAAAAAFvwAMBbsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00884{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":344,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739318038168,"flow_src_last_pkt_time":946739318038168,"flow_dst_last_pkt_time":946739318038168,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739318038168,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":57636,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":345,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739318038185}
00423{"packet_event_id":1,"packet_event_name":"packet","packet_id":345,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739318038168,"pkt":"REREREREZmZmZmZmCABFAABQ+3YAub0RyxAKAAABl1DeTwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":346,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739318038215,"flow_src_last_pkt_time":946739318038215,"flow_dst_last_pkt_time":946739318038215,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739318038215,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":38511,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01201{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":1,"flow_src_last_pkt_time":946739318038215,"flow_dst_last_pkt_time":946739318038215,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_usec":946739318038215,"pkt":"REREREREZmZmZmZmCABFAAIc+3dAAL0RifwKAAABl1DeT5ZvAbsCCDh2XC4BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAdvcGVubmljBGkycGQDeHl6AAAQAAEAAAAAAAAAAAABwwAMAb8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00881{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":346,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739318038215,"flow_src_last_pkt_time":946739318038215,"flow_dst_last_pkt_time":946739318038215,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739318038215,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":38511,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
@@ -706,19 +600,13 @@
00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":351,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739318061081,"flow_src_last_pkt_time":946739318061081,"flow_dst_last_pkt_time":946739318061081,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739318061081,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":40138,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01201{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":351,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":1,"flow_src_last_pkt_time":946739318061081,"flow_dst_last_pkt_time":946739318061081,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_usec":946739318061081,"pkt":"REREREREZmZmZmZmCABFAAIcXcpAAL0RQhYKAAABjgTNL5zKAbsCCB4KqloBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczQCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00880{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":351,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739318061081,"flow_src_last_pkt_time":946739318061081,"flow_dst_last_pkt_time":946739318061081,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739318061081,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":40138,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":352,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739318061087}
00423{"packet_event_id":1,"packet_event_name":"packet","packet_id":352,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739318061081,"pkt":"REREREREZmZmZmZmCABFAABQXckAub0RgyoKAAABjgTNLwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":353,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739318061101,"flow_src_last_pkt_time":946739318061101,"flow_dst_last_pkt_time":946739318061101,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739318061101,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":51935,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":353,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":1,"flow_src_last_pkt_time":946739318061101,"flow_dst_last_pkt_time":946739318061101,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739318061101,"pkt":"REREREREZmZmZmZmCABFAAXcXcsgAL0RXlUKAAABjgTNL8rfAbsGBBssqlcBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczQCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00883{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":353,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739318061101,"flow_src_last_pkt_time":946739318061101,"flow_dst_last_pkt_time":946739318061101,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739318061101,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":51935,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":354,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739318061118}
00423{"packet_event_id":1,"packet_event_name":"packet","packet_id":354,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739318061101,"pkt":"REREREREZmZmZmZmCABFAABQXcsAub0RgygKAAABjgTNLwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":355,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739318061197,"flow_src_last_pkt_time":946739318061197,"flow_dst_last_pkt_time":946739318061197,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739318061197,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":54096,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":355,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":1,"flow_src_last_pkt_time":946739318061197,"flow_dst_last_pkt_time":946739318061197,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739318061197,"pkt":"REREREREZmZmZmZmCABFAAXcXcwgAL0RXlQKAAABjgTNL9NQAbsGBBK3qlsBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczQCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00883{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":355,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739318061197,"flow_src_last_pkt_time":946739318061197,"flow_dst_last_pkt_time":946739318061197,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739318061197,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":54096,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00773{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":356,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":136,"flow_packet_id":2,"flow_src_last_pkt_time":946739318038155,"flow_dst_last_pkt_time":946739318061202,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"thread_ts_usec":946739318061202,"pkt":"ZmZmZmZmRERERERECABFAADX+4lAADQRFDCXUN5PCgAAAQG7y0gAw+xKXDCBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAdvcGVubmljBGkycGQDeHl6AAAQAAHADAAQAAEAAHCAAH18RE5TQwACAADbIkde1\/iXw9F8aP3hFzW\/UlCbjrsaMoYt8+MW53XVHmJZ40u2KJ1Y5p9+bOkgm9KOg6J\/Jk5OIIo5rrGKNcsPhxVktS2XlAVyckcTA1HXSkhBDvC7R+LCFU83mg2ymgqHFWS1LZeUBQAAAAFfU5R+X1Tl\/g=="}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":357,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739318061216}
00423{"packet_event_id":1,"packet_event_name":"packet","packet_id":357,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739318061202,"pkt":"REREREREZmZmZmZmCABFAABQXcwAub0RgycKAAABjgTNLwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":358,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739318061289,"flow_src_last_pkt_time":946739318061289,"flow_dst_last_pkt_time":946739318061289,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739318061289,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":35903,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01202{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":1,"flow_src_last_pkt_time":946739318061289,"flow_dst_last_pkt_time":946739318061289,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_usec":946739318061289,"pkt":"REREREREZmZmZmZmCABFAAIcXc1AAL0RQhMKAAABjgTNL4w\/AbsCCB4KqlgBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczQCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00880{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":358,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739318061289,"flow_src_last_pkt_time":946739318061289,"flow_dst_last_pkt_time":946739318061289,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739318061289,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":35903,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
@@ -737,18 +625,12 @@
00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":367,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739318169070,"flow_src_last_pkt_time":946739318169070,"flow_dst_last_pkt_time":946739318169070,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739318169070,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":33279,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":367,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":1,"flow_src_last_pkt_time":946739318169070,"flow_dst_last_pkt_time":946739318169070,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739318169070,"pkt":"REREREREZmZmZmZmCABFAAXcuocgAL0R36EKAAABwb+7a4H\/AbsGBBdyLyoBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJiZQAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00886{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":367,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739318169070,"flow_src_last_pkt_time":946739318169070,"flow_dst_last_pkt_time":946739318169070,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739318169070,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":33279,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":368,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739318169102}
00423{"packet_event_id":1,"packet_event_name":"packet","packet_id":368,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739318169070,"pkt":"REREREREZmZmZmZmCABFAABQuocAub0RBHUKAAABwb+7awAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":369,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739318169132,"flow_src_last_pkt_time":946739318169132,"flow_dst_last_pkt_time":946739318169132,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739318169132,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":54215,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":369,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":1,"flow_src_last_pkt_time":946739318169132,"flow_dst_last_pkt_time":946739318169132,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739318169132,"pkt":"REREREREZmZmZmZmCABFAAXcuokgAL0R358KAAABwb+7a9PHAbsGBMWnLywBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJiZQAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00886{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":369,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739318169132,"flow_src_last_pkt_time":946739318169132,"flow_dst_last_pkt_time":946739318169132,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739318169132,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":54215,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":370,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739318169132,"flow_src_last_pkt_time":946739318169132,"flow_dst_last_pkt_time":946739318169132,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739318169132,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":49040,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":370,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":1,"flow_src_last_pkt_time":946739318169132,"flow_dst_last_pkt_time":946739318169132,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739318169132,"pkt":"REREREREZmZmZmZmCABFAAXcuoggAL0R36AKAAABwb+7a7+QAbsGBNniLygBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJiZQAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00886{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":370,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739318169132,"flow_src_last_pkt_time":946739318169132,"flow_dst_last_pkt_time":946739318169132,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739318169132,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":49040,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":371,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739318169148}
00423{"packet_event_id":1,"packet_event_name":"packet","packet_id":371,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739318169132,"pkt":"REREREREZmZmZmZmCABFAABQuokAub0RBHMKAAABwb+7awAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":372,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739318169153}
00423{"packet_event_id":1,"packet_event_name":"packet","packet_id":372,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739318169132,"pkt":"REREREREZmZmZmZmCABFAABQuogAub0RBHQKAAABwb+7awAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":373,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739318169188,"flow_src_last_pkt_time":946739318169188,"flow_dst_last_pkt_time":946739318169188,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739318169188,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":49115,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01202{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":373,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":1,"flow_src_last_pkt_time":946739318169188,"flow_dst_last_pkt_time":946739318169188,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_usec":946739318169188,"pkt":"REREREREZmZmZmZmCABFAAIcuopAAL0Rw14KAAABwb+7a7\/bAbsCCEABLykBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJiZQAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00883{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":373,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739318169188,"flow_src_last_pkt_time":946739318169188,"flow_dst_last_pkt_time":946739318169188,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739318169188,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":49115,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
@@ -767,7 +649,7 @@
00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":384,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739337048428,"flow_src_last_pkt_time":946739337048428,"flow_dst_last_pkt_time":946739337048428,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739337048428,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":49975,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":384,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":1,"flow_src_last_pkt_time":946739337048428,"flow_dst_last_pkt_time":946739337048428,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739337048428,"pkt":"REREREREZmZmZmZmCABFAAXc+L0gAL0RbrcKAAABMw980MM3EPcGBKwyaUIBAAABAAAAAAABATINZG5zY3J5cHQtY2VydA9hbXMtZG5zY3J5cHQtbmwAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00885{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":384,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739337048428,"flow_src_last_pkt_time":946739337048428,"flow_dst_last_pkt_time":946739337048428,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739337048428,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":49975,"dst_port":4343,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":385,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739337048442}
00327{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":946739337048442,"packet_id":385,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739337048442}
00423{"packet_event_id":1,"packet_event_name":"packet","packet_id":385,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739337048428,"pkt":"REREREREZmZmZmZmCABFAABQ+L0Aub0Rk4oKAAABMw980AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":386,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739337048478,"flow_src_last_pkt_time":946739337048478,"flow_dst_last_pkt_time":946739337048478,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739337048478,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":38310,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":386,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":1,"flow_src_last_pkt_time":946739337048478,"flow_dst_last_pkt_time":946739337048478,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739337048478,"pkt":"REREREREZmZmZmZmCABFAAXc+L4gAL0RbrYKAAABMw980JWmEPcGBNnFaUABAAABAAAAAAABATINZG5zY3J5cHQtY2VydA9hbXMtZG5zY3J5cHQtbmwAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
@@ -775,12 +657,12 @@
00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":387,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739337048481,"flow_src_last_pkt_time":946739337048481,"flow_dst_last_pkt_time":946739337048481,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739337048481,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":55768,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01201{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":387,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":154,"flow_packet_id":1,"flow_src_last_pkt_time":946739337048481,"flow_dst_last_pkt_time":946739337048481,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_usec":946739337048481,"pkt":"REREREREZmZmZmZmCABFAAIc+L9AAL0RUnUKAAABMw980NnYEPcCCHK1aUMBAAABAAAAAAABATINZG5zY3J5cHQtY2VydA9hbXMtZG5zY3J5cHQtbmwAABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00882{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":387,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739337048481,"flow_src_last_pkt_time":946739337048481,"flow_dst_last_pkt_time":946739337048481,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739337048481,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":55768,"dst_port":4343,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":388,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739337048490}
00327{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":946739337048490,"packet_id":388,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739337048490}
00423{"packet_event_id":1,"packet_event_name":"packet","packet_id":388,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739337048481,"pkt":"REREREREZmZmZmZmCABFAABQ+L4Aub0Rk4kKAAABMw980AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":389,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739337048494,"flow_src_last_pkt_time":946739337048494,"flow_dst_last_pkt_time":946739337048494,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739337048494,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":39910,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":389,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":1,"flow_src_last_pkt_time":946739337048494,"flow_dst_last_pkt_time":946739337048494,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739337048494,"pkt":"REREREREZmZmZmZmCABFAAXc+MAgAL0RbrQKAAABMw980JvmEPcGBNOBaUQBAAABAAAAAAABATINZG5zY3J5cHQtY2VydA9hbXMtZG5zY3J5cHQtbmwAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00885{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":389,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739337048494,"flow_src_last_pkt_time":946739337048494,"flow_dst_last_pkt_time":946739337048494,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739337048494,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":39910,"dst_port":4343,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":390,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739337048503}
00327{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":3,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":946739337048503,"packet_id":390,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739337048503}
00423{"packet_event_id":1,"packet_event_name":"packet","packet_id":390,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739337048494,"pkt":"REREREREZmZmZmZmCABFAABQ+MAAub0Rk4cKAAABMw980AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":391,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739337048530,"flow_src_last_pkt_time":946739337048530,"flow_dst_last_pkt_time":946739337048530,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739337048530,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":53887,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01202{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":391,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":1,"flow_src_last_pkt_time":946739337048530,"flow_dst_last_pkt_time":946739337048530,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_usec":946739337048530,"pkt":"REREREREZmZmZmZmCABFAAIc+MFAAL0RUnMKAAABMw980NJ\/EPcCCHK1aUEBAAABAAAAAAABATINZG5zY3J5cHQtY2VydA9hbXMtZG5zY3J5cHQtbmwAABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
@@ -794,7 +676,7 @@
00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":396,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739337078124,"flow_src_last_pkt_time":946739337078124,"flow_dst_last_pkt_time":946739337078124,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739337078124,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":38508,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":396,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":1,"flow_src_last_pkt_time":946739337078124,"flow_dst_last_pkt_time":946739337078124,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739337078124,"pkt":"REREREREZmZmZmZmCABFAAXc\/ckgAL0RlZoKAAABp3LcfZZsAbsGBGHYm2YBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0xAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00886{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":396,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739337078124,"flow_src_last_pkt_time":946739337078124,"flow_dst_last_pkt_time":946739337078124,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739337078124,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":38508,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":397,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739337078136}
00327{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":4,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":946739337078136,"packet_id":397,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739337078136}
00424{"packet_event_id":1,"packet_event_name":"packet","packet_id":397,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739337078124,"pkt":"REREREREZmZmZmZmCABFAABQ\/ckAub0Rum0KAAABp3LcfQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":398,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739337078188,"flow_src_last_pkt_time":946739337078188,"flow_dst_last_pkt_time":946739337078188,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739337078188,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":39816,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01202{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":398,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":159,"flow_packet_id":1,"flow_src_last_pkt_time":946739337078188,"flow_dst_last_pkt_time":946739337078188,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_usec":946739337078188,"pkt":"REREREREZmZmZmZmCABFAAIc\/cpAAL0ReVkKAAABp3LcfZuIAbsCCEbGm2cBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0xAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
@@ -802,12 +684,12 @@
00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":399,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739337078192,"flow_src_last_pkt_time":946739337078192,"flow_dst_last_pkt_time":946739337078192,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739337078192,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":45613,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":399,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":1,"flow_src_last_pkt_time":946739337078192,"flow_dst_last_pkt_time":946739337078192,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739337078192,"pkt":"REREREREZmZmZmZmCABFAAXc\/csgAL0RlZgKAAABp3LcfbItAbsGBEYVm2gBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0xAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00886{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":399,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739337078192,"flow_src_last_pkt_time":946739337078192,"flow_dst_last_pkt_time":946739337078192,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739337078192,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":45613,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":400,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739337078199}
00327{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":5,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":946739337078199,"packet_id":400,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739337078199}
00424{"packet_event_id":1,"packet_event_name":"packet","packet_id":400,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739337078192,"pkt":"REREREREZmZmZmZmCABFAABQ\/csAub0RumsKAAABp3LcfQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":401,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739337078205,"flow_src_last_pkt_time":946739337078205,"flow_dst_last_pkt_time":946739337078205,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739337078205,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":59589,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":401,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":1,"flow_src_last_pkt_time":946739337078205,"flow_dst_last_pkt_time":946739337078205,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739337078205,"pkt":"REREREREZmZmZmZmCABFAAXc\/cwgAL0RlZcKAAABp3LcfejFAbsGBA+Bm2QBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0xAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00886{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":401,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739337078205,"flow_src_last_pkt_time":946739337078205,"flow_dst_last_pkt_time":946739337078205,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739337078205,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":59589,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":402,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739337078218}
00327{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":6,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":946739337078218,"packet_id":402,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739337078218}
00424{"packet_event_id":1,"packet_event_name":"packet","packet_id":402,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739337078205,"pkt":"REREREREZmZmZmZmCABFAABQ\/cwAub0RumoKAAABp3LcfQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":403,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739337078271,"flow_src_last_pkt_time":946739337078271,"flow_dst_last_pkt_time":946739337078271,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739337078271,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":45747,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01202{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":403,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":162,"flow_packet_id":1,"flow_src_last_pkt_time":946739337078271,"flow_dst_last_pkt_time":946739337078271,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_usec":946739337078271,"pkt":"REREREREZmZmZmZmCABFAAIc\/c1AAL0ReVYKAAABp3LcfbKzAbsCCEbGm2UBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0xAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
@@ -827,7 +709,7 @@
00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":412,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739337184850,"flow_src_last_pkt_time":946739337184850,"flow_dst_last_pkt_time":946739337184850,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739337184850,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":58104,"dst_port":465,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":412,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":165,"flow_packet_id":1,"flow_src_last_pkt_time":946739337184850,"flow_dst_last_pkt_time":946739337184850,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739337184850,"pkt":"REREREREZmZmZmZmCABFAAXcw6sgAL0RoycKAAABBb2qxOL4AdEGBCbssn4BAAABAAAAAAABATINZG5zY3J5cHQtY2VydARuczE2AmRlA2RucwdvcGVubmljBGdsdWUAABAAAQAAAAAAAAAAAAW3AAwFswAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00884{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":412,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739337184850,"flow_src_last_pkt_time":946739337184850,"flow_dst_last_pkt_time":946739337184850,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739337184850,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":58104,"dst_port":465,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":413,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739337184865}
00327{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":7,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":946739337184865,"packet_id":413,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739337184865}
00424{"packet_event_id":1,"packet_event_name":"packet","packet_id":413,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739337184850,"pkt":"REREREREZmZmZmZmCABFAABQw6sAub0Rx\/oKAAABBb2qxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":414,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739337184926,"flow_src_last_pkt_time":946739337184926,"flow_dst_last_pkt_time":946739337184926,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739337184926,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":40748,"dst_port":465,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01201{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":414,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":1,"flow_src_last_pkt_time":946739337184926,"flow_dst_last_pkt_time":946739337184926,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_usec":946739337184926,"pkt":"REREREREZmZmZmZmCABFAAIcw6xAAL0RhuYKAAABBb2qxJ8sAdECCHNXsoEBAAABAAAAAAABATINZG5zY3J5cHQtY2VydARuczE2AmRlA2RucwdvcGVubmljBGdsdWUAABAAAQAAAAAAAAAAAAG7AAwBtwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
@@ -838,9 +720,9 @@
00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":416,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739337184962,"flow_src_last_pkt_time":946739337184962,"flow_dst_last_pkt_time":946739337184962,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739337184962,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":59749,"dst_port":465,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":416,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":168,"flow_packet_id":1,"flow_src_last_pkt_time":946739337184962,"flow_dst_last_pkt_time":946739337184962,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739337184962,"pkt":"REREREREZmZmZmZmCABFAAXcw64gAL0RoyQKAAABBb2qxOllAdEGBCB7soIBAAABAAAAAAABATINZG5zY3J5cHQtY2VydARuczE2AmRlA2RucwdvcGVubmljBGdsdWUAABAAAQAAAAAAAAAAAAW3AAwFswAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00884{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":416,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739337184962,"flow_src_last_pkt_time":946739337184962,"flow_dst_last_pkt_time":946739337184962,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739337184962,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":59749,"dst_port":465,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":417,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739337184974}
00327{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":8,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":946739337184974,"packet_id":417,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739337184974}
00424{"packet_event_id":1,"packet_event_name":"packet","packet_id":417,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739337184962,"pkt":"REREREREZmZmZmZmCABFAABQw60Aub0Rx\/gKAAABBb2qxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":418,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739337184975}
00327{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":9,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":946739337184975,"packet_id":418,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739337184975}
00424{"packet_event_id":1,"packet_event_name":"packet","packet_id":418,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739337184962,"pkt":"REREREREZmZmZmZmCABFAABQw64Aub0Rx\/cKAAABBb2qxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00766{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":419,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":2,"flow_src_last_pkt_time":946739337078192,"flow_dst_last_pkt_time":946739337186682,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"thread_ts_usec":946739337186682,"pkt":"ZmZmZmZmRERERERECABFAADU4rgAADMRX7Snctx9CgAAAQG7si0AwMTum2iBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0xAAAQAAHADAAQAAEAAAAAAH18RE5TQwACAACtvTpPmuzdARCZdHINGnm84Rta+Q9yZkJOIOBZH1xDWjyTETMesMGOqAFTeyjt37OaMFtfnU1CukJNcbLtFisLiXsfUndKvm3+Vr\/KkwQySWxBEvG+JEE+3LVi8Tb5u3eKex9Sd0q+bV9TqoVfU6qFX1T8BQ=="}
00766{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":420,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":2,"flow_src_last_pkt_time":946739337078205,"flow_dst_last_pkt_time":946739337188595,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"thread_ts_usec":946739337188595,"pkt":"ZmZmZmZmRERERERECABFAADU4rkAADMRX7Onctx9CgAAAQG76MUAwI5am2SBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0xAAAQAAHADAAQAAEAAAAAAH18RE5TQwACAACtvTpPmuzdARCZdHINGnm84Rta+Q9yZkJOIOBZH1xDWjyTETMesMGOqAFTeyjt37OaMFtfnU1CukJNcbLtFisLiXsfUndKvm3+Vr\/KkwQySWxBEvG+JEE+3LVi8Tb5u3eKex9Sd0q+bV9TqoVfU6qFX1T8BQ=="}
@@ -857,7 +739,7 @@
00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":427,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739348756596,"flow_src_last_pkt_time":946739348756596,"flow_dst_last_pkt_time":946739348756596,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739348756596,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":45815,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01201{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":427,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":171,"flow_packet_id":1,"flow_src_last_pkt_time":946739348756596,"flow_dst_last_pkt_time":946739348756596,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_usec":946739348756596,"pkt":"REREREREZmZmZmZmCABFAAIcwiZAAL0R5K0KAAABuf2aQrL3EPcCCBcWY0sBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxiY24tZG5zY3J5cHQAABAAAQAAAAAAAAAAAAHHAAwBwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00883{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":427,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739348756596,"flow_src_last_pkt_time":946739348756596,"flow_dst_last_pkt_time":946739348756596,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739348756596,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":45815,"dst_port":4343,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":428,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739348756609}
00327{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":946739348756609,"packet_id":428,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739348756609}
00423{"packet_event_id":1,"packet_event_name":"packet","packet_id":428,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739348756596,"pkt":"REREREREZmZmZmZmCABFAABQwiUAub0RJcIKAAABuf2aQgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":429,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739348756620,"flow_src_last_pkt_time":946739348756620,"flow_dst_last_pkt_time":946739348756620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739348756620,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":43540,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01201{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":429,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":1,"flow_src_last_pkt_time":946739348756620,"flow_dst_last_pkt_time":946739348756620,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_usec":946739348756620,"pkt":"REREREREZmZmZmZmCABFAAIcwidAAL0R5KwKAAABuf2aQqoUEPcCCBcWY0kBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxiY24tZG5zY3J5cHQAABAAAQAAAAAAAAAAAAHHAAwBwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
@@ -865,12 +747,12 @@
00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":430,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739348756689,"flow_src_last_pkt_time":946739348756689,"flow_dst_last_pkt_time":946739348756689,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739348756689,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":48159,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":430,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":1,"flow_src_last_pkt_time":946739348756689,"flow_dst_last_pkt_time":946739348756689,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739348756689,"pkt":"REREREREZmZmZmZmCABFAAXcwiggAL0RAOwKAAABuf2aQrwfEPcGBB7tY0gBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxiY24tZG5zY3J5cHQAABAAAQAAAAAAAAAAAAXDAAwFvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00886{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":430,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739348756689,"flow_src_last_pkt_time":946739348756689,"flow_dst_last_pkt_time":946739348756689,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739348756689,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":48159,"dst_port":4343,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":431,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739348756709}
00327{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":946739348756709,"packet_id":431,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739348756709}
00423{"packet_event_id":1,"packet_event_name":"packet","packet_id":431,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739348756689,"pkt":"REREREREZmZmZmZmCABFAABQwigAub0RJb8KAAABuf2aQgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":432,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739348756792,"flow_src_last_pkt_time":946739348756792,"flow_dst_last_pkt_time":946739348756792,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739348756792,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":38482,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":432,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":1,"flow_src_last_pkt_time":946739348756792,"flow_dst_last_pkt_time":946739348756792,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739348756792,"pkt":"REREREREZmZmZmZmCABFAAXcwikgAL0RAOsKAAABuf2aQpZSEPcGBES4Y0oBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxiY24tZG5zY3J5cHQAABAAAQAAAAAAAAAAAAXDAAwFvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00886{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":432,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739348756792,"flow_src_last_pkt_time":946739348756792,"flow_dst_last_pkt_time":946739348756792,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739348756792,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":38482,"dst_port":4343,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":433,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739348756812}
00327{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":3,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":946739348756812,"packet_id":433,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739348756812}
00423{"packet_event_id":1,"packet_event_name":"packet","packet_id":433,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739348756792,"pkt":"REREREREZmZmZmZmCABFAABQwikAub0RJb4KAAABuf2aQgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00766{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":434,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":171,"flow_packet_id":2,"flow_src_last_pkt_time":946739348756596,"flow_dst_last_pkt_time":946739348800047,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"thread_ts_usec":946739348800047,"pkt":"ZmZmZmZmRERERERECABFAADTW7dAADkR0Ga5\/ZpCCgAAARD3svcAv+AkY0uBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAxiY24tZG5zY3J5cHQAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAAPzOPvxAqRNc7Q72GZx6clSW\/rILjCJS5AVCUtIfh\/knKqjuiGnU\/ySlMpkdSKAUBEzuxnQcAR\/n3q9w6kY3ZQBbAAtR8Cvhyf4swkJ5CXEM5Flzvf2K4fhPC+UgsGecNlsAC1HwK+HJAAAAAV9TdNFfVMZR"}
00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":435,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":169,"flow_packet_id":2,"flow_src_last_pkt_time":946739348756593,"flow_dst_last_pkt_time":946739348800211,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"thread_ts_usec":946739348800211,"pkt":"ZmZmZmZmRERERERECABFAADTW7hAADkR0GW5\/ZpCCgAAARD3lzUAv\/vqY0eBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAxiY24tZG5zY3J5cHQAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAAPzOPvxAqRNc7Q72GZx6clSW\/rILjCJS5AVCUtIfh\/knKqjuiGnU\/ySlMpkdSKAUBEzuxnQcAR\/n3q9w6kY3ZQBbAAtR8Cvhyf4swkJ5CXEM5Flzvf2K4fhPC+UgsGecNlsAC1HwK+HJAAAAAV9TdNFfVMZR"}
@@ -887,7 +769,7 @@
00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":442,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739348805774,"flow_src_last_pkt_time":946739348805774,"flow_dst_last_pkt_time":946739348805774,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739348805774,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":41895,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01201{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":442,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":1,"flow_src_last_pkt_time":946739348805774,"flow_dst_last_pkt_time":946739348805774,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_usec":946739348805774,"pkt":"REREREREZmZmZmZmCABFAAIclaZAAL0RCvoKAAABjgTMb6OnAbsCCB1KEX0BAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00881{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":442,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739348805774,"flow_src_last_pkt_time":946739348805774,"flow_dst_last_pkt_time":946739348805774,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739348805774,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":41895,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":443,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739348805778}
00327{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":4,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":946739348805778,"packet_id":443,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739348805778}
00423{"packet_event_id":1,"packet_event_name":"packet","packet_id":443,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739348805774,"pkt":"REREREREZmZmZmZmCABFAABQlaUAub0RTA4KAAABjgTMbwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":444,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739348805808,"flow_src_last_pkt_time":946739348805808,"flow_dst_last_pkt_time":946739348805808,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739348805808,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":46363,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01201{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":444,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":1,"flow_src_last_pkt_time":946739348805808,"flow_dst_last_pkt_time":946739348805808,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_usec":946739348805808,"pkt":"REREREREZmZmZmZmCABFAAIcladAAL0RCvkKAAABjgTMb7UbAbsCCB1KEXsBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
@@ -895,12 +777,12 @@
00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":445,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739348805827,"flow_src_last_pkt_time":946739348805827,"flow_dst_last_pkt_time":946739348805827,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739348805827,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":57180,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":445,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":1,"flow_src_last_pkt_time":946739348805827,"flow_dst_last_pkt_time":946739348805827,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739348805827,"pkt":"REREREREZmZmZmZmCABFAAXclaggAL0RJzgKAAABjgTMb99cAbsGBKBJEX4BAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00884{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":445,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739348805827,"flow_src_last_pkt_time":946739348805827,"flow_dst_last_pkt_time":946739348805827,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739348805827,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":57180,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":446,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739348805843}
00327{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":5,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":946739348805843,"packet_id":446,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739348805843}
00423{"packet_event_id":1,"packet_event_name":"packet","packet_id":446,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739348805827,"pkt":"REREREREZmZmZmZmCABFAABQlagAub0RTAsKAAABjgTMbwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":447,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739348805857,"flow_src_last_pkt_time":946739348805857,"flow_dst_last_pkt_time":946739348805857,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739348805857,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":47621,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":447,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":180,"flow_packet_id":1,"flow_src_last_pkt_time":946739348805857,"flow_dst_last_pkt_time":946739348805857,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739348805857,"pkt":"REREREREZmZmZmZmCABFAAXclakgAL0RJzcKAAABjgTMb7oFAbsGBMWkEXoBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00884{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":447,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739348805857,"flow_src_last_pkt_time":946739348805857,"flow_dst_last_pkt_time":946739348805857,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739348805857,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":47621,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":448,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739348805876}
00327{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":6,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":946739348805876,"packet_id":448,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739348805876}
00423{"packet_event_id":1,"packet_event_name":"packet","packet_id":448,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739348805857,"pkt":"REREREREZmZmZmZmCABFAABQlakAub0RTAoKAAABjgTMbwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00768{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":449,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":2,"flow_src_last_pkt_time":946739348805774,"flow_dst_last_pkt_time":946739348912043,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_usec":946739348912043,"pkt":"ZmZmZmZmRERERERECABFAADWoIMAADQRymOOBMxvCgAAAQG7o6cAwiYzEX2BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAcAMABAAAQAAAAAAfXxETlNDAAEAAG0rJMeHQmadAAjPo7oVfCGn+vVnYNn+3VnMSzQY0rAkl3fyY6FeDYzevPOP9Wx6CFjMcHM\/npT74\/JxSlg\/ZQ+xYYapuSWJmSy0bkM5eaAYWq1iOjOwzrlApye0OOzsPbFhhqm5JYmZWX62h1l+todsSrmH"}
00768{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":450,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":2,"flow_src_last_pkt_time":946739348805763,"flow_dst_last_pkt_time":946739348913796,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_usec":946739348913796,"pkt":"ZmZmZmZmRERERERECABFAADWoIUAADQRymGOBMxvCgAAAQG751gAwuKCEXyBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAcAMABAAAQAAAAAAfXxETlNDAAEAAG0rJMeHQmadAAjPo7oVfCGn+vVnYNn+3VnMSzQY0rAkl3fyY6FeDYzevPOP9Wx6CFjMcHM\/npT74\/JxSlg\/ZQ+xYYapuSWJmSy0bkM5eaAYWq1iOjOwzrlApye0OOzsPbFhhqm5JYmZWX62h1l+todsSrmH"}
@@ -923,7 +805,7 @@
00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":457,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739380804529,"flow_src_last_pkt_time":946739380804529,"flow_dst_last_pkt_time":946739380804529,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739380804529,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":52056,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01203{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":457,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":1,"flow_src_last_pkt_time":946739380804529,"flow_dst_last_pkt_time":946739380804529,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_usec":946739380804529,"pkt":"REREREREZmZmZmZmCABFAAIc\/YdAAH4Rg9QKAAAB1C\/kiMtYAbsCCHuObeIBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJmcghkbnNjcnlwdANvcmcAABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00882{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":457,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739380804529,"flow_src_last_pkt_time":946739380804529,"flow_dst_last_pkt_time":946739380804529,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739380804529,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":52056,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":458,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739380804545}
00327{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":946739380804545,"packet_id":458,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739380804545}
00424{"packet_event_id":1,"packet_event_name":"packet","packet_id":458,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739380804529,"pkt":"REREREREZmZmZmZmCABFAABQIEwAuX4RoiMKAAAB1C\/kiAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":459,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739380805007,"flow_src_last_pkt_time":946739380805007,"flow_dst_last_pkt_time":946739380805007,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739380805007,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":40775,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01203{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":459,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":1,"flow_src_last_pkt_time":946739380805007,"flow_dst_last_pkt_time":946739380805007,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_usec":946739380805007,"pkt":"REREREREZmZmZmZmCABFAAIc\/YhAAH4Rg9MKAAAB1C\/kiJ9HAbsCCHuObeABAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJmcghkbnNjcnlwdANvcmcAABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
@@ -931,12 +813,12 @@
00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":460,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739380805259,"flow_src_last_pkt_time":946739380805259,"flow_dst_last_pkt_time":946739380805259,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739380805259,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":56335,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":460,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":1,"flow_src_last_pkt_time":946739380805259,"flow_dst_last_pkt_time":946739380805259,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739380805259,"pkt":"REREREREZmZmZmZmCABFAAXc\/YkgAH4RoBIKAAAB1C\/kiNwPAbsGBMhCbeEBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJmcghkbnNjcnlwdANvcmcAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00885{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":460,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739380805259,"flow_src_last_pkt_time":946739380805259,"flow_dst_last_pkt_time":946739380805259,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739380805259,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":56335,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":461,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739380805278}
00327{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":946739380805278,"packet_id":461,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739380805278}
00425{"packet_event_id":1,"packet_event_name":"packet","packet_id":461,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739380805259,"pkt":"REREREREZmZmZmZmCABFAABQ\/YkAuX4RxOUKAAAB1C\/kiAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":462,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739380805613,"flow_src_last_pkt_time":946739380805613,"flow_dst_last_pkt_time":946739380805613,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739380805613,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":60885,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":462,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":1,"flow_src_last_pkt_time":946739380805613,"flow_dst_last_pkt_time":946739380805613,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739380805613,"pkt":"REREREREZmZmZmZmCABFAAXc\/YogAH4RoBEKAAAB1C\/kiO3VAbsGBLZ+bd8BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJmcghkbnNjcnlwdANvcmcAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00885{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":462,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739380805613,"flow_src_last_pkt_time":946739380805613,"flow_dst_last_pkt_time":946739380805613,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739380805613,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":60885,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":463,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739380805632}
00327{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":3,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":946739380805632,"packet_id":463,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739380805632}
00425{"packet_event_id":1,"packet_event_name":"packet","packet_id":463,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739380805613,"pkt":"REREREREZmZmZmZmCABFAABQ\/YoAuX4RxOQKAAAB1C\/kiAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00766{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":464,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":181,"flow_packet_id":2,"flow_src_last_pkt_time":946739380804527,"flow_dst_last_pkt_time":946739380832369,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_usec":946739380832369,"pkt":"ZmZmZmZmRERERERECABFAADWpUBAADIRKWLUL+SICgAAAQG7leMAwtNqbd6BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAJmcghkbnNjcnlwdANvcmcAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAAAGnqbCRK7WvFnA0fqnvTaP0TkhGLYlM337fP\/M0VQi0o3wTy7gpqyMQZFkjfrWn031Ofm4JJLwM1X8FbNxmrQCWUcFQ8RQkVXWSFLecisgk5xXaKVbLy2ZX6VNRztvrCJZRwVDxFCRVAAAAAV9ToghfVPOI"}
00766{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":465,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":2,"flow_src_last_pkt_time":946739380804527,"flow_dst_last_pkt_time":946739380834573,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_usec":946739380834573,"pkt":"ZmZmZmZmRERERERECABFAADWpUJAADIRKWDUL+SICgAAAQG7hbQAwuOabd2BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAJmcghkbnNjcnlwdANvcmcAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAAAGnqbCRK7WvFnA0fqnvTaP0TkhGLYlM337fP\/M0VQi0o3wTy7gpqyMQZFkjfrWn031Ofm4JJLwM1X8FbNxmrQCWUcFQ8RQkVXWSFLecisgk5xXaKVbLy2ZX6VNRztvrCJZRwVDxFCRVAAAAAV9ToghfVPOI"}
@@ -956,7 +838,7 @@
00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":473,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739380984007,"flow_src_last_pkt_time":946739380984007,"flow_dst_last_pkt_time":946739380984007,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739380984007,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":57090,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":473,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":1,"flow_src_last_pkt_time":946739380984007,"flow_dst_last_pkt_time":946739380984007,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739380984007,"pkt":"REREREREZmZmZmZmCABFAAXcVMcgAH4RTqIKAAABVQVd5t8CIPsGBKCC4+8BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhpYmtzdHVybQAAEAABAAAAAAAAAAAABccADAXDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00883{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":473,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739380984007,"flow_src_last_pkt_time":946739380984007,"flow_dst_last_pkt_time":946739380984007,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739380984007,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":57090,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":474,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739380984034}
00327{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":4,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":946739380984034,"packet_id":474,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739380984034}
00423{"packet_event_id":1,"packet_event_name":"packet","packet_id":474,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739380984007,"pkt":"REREREREZmZmZmZmCABFAABQVMcAuX4Rc3UKAAABVQVd5gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":475,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739380984041,"flow_src_last_pkt_time":946739380984041,"flow_dst_last_pkt_time":946739380984041,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739380984041,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":51826,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":475,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":1,"flow_src_last_pkt_time":946739380984041,"flow_dst_last_pkt_time":946739380984041,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739380984041,"pkt":"REREREREZmZmZmZmCABFAAXcVMkgAH4RTqAKAAABVQVd5spyIPsGBLUQ4\/EBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhpYmtzdHVybQAAEAABAAAAAAAAAAAABccADAXDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
@@ -964,9 +846,9 @@
00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":476,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739380984041,"flow_src_last_pkt_time":946739380984041,"flow_dst_last_pkt_time":946739380984041,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739380984041,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":39259,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":476,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":1,"flow_src_last_pkt_time":946739380984041,"flow_dst_last_pkt_time":946739380984041,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739380984041,"pkt":"REREREREZmZmZmZmCABFAAXcVMggAH4RTqEKAAABVQVd5plbIPsGBOYr4+0BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhpYmtzdHVybQAAEAABAAAAAAAAAAAABccADAXDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00883{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":476,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739380984041,"flow_src_last_pkt_time":946739380984041,"flow_dst_last_pkt_time":946739380984041,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739380984041,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":39259,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":477,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739380984057}
00327{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":5,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":946739380984057,"packet_id":477,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739380984057}
00423{"packet_event_id":1,"packet_event_name":"packet","packet_id":477,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739380984041,"pkt":"REREREREZmZmZmZmCABFAABQVMgAuX4Rc3QKAAABVQVd5gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":478,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739380984062}
00327{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":6,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":946739380984062,"packet_id":478,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739380984062}
00423{"packet_event_id":1,"packet_event_name":"packet","packet_id":478,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739380984041,"pkt":"REREREREZmZmZmZmCABFAABQVMkAuX4Rc3MKAAABVQVd5gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00758{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":479,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":2,"flow_src_last_pkt_time":946739380983957,"flow_dst_last_pkt_time":946739381015839,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"thread_ts_usec":946739381015839,"pkt":"ZmZmZmZmRERERERECABFAADPeUtAADQRWStVBV3mCgAAASD7tjYAu6OI4+6BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhpYmtzdHVybQAAEAABwAwAEAABAABwgAB9fEROU0MAAgAAQmF4jrNkSB0NiNqctWCLsz9Hoe15aS6mrwyMq15DMDKxowa47TLEyU+dCwefDt3RvbYdetUltVlZd+8gb8kmCcgRT\/L7wkmA5gU0xv13eDWtHcb4jTpxlTH+X73K1n94yBFP8vvCSYAAAAABX1Nm5l9UuGY="}
00759{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":480,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":2,"flow_src_last_pkt_time":946739380983948,"flow_dst_last_pkt_time":946739381016027,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"thread_ts_usec":946739381016027,"pkt":"ZmZmZmZmRERERERECABFAADPeUlAADQRWS1VBV3mCgAAASD75kQAu3N24\/KBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhpYmtzdHVybQAAEAABwAwAEAABAABwgAB9fEROU0MAAgAAQmF4jrNkSB0NiNqctWCLsz9Hoe15aS6mrwyMq15DMDKxowa47TLEyU+dCwefDt3RvbYdetUltVlZd+8gb8kmCcgRT\/L7wkmA5gU0xv13eDWtHcb4jTpxlTH+X73K1n94yBFP8vvCSYAAAAABX1Nm5l9UuGY="}
@@ -1127,12 +1009,12 @@
00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":487,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739391046811,"flow_src_last_pkt_time":946739391046811,"flow_dst_last_pkt_time":946739391046811,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739391046811,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":51509,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":487,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":1,"flow_src_last_pkt_time":946739391046811,"flow_dst_last_pkt_time":946739391046811,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739391046811,"pkt":"REREREREZmZmZmZmCABFAAXcBYcgAH4R5yEKAAABi2PeSMk1IPsGBMVRmlYBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANkbnMEc2VieQJpbwAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00885{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":487,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739391046811,"flow_src_last_pkt_time":946739391046811,"flow_dst_last_pkt_time":946739391046811,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739391046811,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":51509,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":488,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739391046819}
00327{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":946739391046819,"packet_id":488,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739391046819}
00424{"packet_event_id":1,"packet_event_name":"packet","packet_id":488,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739391046811,"pkt":"REREREREZmZmZmZmCABFAABQBYYAuX4RC\/YKAAABi2PeSAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":489,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739391046818,"flow_src_last_pkt_time":946739391046818,"flow_dst_last_pkt_time":946739391046818,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739391046818,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":45682,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01201{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":489,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":1,"flow_src_last_pkt_time":946739391046818,"flow_dst_last_pkt_time":946739391046818,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_usec":946739391046818,"pkt":"REREREREZmZmZmZmCABFAAIcBYhAAH4RyuAKAAABi2PeSLJyIPsCCCyCmlcBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANkbnMEc2VieQJpbwAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00882{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":489,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739391046818,"flow_src_last_pkt_time":946739391046818,"flow_dst_last_pkt_time":946739391046818,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739391046818,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":45682,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":490,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739391046826}
00327{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":946739391046826,"packet_id":490,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739391046826}
00424{"packet_event_id":1,"packet_event_name":"packet","packet_id":490,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739391046818,"pkt":"REREREREZmZmZmZmCABFAABQBYcAuX4RC\/UKAAABi2PeSAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":491,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739391046859,"flow_src_last_pkt_time":946739391046859,"flow_dst_last_pkt_time":946739391046859,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739391046859,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":59400,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01201{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":491,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":1,"flow_src_last_pkt_time":946739391046859,"flow_dst_last_pkt_time":946739391046859,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_usec":946739391046859,"pkt":"REREREREZmZmZmZmCABFAAIcBYlAAH4Ryt8KAAABi2PeSOgIIPsCCCyCmlUBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANkbnMEc2VieQJpbwAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
@@ -1140,7 +1022,7 @@
00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":492,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739391046881,"flow_src_last_pkt_time":946739391046881,"flow_dst_last_pkt_time":946739391046881,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739391046881,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":49796,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":492,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":198,"flow_packet_id":1,"flow_src_last_pkt_time":946739391046881,"flow_dst_last_pkt_time":946739391046881,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739391046881,"pkt":"REREREREZmZmZmZmCABFAAXcBYogAH4R5x4KAAABi2PeSMKEIPsGBMwAmlgBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANkbnMEc2VieQJpbwAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00885{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":492,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739391046881,"flow_src_last_pkt_time":946739391046881,"flow_dst_last_pkt_time":946739391046881,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739391046881,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":49796,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":493,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739391046903}
00327{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":3,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":946739391046903,"packet_id":493,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739391046903}
00424{"packet_event_id":1,"packet_event_name":"packet","packet_id":493,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739391046881,"pkt":"REREREREZmZmZmZmCABFAABQBYoAuX4RC\/IKAAABi2PeSAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00766{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":494,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":2,"flow_src_last_pkt_time":946739391046818,"flow_dst_last_pkt_time":946739391306378,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"thread_ts_usec":946739391306378,"pkt":"ZmZmZmZmRERERERECABFAADSWtFAACoRyuGLY95ICgAAASD7snIAvm5FmleBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANkbnMEc2VieQJpbwAAEAABwAwAEAABAABwgAB9fEROU0MAAgAAAR0hTbelwStbUvrsyN4TMcjd6ciaJLWS\/+lAjdb\/qhY\/GqLYEoO6rv\/+JZlrPe5rwefrjN2pIualeqx6XQ1AD9Zj2kPVDPuO2VaFeIl38Qe5+u3sSCCBiqzaCgrP\/G5+1mPaQ9UM+44AAAABX1NQIl9UoaI="}
00766{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":495,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":2,"flow_src_last_pkt_time":946739391046803,"flow_dst_last_pkt_time":946739391308620,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"thread_ts_usec":946739391308620,"pkt":"ZmZmZmZmRERERERECABFAADSWtNAACoRyt+LY95ICgAAASD7xakAvlsMmlmBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANkbnMEc2VieQJpbwAAEAABwAwAEAABAABwgAB9fEROU0MAAgAAAR0hTbelwStbUvrsyN4TMcjd6ciaJLWS\/+lAjdb\/qhY\/GqLYEoO6rv\/+JZlrPe5rwefrjN2pIualeqx6XQ1AD9Zj2kPVDPuO2VaFeIl38Qe5+u3sSCCBiqzaCgrP\/G5+1mPaQ9UM+44AAAABX1NQIl9UoaI="}
@@ -1151,12 +1033,12 @@
00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":498,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739396047802,"flow_src_last_pkt_time":946739396047802,"flow_dst_last_pkt_time":946739396047802,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739396047802,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":41108,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":498,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":200,"flow_packet_id":1,"flow_src_last_pkt_time":946739396047802,"flow_dst_last_pkt_time":946739396047802,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739396047802,"pkt":"REREREREZmZmZmZmCABFAAXclEMgAH4RxtIKAAABkFtq46CUAbsGBGABZlsBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdANvbmUAABAAAQAAAAAAAAAAAAXDAAwFvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00885{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":498,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739396047802,"flow_src_last_pkt_time":946739396047802,"flow_dst_last_pkt_time":946739396047802,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739396047802,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":41108,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":499,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739396047813}
00327{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":4,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":946739396047813,"packet_id":499,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739396047813}
00423{"packet_event_id":1,"packet_event_name":"packet","packet_id":499,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739396047802,"pkt":"REREREREZmZmZmZmCABFAABQlEMAuX4R66UKAAABkFtq4wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":500,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739396047817,"flow_src_last_pkt_time":946739396047817,"flow_dst_last_pkt_time":946739396047817,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739396047817,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":48237,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":500,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":201,"flow_packet_id":1,"flow_src_last_pkt_time":946739396047817,"flow_dst_last_pkt_time":946739396047817,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739396047817,"pkt":"REREREREZmZmZmZmCABFAAXclEQgAH4RxtEKAAABkFtq47xtAbsGBEQqZlkBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdANvbmUAABAAAQAAAAAAAAAAAAXDAAwFvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00885{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":500,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739396047817,"flow_src_last_pkt_time":946739396047817,"flow_dst_last_pkt_time":946739396047817,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739396047817,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":48237,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":501,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739396047828}
00327{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":5,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":946739396047828,"packet_id":501,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739396047828}
00423{"packet_event_id":1,"packet_event_name":"packet","packet_id":501,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739396047817,"pkt":"REREREREZmZmZmZmCABFAABQlEQAuX4R66QKAAABkFtq4wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":502,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739396047867,"flow_src_last_pkt_time":946739396047867,"flow_dst_last_pkt_time":946739396047867,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739396047867,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":54305,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01201{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":502,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":1,"flow_src_last_pkt_time":946739396047867,"flow_dst_last_pkt_time":946739396047867,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_usec":946739396047867,"pkt":"REREREREZmZmZmZmCABFAAIclEVAAH4RqpAKAAABkFtq49QhAbsCCL4UZloBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdANvbmUAABAAAQAAAAAAAAAAAAHHAAwBwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
@@ -1167,7 +1049,7 @@
00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":504,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739396047885,"flow_src_last_pkt_time":946739396047885,"flow_dst_last_pkt_time":946739396047885,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739396047885,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":54204,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":504,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":204,"flow_packet_id":1,"flow_src_last_pkt_time":946739396047885,"flow_dst_last_pkt_time":946739396047885,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739396047885,"pkt":"REREREREZmZmZmZmCABFAAXclEcgAH4Rxs4KAAABkFtq49O8AbsGBCzXZl0BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdANvbmUAABAAAQAAAAAAAAAAAAXDAAwFvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00885{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":504,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739396047885,"flow_src_last_pkt_time":946739396047885,"flow_dst_last_pkt_time":946739396047885,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739396047885,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":54204,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":505,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739396047896}
00327{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":6,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":946739396047896,"packet_id":505,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739396047896}
00423{"packet_event_id":1,"packet_event_name":"packet","packet_id":505,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739396047885,"pkt":"REREREREZmZmZmZmCABFAABQlEcAuX4R66EKAAABkFtq4wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00761{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":506,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":200,"flow_packet_id":2,"flow_src_last_pkt_time":946739396047802,"flow_dst_last_pkt_time":946739396069636,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"thread_ts_usec":946739396069636,"pkt":"ZmZmZmZmRERERERECABFAADTkQZAADcR9hiQW2rjCgAAAQG7oJQAvzbjZluBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdANvbmUAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAALkTa3PmYOnbKVsenPA+dUbqb7bPdeethm+r51VaewMcP0sfe1RtTAHcc8Uvs8bFQylZgA4Na3Yk4xgl2KWmKw4bPctGhBgarq2J2ya3ifLfvYsxbqqez8iaBEin48TCXxs9y0aEGBquAAAAAV9TgfdfVNN3"}
00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":507,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739396070457,"flow_src_last_pkt_time":946739396070457,"flow_dst_last_pkt_time":946739396070457,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739396070457,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":33293,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -1179,9 +1061,9 @@
00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":509,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739396070525,"flow_src_last_pkt_time":946739396070525,"flow_dst_last_pkt_time":946739396070525,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739396070525,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":33246,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":509,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":207,"flow_packet_id":1,"flow_src_last_pkt_time":946739396070525,"flow_dst_last_pkt_time":946739396070525,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739396070525,"pkt":"REREREREZmZmZmZmCABFAAXcSFogAH4RFuAKAAABLuPIN4HeIPsGBEfaFc4BAAABAAAAAAABATINZG5zY3J5cHQtY2VydARyZG5zBmZhZWxpeANuZXQAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00885{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":509,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739396070525,"flow_src_last_pkt_time":946739396070525,"flow_dst_last_pkt_time":946739396070525,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739396070525,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":33246,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":510,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739396070529}
00327{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":7,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":946739396070529,"packet_id":510,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739396070529}
00423{"packet_event_id":1,"packet_event_name":"packet","packet_id":510,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739396070525,"pkt":"REREREREZmZmZmZmCABFAABQSFkAuX4RO7QKAAABLuPINwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":511,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739396070534}
00327{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":8,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":946739396070534,"packet_id":511,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739396070534}
00423{"packet_event_id":1,"packet_event_name":"packet","packet_id":511,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739396070525,"pkt":"REREREREZmZmZmZmCABFAABQSFoAuX4RO7MKAAABLuPINwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":512,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739396070539,"flow_src_last_pkt_time":946739396070539,"flow_dst_last_pkt_time":946739396070539,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739396070539,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":50277,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01201{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":512,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":208,"flow_packet_id":1,"flow_src_last_pkt_time":946739396070539,"flow_dst_last_pkt_time":946739396070539,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_usec":946739396070539,"pkt":"REREREREZmZmZmZmCABFAAIcSFtAAH4R+p4KAAABLuPIN8RlIPsCCLnwFdEBAAABAAAAAAABATINZG5zY3J5cHQtY2VydARyZG5zBmZhZWxpeANuZXQAABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
@@ -1189,7 +1071,7 @@
00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":513,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739396070548,"flow_src_last_pkt_time":946739396070548,"flow_dst_last_pkt_time":946739396070548,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739396070548,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":44161,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":513,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":1,"flow_src_last_pkt_time":946739396070548,"flow_dst_last_pkt_time":946739396070548,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739396070548,"pkt":"REREREREZmZmZmZmCABFAAXcSFwgAH4RFt4KAAABLuPIN6yBIPsGBB0zFdIBAAABAAAAAAABATINZG5zY3J5cHQtY2VydARyZG5zBmZhZWxpeANuZXQAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00885{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":513,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739396070548,"flow_src_last_pkt_time":946739396070548,"flow_dst_last_pkt_time":946739396070548,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739396070548,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":44161,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":514,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739396070559}
00327{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":9,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":946739396070559,"packet_id":514,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739396070559}
00423{"packet_event_id":1,"packet_event_name":"packet","packet_id":514,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739396070548,"pkt":"REREREREZmZmZmZmCABFAABQSFwAuX4RO7EKAAABLuPINwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":515,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739396070559,"flow_src_last_pkt_time":946739396070559,"flow_dst_last_pkt_time":946739396070559,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739396070559,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":49177,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01201{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":515,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":210,"flow_packet_id":1,"flow_src_last_pkt_time":946739396070559,"flow_dst_last_pkt_time":946739396070559,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_usec":946739396070559,"pkt":"REREREREZmZmZmZmCABFAAIcSF1AAH4R+pwKAAABLuPIN8AZIPsCCLnwFc8BAAABAAAAAAABATINZG5zY3J5cHQtY2VydARyZG5zBmZhZWxpeANuZXQAABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
@@ -1210,7 +1092,7 @@
00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":527,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739396111010,"flow_src_last_pkt_time":946739396111010,"flow_dst_last_pkt_time":946739396111010,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739396111010,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":55185,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":527,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":212,"flow_packet_id":1,"flow_src_last_pkt_time":946739396111010,"flow_dst_last_pkt_time":946739396111010,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739396111010,"pkt":"REREREREZmZmZmZmCABFAAXcKekgAH4Rh58KAAABa6o5IteRAbsGBOOGsy4BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAl2ZW50cmljbGUCdXMAABAAAQAAAAAAAAAAAAW6AAwFtgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00884{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":527,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739396111010,"flow_src_last_pkt_time":946739396111010,"flow_dst_last_pkt_time":946739396111010,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739396111010,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":55185,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":528,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739396111023}
00328{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":10,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":946739396111023,"packet_id":528,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739396111023}
00423{"packet_event_id":1,"packet_event_name":"packet","packet_id":528,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739396111010,"pkt":"REREREREZmZmZmZmCABFAABQKekAuX4RrHIKAAABa6o5IgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":529,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739396111084,"flow_src_last_pkt_time":946739396111084,"flow_dst_last_pkt_time":946739396111084,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739396111084,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":36335,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01201{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":529,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":213,"flow_packet_id":1,"flow_src_last_pkt_time":946739396111084,"flow_dst_last_pkt_time":946739396111084,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_usec":946739396111084,"pkt":"REREREREZmZmZmZmCABFAAIcKepAAH4Ra14KAAABa6o5Io3vAbsCCGeisy8BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAl2ZW50cmljbGUCdXMAABAAAQAAAAAAAAAAAAG+AAwBugAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
@@ -1224,9 +1106,9 @@
00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":532,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739396111164,"flow_src_last_pkt_time":946739396111164,"flow_dst_last_pkt_time":946739396111164,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739396111164,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":42141,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":532,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":216,"flow_packet_id":1,"flow_src_last_pkt_time":946739396111164,"flow_dst_last_pkt_time":946739396111164,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739396111164,"pkt":"REREREREZmZmZmZmCABFAAXcKe0gAH4Rh5sKAAABa6o5IqSdAbsGBBZ5szABAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAl2ZW50cmljbGUCdXMAABAAAQAAAAAAAAAAAAW6AAwFtgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00884{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":532,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739396111164,"flow_src_last_pkt_time":946739396111164,"flow_dst_last_pkt_time":946739396111164,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739396111164,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":42141,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":533,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739396111169}
00328{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":11,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":946739396111169,"packet_id":533,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739396111169}
00423{"packet_event_id":1,"packet_event_name":"packet","packet_id":533,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739396111164,"pkt":"REREREREZmZmZmZmCABFAABQKewAuX4RrG8KAAABa6o5IgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":534,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739396111181}
00328{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":12,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":946739396111181,"packet_id":534,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739396111181}
00423{"packet_event_id":1,"packet_event_name":"packet","packet_id":534,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739396111164,"pkt":"REREREREZmZmZmZmCABFAABQKe0AuX4RrG4KAAABa6o5IgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00769{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":535,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":210,"flow_packet_id":2,"flow_src_last_pkt_time":946739396070559,"flow_dst_last_pkt_time":946739396113592,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_usec":946739396113592,"pkt":"ZmZmZmZmRERERERECABFAADWzDBAADcRvw8u48g3CgAAASD7wBkAwtmiFc+AAAABAAEAAAAAATINZG5zY3J5cHQtY2VydARyZG5zBmZhZWxpeANuZXQAABAAAcAMABAAAQAADhAAfXxETlNDAAEAADn5TxO0FAodB0MfyNII\/q4yfvBzna8lha8rHqMZH6brB0hzmteXf96oRMNtUVCp592lxf62HHwuDSbhBbtGtQcalorpuHO8PTt\/PSXI1nToKeQ\/\/4xUAF+WFp6Iz9p9KhqWium4c7w9AAAAAV7URQBxousA"}
00775{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":536,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":211,"flow_packet_id":2,"flow_src_last_pkt_time":946739396111009,"flow_dst_last_pkt_time":946739396210662,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":234,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":234,"pkt_l4_len":200,"thread_ts_usec":946739396210662,"pkt":"ZmZmZmZmRERERERECABFAADcvzUAADQRYVNrqjkiCgAAAQG71GcAyMwVszGBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAl2ZW50cmljbGUCdXMAABAAAcAMABAAAQAAAAAAfXxETlNDAAIAAI\/a1gzqXBRkeMMNLdByUsrCAeXq9pAoSIZvWZO078wHKN5t9zokYno4cH1X8DUwDBTmKYZNXI496f2ZPTyfGw7EiDsrhQ4a28OXE48fibQ4VcAHxN0Yn+p8BQ7Bz9i\/KcWIOyuFDhrbX1Oowl9TqMJfVPpC"}
@@ -1247,7 +1129,7 @@
00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":545,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739400460524,"flow_src_last_pkt_time":946739400460524,"flow_dst_last_pkt_time":946739400460524,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739400460524,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":54920,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":545,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":220,"flow_packet_id":1,"flow_src_last_pkt_time":946739400460524,"flow_dst_last_pkt_time":946739400460524,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739400460524,"pkt":"REREREREZmZmZmZmCABFAAXcPTYgAH4R32gKAAABucF\/9NaIAbsGBKQ8\/IwBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAl5b2Zpamktc2UAABAAAQAAAAAAAAAAAAXGAAwFwgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00886{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":545,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739400460524,"flow_src_last_pkt_time":946739400460524,"flow_dst_last_pkt_time":946739400460524,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739400460524,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":54920,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":546,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739400460543}
00328{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":13,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":946739400460543,"packet_id":546,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739400460543}
00424{"packet_event_id":1,"packet_event_name":"packet","packet_id":546,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739400460524,"pkt":"REREREREZmZmZmZmCABFAABQPTYAuX4RBDwKAAABucF\/9AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":547,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739400460550,"flow_src_last_pkt_time":946739400460550,"flow_dst_last_pkt_time":946739400460550,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739400460550,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":46314,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":547,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":1,"flow_src_last_pkt_time":946739400460550,"flow_dst_last_pkt_time":946739400460550,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739400460550,"pkt":"REREREREZmZmZmZmCABFAAXcPTggAH4R32YKAAABucF\/9LTqAbsGBMXY\/I4BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAl5b2Zpamktc2UAABAAAQAAAAAAAAAAAAXGAAwFwgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
@@ -1255,9 +1137,9 @@
00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":548,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739400460551,"flow_src_last_pkt_time":946739400460551,"flow_dst_last_pkt_time":946739400460551,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739400460551,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":47971,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":548,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":222,"flow_packet_id":1,"flow_src_last_pkt_time":946739400460551,"flow_dst_last_pkt_time":946739400460551,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739400460551,"pkt":"REREREREZmZmZmZmCABFAAXcPTcgAH4R32cKAAABucF\/9LtjAbsGBL9j\/IoBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAl5b2Zpamktc2UAABAAAQAAAAAAAAAAAAXGAAwFwgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00886{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":548,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739400460551,"flow_src_last_pkt_time":946739400460551,"flow_dst_last_pkt_time":946739400460551,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739400460551,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":47971,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":549,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739400460564}
00328{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":14,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":946739400460564,"packet_id":549,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739400460564}
00424{"packet_event_id":1,"packet_event_name":"packet","packet_id":549,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739400460551,"pkt":"REREREREZmZmZmZmCABFAABQPTcAuX4RBDsKAAABucF\/9AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":550,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739400460566}
00328{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":15,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":946739400460566,"packet_id":550,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739400460566}
00424{"packet_event_id":1,"packet_event_name":"packet","packet_id":550,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739400460551,"pkt":"REREREREZmZmZmZmCABFAABQPTgAuX4RBDoKAAABucF\/9AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00759{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":551,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":217,"flow_packet_id":2,"flow_src_last_pkt_time":946739400460375,"flow_dst_last_pkt_time":946739400518584,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"thread_ts_usec":946739400518584,"pkt":"ZmZmZmZmRERERERECABFAADQoahAADYRqAK5wX\/0CgAAAQG73pwAvLKe\/I+BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAl5b2Zpamktc2UAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAANT+QyCeqOpvY3ek9vOTVGrWy3oc27D9SS491oCJRe7RQWKb3q0aPb33Ziq0RP9PPCzRMBy1lW3l6rz74jWgmwszJtIbCS+4i64Fme9c0vB4hxz+sKp41i8d9KRbhVFMbjMm0hsJL7iLAAAAAV9TV8BfVKlA"}
00759{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":552,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":219,"flow_packet_id":2,"flow_src_last_pkt_time":946739400460415,"flow_dst_last_pkt_time":946739400519484,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"thread_ts_usec":946739400519484,"pkt":"ZmZmZmZmRERERERECABFAADQoapAADYRqAC5wX\/0CgAAAQG759oAvKli\/I2BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAl5b2Zpamktc2UAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAANT+QyCeqOpvY3ek9vOTVGrWy3oc27D9SS491oCJRe7RQWKb3q0aPb33Ziq0RP9PPCzRMBy1lW3l6rz74jWgmwszJtIbCS+4i64Fme9c0vB4hxz+sKp41i8d9KRbhVFMbjMm0hsJL7iLAAAAAV9TV8BfVKlA"}
@@ -1276,18 +1158,14 @@
00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":559,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739400522601,"flow_src_last_pkt_time":946739400522601,"flow_dst_last_pkt_time":946739400522601,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739400522601,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":49732,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01201{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":559,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":1,"flow_src_last_pkt_time":946739400522601,"flow_dst_last_pkt_time":946739400522601,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_usec":946739400522601,"pkt":"REREREREZmZmZmZmCABFAAIcaQtAAH4RLt4KAAABTUJU6cJEAbsCCGUBspwBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjIIZG5zY3J5cHQCZXUAABAAAQAAAAAAAAAAAAG+AAwBugAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00880{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":559,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739400522601,"flow_src_last_pkt_time":946739400522601,"flow_dst_last_pkt_time":946739400522601,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739400522601,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":49732,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":560,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739400522616}
00328{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":16,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":946739400522616,"packet_id":560,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739400522616}
00424{"packet_event_id":1,"packet_event_name":"packet","packet_id":560,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739400522601,"pkt":"REREREREZmZmZmZmCABFAABQaQoAuX4Rb\/IKAAABTUJU6QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":561,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739400522616,"flow_src_last_pkt_time":946739400522616,"flow_dst_last_pkt_time":946739400522616,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739400522616,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":50757,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":561,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":1,"flow_src_last_pkt_time":946739400522616,"flow_dst_last_pkt_time":946739400522616,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739400522616,"pkt":"REREREREZmZmZmZmCABFAAXcaQwgAH4RSx0KAAABTUJU6cZFAbsGBGDUspsBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjIIZG5zY3J5cHQCZXUAABAAAQAAAAAAAAAAAAW6AAwFtgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00883{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":561,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739400522616,"flow_src_last_pkt_time":946739400522616,"flow_dst_last_pkt_time":946739400522616,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739400522616,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":50757,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":562,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739400522632}
00424{"packet_event_id":1,"packet_event_name":"packet","packet_id":562,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739400522616,"pkt":"REREREREZmZmZmZmCABFAABQaQwAuX4Rb\/AKAAABTUJU6QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":563,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739400522705,"flow_src_last_pkt_time":946739400522705,"flow_dst_last_pkt_time":946739400522705,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739400522705,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":57109,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":563,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":228,"flow_packet_id":1,"flow_src_last_pkt_time":946739400522705,"flow_dst_last_pkt_time":946739400522705,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739400522705,"pkt":"REREREREZmZmZmZmCABFAAXcaQ0gAH4RSxwKAAABTUJU6d8VAbsGBEgCsp0BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjIIZG5zY3J5cHQCZXUAABAAAQAAAAAAAAAAAAW6AAwFtgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00883{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":563,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739400522705,"flow_src_last_pkt_time":946739400522705,"flow_dst_last_pkt_time":946739400522705,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739400522705,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":57109,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":564,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739400522721}
00423{"packet_event_id":1,"packet_event_name":"packet","packet_id":564,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739400522705,"pkt":"REREREREZmZmZmZmCABFAABQaQ0AuX4Rb+8KAAABTUJU6QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00760{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":565,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":2,"flow_src_last_pkt_time":946739400460550,"flow_dst_last_pkt_time":946739400522927,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"thread_ts_usec":946739400522927,"pkt":"ZmZmZmZmRERERERECABFAADQoa1AADYRp\/25wX\/0CgAAAQG7tOoAvNxR\/I6BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAl5b2Zpamktc2UAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAANT+QyCeqOpvY3ek9vOTVGrWy3oc27D9SS491oCJRe7RQWKb3q0aPb33Ziq0RP9PPCzRMBy1lW3l6rz74jWgmwszJtIbCS+4i64Fme9c0vB4hxz+sKp41i8d9KRbhVFMbjMm0hsJL7iLAAAAAV9TV8BfVKlA"}
00773{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":566,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":224,"flow_packet_id":2,"flow_src_last_pkt_time":946739400522566,"flow_dst_last_pkt_time":946739400550382,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":234,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":234,"pkt_l4_len":200,"thread_ts_usec":946739400550382,"pkt":"ZmZmZmZmRERERERECABFAADcDmgAADYREsJNQlTpCgAAAQG7tDwAyK7NspqBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjIIZG5zY3J5cHQCZXUAABAAAcAMABAAAQAAAAAAfXxETlNDAAIAAHTELXM+13EPB+IE+zJ9PQOXdJ7IKBJfAx72Wd7gihP8hRGtsF77cDm0yhz652JqAFc0tI+h6KATFWPKnD7HPQCiR1MNmirJFbpEf5fuBV5xkfCiHCm163IIgp4yvCcsa6NHUw2aKskVX1OfeV9Tn3lfVPD5"}
00773{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":567,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":223,"flow_packet_id":2,"flow_src_last_pkt_time":946739400522562,"flow_dst_last_pkt_time":946739400550417,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":234,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":234,"pkt_l4_len":200,"thread_ts_usec":946739400550417,"pkt":"ZmZmZmZmRERERERECABFAADcDmcAADYREsNNQlTpCgAAAQG7waAAyKFlsp6BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjIIZG5zY3J5cHQCZXUAABAAAcAMABAAAQAAAAAAfXxETlNDAAIAAHTELXM+13EPB+IE+zJ9PQOXdJ7IKBJfAx72Wd7gihP8hRGtsF77cDm0yhz652JqAFc0tI+h6KATFWPKnD7HPQCiR1MNmirJFbpEf5fuBV5xkfCiHCm163IIgp4yvCcsa6NHUw2aKskVX1OfeV9Tn3lfVPD5"}
@@ -1346,15 +1224,9 @@
00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":576,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739402188042,"flow_src_last_pkt_time":946739402188042,"flow_dst_last_pkt_time":946739402188042,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739402188042,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":34024,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":576,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":1,"flow_src_last_pkt_time":946739402188042,"flow_dst_last_pkt_time":946739402188042,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739402188042,"pkt":"REREREREZmZmZmZmCABFAAXc1vUgAH4RHSMKAAABF29KzYToAbsGBA8bS8IBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00884{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":576,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739402188042,"flow_src_last_pkt_time":946739402188042,"flow_dst_last_pkt_time":946739402188042,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739402188042,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":34024,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":577,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739402188057}
00423{"packet_event_id":1,"packet_event_name":"packet","packet_id":577,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739402188042,"pkt":"REREREREZmZmZmZmCABFAABQ1vYAuX4RQfUKAAABF29KzQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":578,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739402188062}
00423{"packet_event_id":1,"packet_event_name":"packet","packet_id":578,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739402188042,"pkt":"REREREREZmZmZmZmCABFAABQ1vUAuX4RQfYKAAABF29KzQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":579,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739402188092,"flow_src_last_pkt_time":946739402188092,"flow_dst_last_pkt_time":946739402188092,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739402188092,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":60113,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":579,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":234,"flow_packet_id":1,"flow_src_last_pkt_time":946739402188092,"flow_dst_last_pkt_time":946739402188092,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739402188092,"pkt":"REREREREZmZmZmZmCABFAAXc1vcgAH4RHSEKAAABF29KzerRAbsGBKkvS8QBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00884{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":579,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739402188092,"flow_src_last_pkt_time":946739402188092,"flow_dst_last_pkt_time":946739402188092,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739402188092,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":60113,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00228{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":580,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739402188109}
00423{"packet_event_id":1,"packet_event_name":"packet","packet_id":580,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739402188092,"pkt":"REREREREZmZmZmZmCABFAABQ1vcAuX4RQfQKAAABF29KzQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00766{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":581,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":2,"flow_src_last_pkt_time":946739402187997,"flow_dst_last_pkt_time":946739402352103,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"thread_ts_usec":946739402352103,"pkt":"ZmZmZmZmRERERERECABFAADUpqhAADURe3gXb0rNCgAAAQG76MMAwNUkS8OBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAHADAAQAAEAAHCAAH18RE5TQwACAADFMi1FdTWI6xs9AIHJqo\/A+wDfjlj3WkVYnoIQAvOP3ISfoMelOBqvsYElaECIkBkM1KRmWo7IwtwzQE5GK6ICxIfEdneiwuXVbSuJIibtWiAHFQr52HeEOQNDYtX2pkLEh8R2d6LC5QAAAAFfU1VGX1Smxg=="}
00766{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":582,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":2,"flow_src_last_pkt_time":946739402188014,"flow_dst_last_pkt_time":946739402354461,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"thread_ts_usec":946739402354461,"pkt":"ZmZmZmZmRERERERECABFAADUpqpAADURe3YXb0rNCgAAAQG7rvkAwA7rS8eBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAHADAAQAAEAAHCAAH18RE5TQwACAADFMi1FdTWI6xs9AIHJqo\/A+wDfjlj3WkVYnoIQAvOP3ISfoMelOBqvsYElaECIkBkM1KRmWo7IwtwzQE5GK6ICxIfEdneiwuXVbSuJIibtWiAHFQr52HeEOQNDYtX2pkLEh8R2d6LC5QAAAAFfU1VGX1Smxg=="}
00766{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":583,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":2,"flow_src_last_pkt_time":946739402188041,"flow_dst_last_pkt_time":946739402354516,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"thread_ts_usec":946739402354516,"pkt":"ZmZmZmZmRERERERECABFAADUpqtAADURe3UXb0rNCgAAAQG7zzUAwO6vS8aBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAHADAAQAAEAAHCAAH18RE5TQwACAADFMi1FdTWI6xs9AIHJqo\/A+wDfjlj3WkVYnoIQAvOP3ISfoMelOBqvsYElaECIkBkM1KRmWo7IwtwzQE5GK6ICxIfEdneiwuXVbSuJIibtWiAHFQr52HeEOQNDYtX2pkLEh8R2d6LC5QAAAAFfU1VGX1Smxg=="}
@@ -1658,7 +1530,7 @@
00925{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":608,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739614386871,"flow_src_last_pkt_time":946739614386871,"flow_dst_last_pkt_time":946739614411248,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":576,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":576,"flow_dst_max_l4_payload_len":240,"flow_src_tot_l4_payload_len":576,"flow_dst_tot_l4_payload_len":240,"midstream":0,"thread_ts_usec":946739861499384,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":38660,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00924{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":608,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739660371388,"flow_src_last_pkt_time":946739660371388,"flow_dst_last_pkt_time":946739660417793,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":576,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":576,"flow_dst_max_l4_payload_len":384,"flow_src_tot_l4_payload_len":576,"flow_dst_tot_l4_payload_len":384,"midstream":0,"thread_ts_usec":946739861499384,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":40958,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00922{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":608,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739861286767,"flow_src_last_pkt_time":946739861286767,"flow_dst_last_pkt_time":946739861499384,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":576,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":576,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":576,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":946739861499384,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":40675,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00596{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":608,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","packets-captured":608,"packets-processed":488,"total-skipped-flows":0,"total-l4-payload-len":289066,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":245,"total-detection-updates":0,"total-updates":200,"current-active-flows":0,"total-active-flows":245,"total-idle-flows":245,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1661,"global_ts_usec":946739861499384}
00596{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":608,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","packets-captured":608,"packets-processed":488,"total-skipped-flows":0,"total-l4-payload-len":289066,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":245,"total-detection-updates":0,"total-updates":200,"current-active-flows":0,"total-active-flows":245,"total-idle-flows":245,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1533,"global_ts_usec":946739861499384}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 608/488
~~ skipped flows.............: 0
@@ -1671,6 +1543,6 @@
~~ total memory freed........: 6479369 bytes
~~ total allocations/frees...: 124660/124660
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 231 chars
~~ json string min len.......: 330 chars
~~ json string max len.......: 2491 chars
~~ json string avg len.......: 1361 chars
~~ json string avg len.......: 1410 chars

322
test/results/dos_win98_smb_netbeui.pcap.out
View File

@@ -1,20 +1,20 @@
00501{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":3265032704,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
00564{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1576409796586005}
00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409796586005}
00298{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1576409796586005,"packet_id":1,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409796586005}
00369{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_usec":1576409796586005,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAACQAAAAAAAAAAAAAAAAAAAAAATURKUjk4ICAgICAgICAgAw=="}
00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409796586078}
00298{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1576409796586078,"packet_id":2,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409796586078}
00369{"packet_event_id":1,"packet_event_name":"packet","packet_id":2,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_usec":1576409796586005,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAV09SS0dST1VQICAgICAgAA=="}
00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":3,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409796586103}
00298{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":3,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1576409796586103,"packet_id":3,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409796586103}
00369{"packet_event_id":1,"packet_event_name":"packet","packet_id":3,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_usec":1576409796586005,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAABwAAAAAAAAAAAAAAAAAAAAAATURKUjk4ICAgICAgICAgAA=="}
00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":4,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409796605834}
00298{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":4,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1576409796605834,"packet_id":4,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409796605834}
00369{"packet_event_id":1,"packet_event_name":"packet","packet_id":4,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_usec":1576409796586005,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAACgAAAAAAAAAAAAAAAAAAAAAATURKUjk4ICAgICAgICAgIA=="}
00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":5,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409797075407}
00298{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":5,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1576409797075407,"packet_id":5,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409797075407}
00369{"packet_event_id":1,"packet_event_name":"packet","packet_id":5,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_usec":1576409796586005,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAACQAAAAAAAAAAAAAAAAAAAAAATURKUjk4ICAgICAgICAgAw=="}
00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":6,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409797075462}
00298{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":6,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1576409797075462,"packet_id":6,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409797075462}
00369{"packet_event_id":1,"packet_event_name":"packet","packet_id":6,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_usec":1576409796586005,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAV09SS0dST1VQICAgICAgAA=="}
00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":7,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409797075487}
00298{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":7,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1576409797075487,"packet_id":7,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409797075487}
00369{"packet_event_id":1,"packet_event_name":"packet","packet_id":7,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_usec":1576409796586005,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAABwAAAAAAAAAAAAAAAAAAAAAATURKUjk4ICAgICAgICAgAA=="}
00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":8,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409797101878}
00298{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":8,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1576409797101878,"packet_id":8,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409797101878}
00369{"packet_event_id":1,"packet_event_name":"packet","packet_id":8,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_usec":1576409796586005,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAACgAAAAAAAAAAAAAAAAAAAAAATURKUjk4ICAgICAgICAgIA=="}
00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576409797553896,"flow_src_last_pkt_time":1576409797553896,"flow_dst_last_pkt_time":1576409797553896,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1576409797553896,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.2","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1576409797553896,"flow_dst_last_pkt_time":1576409797553896,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1576409797553896,"pkt":"AFBW6YlWAFBWM3ieCABFAABgBwAAAIAR07fAqO+BwKjvAgCJAIkATAvHAAQpAAABAAAAAAABIEVORUVFS0ZDREpESUNBQ0FDQUNBQ0FDQUNBQ0FDQUFEAAAgAAHADAAgAAEABJPgAAYAAMCo74E="}
@@ -24,330 +24,84 @@
00734{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576409798047534,"flow_src_last_pkt_time":1576409798047534,"flow_dst_last_pkt_time":1576409798047534,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1576409798047534,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"224.0.0.2","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3}
00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1576409798047534,"flow_dst_last_pkt_time":1576409798047534,"flow_idle_time":140000000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":8,"thread_ts_usec":1576409798047534,"pkt":"AQBeAAACAFBWM3ieCABFAAAcCwAAAIABn7TAqO+B4AAAAgoA9f8AAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00840{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576409798047534,"flow_src_last_pkt_time":1576409798047534,"flow_dst_last_pkt_time":1576409798047534,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1576409798047534,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"224.0.0.2","l4_proto":"icmp","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":14,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409798642006}
00299{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":9,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1576409798642006,"packet_id":14,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409798642006}
00370{"packet_event_id":1,"packet_event_name":"packet","packet_id":14,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_usec":1576409798047534,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAAAAAAAAFAAAAAAAAAAAAAAAAAAAAAAAV09SS0dST1VQICAgICAgHg=="}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":19,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409799428975}
00300{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":10,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1576409799428975,"packet_id":19,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409799428975}
00370{"packet_event_id":1,"packet_event_name":"packet","packet_id":19,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_usec":1576409799059459,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAAAAAAAAFAAAAAAAAAAAAAAAAAAAAAAAV09SS0dST1VQICAgICAgHg=="}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":20,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409800348591}
00300{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":11,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1576409800348591,"packet_id":20,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409800348591}
00370{"packet_event_id":1,"packet_event_name":"packet","packet_id":20,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_usec":1576409799059459,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAAAAAAAAFAAAAAAAAAAAAAAAAAAAAAAAV09SS0dST1VQICAgICAgHg=="}
00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576409800543745,"flow_src_last_pkt_time":1576409800543745,"flow_dst_last_pkt_time":1576409800543745,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1576409800543745,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1576409800543745,"flow_dst_last_pkt_time":1576409800543745,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1576409800543745,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAABgEAAAAIARybrAqO+BwKjv\/wCJAIkATAq6AAQpEAABAAAAAAABIEVORUVFS0ZDREpESUNBQ0FDQUNBQ0FDQUNBQ0FDQUFEAAAgAAHADAAgAAEABJPgAAYAAMCo74E="}
00900{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576409800543745,"flow_src_last_pkt_time":1576409800543745,"flow_dst_last_pkt_time":1576409800543745,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1576409800543745,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"mdjr98"}}
00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1576409800544216,"flow_dst_last_pkt_time":1576409800543745,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1576409800544216,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAABgEQAAAIARyLrAqO+BwKjv\/wCJAIkATHuvAAIpEAABAAAAAAABIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUFBAAAgAAHADAAgAAEABJPgAAaAAMCo74E="}
00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1576409800544288,"flow_dst_last_pkt_time":1576409800543745,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1576409800544288,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAABgEgAAAIARx7rAqO+BwKjv\/wCJAIkATA22AAgpEAABAAAAAAABIEVORUVFS0ZDREpESUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAHADAAgAAEABJPgAAYAAMCo74E="}
00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":33,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":166,"global_ts_usec":1576409802223804}
00301{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":12,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1576409802223804,"packet_id":33,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":166,"global_ts_usec":1576409802223804}
00528{"packet_event_id":1,"packet_event_name":"packet","packet_id":33,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":180,"pkt_type":166,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":180,"pkt_l4_len":0,"thread_ts_usec":1576409802083383,"pkt":"AwAAAAABAFBWM3ieAKbw8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAdTURKUjk4ICAgICAgICAgAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAIQAAAAAAAAAAAAAAAAAAAAAAAAAhAFYAAwABAAEAAgAyAFxNQUlMU0xPVFxCUk9XU0UAAQNg6gAATURKUjk4AAAAAAAAAAAAAAQAAyBAABUEVaoA"}
00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576409807597015,"flow_src_last_pkt_time":1576409807597015,"flow_dst_last_pkt_time":1576409807597015,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":201,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1576409807597015,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00785{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1576409807597015,"flow_dst_last_pkt_time":1576409807597015,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"thread_ts_usec":1576409807597015,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAADlJAAAAIARtTXAqO+BwKjv\/wCKAIoA0Qn+EQIADMCo74EAigC7AAAgRU5FRUVLRkNESkRJQ0FDQUNBQ0FDQUNBQ0FDQUNBQUEAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAIQAAAAAAAAAAAAAAAAAAAAAAAAAhAFYAAwABAAEAAgAyAFxNQUlMU0xPVFxCUk9XU0UAAQNg6gAATURKUjk4AAAAAAAAAAAAAAQAAyBAABUEVaoA"}
01030{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576409807597015,"flow_src_last_pkt_time":1576409807597015,"flow_dst_last_pkt_time":1576409807597015,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":201,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1576409807597015,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"mdjr98"}}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":43,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_usec":1576409811132208}
00300{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":13,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1576409811132208,"packet_id":43,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_usec":1576409811132208}
00411{"packet_event_id":1,"packet_event_name":"packet","packet_id":43,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_usec":1576409807597015,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":44,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_usec":1576409811517809}
00300{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":14,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1576409811517809,"packet_id":44,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_usec":1576409811517809}
00411{"packet_event_id":1,"packet_event_name":"packet","packet_id":44,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_usec":1576409807597015,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":45,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_usec":1576409811901809}
00300{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":15,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1576409811901809,"packet_id":45,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_usec":1576409811901809}
00411{"packet_event_id":1,"packet_event_name":"packet","packet_id":45,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_usec":1576409807597015,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":46,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_usec":1576409812669822}
00300{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":16,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1576409812669822,"packet_id":46,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_usec":1576409812669822}
00411{"packet_event_id":1,"packet_event_name":"packet","packet_id":46,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_usec":1576409807597015,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":47,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_usec":1576409813829815}
00411{"packet_event_id":1,"packet_event_name":"packet","packet_id":47,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_usec":1576409807597015,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":48,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_usec":1576409815308846}
00411{"packet_event_id":1,"packet_event_name":"packet","packet_id":48,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_usec":1576409807597015,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":49,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_usec":1576409817241324}
00411{"packet_event_id":1,"packet_event_name":"packet","packet_id":49,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_usec":1576409807597015,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":50,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_usec":1576409819547009}
00411{"packet_event_id":1,"packet_event_name":"packet","packet_id":50,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_usec":1576409807597015,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":51,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_usec":1576409822253028}
00411{"packet_event_id":1,"packet_event_name":"packet","packet_id":51,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_usec":1576409807597015,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":52,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_usec":1576409825334722}
00411{"packet_event_id":1,"packet_event_name":"packet","packet_id":52,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_usec":1576409807597015,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":53,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_usec":1576409828857801}
00411{"packet_event_id":1,"packet_event_name":"packet","packet_id":53,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_usec":1576409807597015,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":54,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_usec":1576409832716325}
00411{"packet_event_id":1,"packet_event_name":"packet","packet_id":54,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_usec":1576409807597015,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":55,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_usec":1576409836953806}
00411{"packet_event_id":1,"packet_event_name":"packet","packet_id":55,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_usec":1576409807597015,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":56,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409844797969}
00371{"packet_event_id":1,"packet_event_name":"packet","packet_id":56,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_usec":1576409807597015,"pkt":"AwAAAAABAAwp1HmyAC\/w8AMsAP\/vAQAAAAAAAQACo2haC8B0A+lo+\/82xHHoVEVTVDEgICAgICAgICAgAA=="}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":57,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409844798231}
00371{"packet_event_id":1,"packet_event_name":"packet","packet_id":57,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_usec":1576409807597015,"pkt":"AwAAAAABAAwp1HmyAC\/w8AMsAP\/vAAAAAAAAAgAEuP7\/UOih91uNRuQWUOhaV09SS0dST1VQICAgICAgAA=="}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":58,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409845301797}
00371{"packet_event_id":1,"packet_event_name":"packet","packet_id":58,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_usec":1576409807597015,"pkt":"AwAAAAABAAwp1HmyAC\/w8AMsAP\/vAAAAAAAAAgACo2haC8B0A+lo+\/82xHHoV09SS0dST1VQICAgICAgAA=="}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":59,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409845301935}
00371{"packet_event_id":1,"packet_event_name":"packet","packet_id":59,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_usec":1576409807597015,"pkt":"AwAAAAABAAwp1HmyAC\/w8AMsAP\/vAQAAAAAAAQAEuP7\/UOih91uNRuQWUOhaVEVTVDEgICAgICAgICAgAA=="}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":60,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409845853803}
00371{"packet_event_id":1,"packet_event_name":"packet","packet_id":60,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_usec":1576409807597015,"pkt":"AwAAAAABAAwp1HmyAC\/w8AMsAP\/vAQAAAAAAAQACo2haC8B0A+lo+\/82xHHoVEVTVDEgICAgICAgICAgAA=="}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":61,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409845853922}
00371{"packet_event_id":1,"packet_event_name":"packet","packet_id":61,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_usec":1576409807597015,"pkt":"AwAAAAABAAwp1HmyAC\/w8AMsAP\/vAAAAAAAAAgAEuP7\/UOih91uNRuQWUOhaV09SS0dST1VQICAgICAgAA=="}
00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":62,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":142,"global_ts_usec":1576409846177854}
00496{"packet_event_id":1,"packet_event_name":"packet","packet_id":62,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":156,"pkt_type":142,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":156,"pkt_l4_len":0,"thread_ts_usec":1576409807597015,"pkt":"AwAAAAABAFBWM3ieAI7w8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAdTURKUjk4ICAgICAgICAgIP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAACQAAAAAAAAAAAAAAAAAAAAAAAAAJAFYAAwABAAEAAgAaAFxNQUlMU0xPVFxCUk9XU0UAAgBNREpSOTgA"}
00753{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1576409851581302,"flow_dst_last_pkt_time":1576409807597015,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":219,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":219,"pkt_l4_len":185,"thread_ts_usec":1576409851581302,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAADNJQAAAIARtE3AqO+BwKjv\/wCKAIoAuRxGEQIADsCo74EAigCjAAAgRU5FRUVLRkNESkRJQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0EAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAACQAAAAAAAAAAAAAAAAAAAAAAAAAJAFYAAwABAAEAAgAaAFxNQUlMU0xPVFxCUk9XU0UAAgBNREpSOTgA"}
00881{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":64,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576409798047534,"flow_src_last_pkt_time":1576409798047534,"flow_dst_last_pkt_time":1576409798047534,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1576409851581302,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"224.0.0.2","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00920{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":64,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1576409797553896,"flow_src_last_pkt_time":1576409799059459,"flow_dst_last_pkt_time":1576409797553896,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":544,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1576409851581302,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.2","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
00924{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":64,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":0,"flow_first_seen":1576409800543745,"flow_src_last_pkt_time":1576409805843525,"flow_dst_last_pkt_time":1576409800543745,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1360,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1576409851581302,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":64,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":142,"global_ts_usec":1576409856181279}
00300{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1576409856181279,"packet_id":64,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":142,"global_ts_usec":1576409856181279}
00496{"packet_event_id":1,"packet_event_name":"packet","packet_id":64,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":156,"pkt_type":142,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":156,"pkt_l4_len":0,"thread_ts_usec":1576409851581302,"pkt":"AwAAAAABAFBWM3ieAI7w8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAdTURKUjk4ICAgICAgICAgIP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAACQAAAAAAAAAAAAAAAAAAAAAAAAAJAFYAAwABAAEAAgAaAFxNQUlMU0xPVFxCUk9XU0UAAgBNREpSOTgA"}
00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":65,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":101,"global_ts_usec":1576409859028684}
00300{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1576409859028684,"packet_id":65,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":101,"global_ts_usec":1576409859028684}
00461{"packet_event_id":1,"packet_event_name":"packet","packet_id":65,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":115,"pkt_type":101,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":115,"pkt_l4_len":0,"thread_ts_usec":1576409851581302,"pkt":"\/\/\/\/\/\/\/\/AAwp1HmyAGXg4AP\/\/wBiAAQAAAAA\/\/\/\/\/\/\/\/BVEAAAAAAAwp1HmyBVIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPMBAYBNREpSOTggICAgICAgICAgVEVTVDEgICAgICAgICAgAA=="}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":66,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409859028855}
00299{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":3,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1576409859028855,"packet_id":66,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409859028855}
00370{"packet_event_id":1,"packet_event_name":"packet","packet_id":66,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_usec":1576409851581302,"pkt":"AwAAAAABAAwp1HmyAC\/w8AMsAP\/vCgADAAAAAwBNREpSOTggICAgICAgICAgVEVTVDEgICAgICAgICAgAA=="}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":67,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409859028943}
00299{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":4,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1576409859028943,"packet_id":67,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409859028943}
00370{"packet_event_id":1,"packet_event_name":"packet","packet_id":67,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_usec":1576409851581302,"pkt":"AAwp1HmyAFBWM3ieAC\/w8AMsAP\/vDhcVAAMAFQBURVNUMSAgICAgICAgICAATURKUjk4ICAgICAgICAgIA=="}
00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":68,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":3,"global_ts_usec":1576409859029055}
00298{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":5,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1576409859029055,"packet_id":68,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":3,"global_ts_usec":1576409859029055}
00365{"packet_event_id":1,"packet_event_name":"packet","packet_id":68,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":3,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409851581302,"pkt":"AFBWM3ieAAwp1HmyAAPw8H8sAP\/vAQAAAAAAAQACo2haC8B0A+lo+\/82xHHoVEVTVDEgICAgICAgICAg"}
00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":69,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":3,"global_ts_usec":1576409859029130}
00298{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":6,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1576409859029130,"packet_id":69,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":3,"global_ts_usec":1576409859029130}
00363{"packet_event_id":1,"packet_event_name":"packet","packet_id":69,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":3,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409851581302,"pkt":"AAwp1HmyAFBWM3ieAAPw8XNgDAAAAIARzrfAqO+BwKjvAgCJAIkATA7DAAgpAAABAAAAAAABIEVORUVF"}
00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":70,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_usec":1576409859029275}
00298{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":7,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1576409859029275,"packet_id":70,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_usec":1576409859029275}
00365{"packet_event_id":1,"packet_event_name":"packet","packet_id":70,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409851581302,"pkt":"AFBWM3ieAAwp1HmyAATw8AEBAP\/vAAAAAAAAAgAEuP7\/UOih91uNRuQWUOhaV09SS0dST1VQICAgICAg"}
00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":71,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_usec":1576409859029351}
00298{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":8,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1576409859029351,"packet_id":71,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_usec":1576409859029351}
00363{"packet_event_id":1,"packet_event_name":"packet","packet_id":71,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409851581302,"pkt":"AAwp1HmyAFBWM3ieAATw8QEBDQAAAIARzbfAqO+BwKjvAgCJAIkATHy8AAIpAAABAAAAAAABIEZIRVBG"}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":72,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_usec":1576409859029513}
00299{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":9,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1576409859029513,"packet_id":72,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_usec":1576409859029513}
00366{"packet_event_id":1,"packet_event_name":"packet","packet_id":72,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409851581302,"pkt":"AFBWM3ieAAwp1HmyABLw8AAADgD\/7xmPygUVAAMAFQP\/BVEAAAAAAAwp1HmyBVIAAAAAAAAAAAAAAAAA"}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":73,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_usec":1576409859029589}
00300{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":10,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1576409859029589,"packet_id":73,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_usec":1576409859029589}
00365{"packet_event_id":1,"packet_event_name":"packet","packet_id":73,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409851581302,"pkt":"AAwp1HmyAFBWM3ieABLw8AADDgD\/7xeBvAUDABUAAxXvAgCJAIkATAvHAAQpAAABAAAAAAABIEVORUVF"}
00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":74,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_usec":1576409859029785}
00299{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":11,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1576409859029785,"packet_id":74,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_usec":1576409859029785}
00364{"packet_event_id":1,"packet_event_name":"packet","packet_id":74,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409851581302,"pkt":"AFBWM3ieAAwp1HmyAATw8QEDAP\/vCgADAAAAAwBNREpSOTggICAgICAgICAgVEVTVDEgICAgICAgICAg"}
00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":75,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":160,"global_ts_usec":1576409859029960}
00301{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":12,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1576409859029960,"packet_id":75,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":160,"global_ts_usec":1576409859029960}
00521{"packet_event_id":1,"packet_event_name":"packet","packet_id":75,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":174,"pkt_type":160,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":174,"pkt_l4_len":0,"thread_ts_usec":1576409851581302,"pkt":"AFBWM3ieAAwp1HmyAKDw8AICDgD\/7xYEAAAAAAEAFQP\/U01CcgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyAAAhAABrAAJQQyBORVRXT1JLIFBST0dSQU0gMS4wAAJNSUNST1NPRlQgTkVUV09SS1MgMy4wAAJET1MgTE0xLjJYMDAyAAJET1MgTEFOTUFOMi4xAAJXaW5kb3dzIGZvciBXb3JrZ3JvdXBzIDMuMWEA"}
00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":76,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_usec":1576409859030036}
00299{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":13,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1576409859030036,"packet_id":76,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_usec":1576409859030036}
00363{"packet_event_id":1,"packet_event_name":"packet","packet_id":76,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409851581302,"pkt":"AAwp1HmyAFBWM3ieAATw8QEEDwAAAIARy7fAqO+BwKjvAgCJAIkATA7DAAYpAAABAAAAAAABIEVORUVF"}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":77,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":87,"global_ts_usec":1576409859030103}
00300{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":14,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1576409859030103,"packet_id":77,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":87,"global_ts_usec":1576409859030103}
00425{"packet_event_id":1,"packet_event_name":"packet","packet_id":77,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":101,"pkt_type":87,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":101,"pkt_l4_len":0,"thread_ts_usec":1576409851581302,"pkt":"AAwp1HmyAFBWM3ieAFfw8AIEDgD\/7xYMAAABACgAAxX\/U01CcgAAAACAAAAAAAAAAAAAAAAAAAAAAAAyAAAhAA0EAAIAaAsCAAEAAwAVBQOAsmSPT8T\/AAAAAAgAFQUDgAEb9l0="}
00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":78,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_usec":1576409859030186}
00299{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":15,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1576409859030186,"packet_id":78,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_usec":1576409859030186}
00365{"packet_event_id":1,"packet_event_name":"packet","packet_id":78,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409851581302,"pkt":"AFBWM3ieAAwp1HmyAATw8QEEAP\/vAAAAAAAAAgAEuP7\/UOih91uNRuQWUOhaV09SS0dST1VQICAgICAg"}
00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":79,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":141,"global_ts_usec":1576409859030361}
00301{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":16,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1576409859030361,"packet_id":79,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":141,"global_ts_usec":1576409859030361}
00499{"packet_event_id":1,"packet_event_name":"packet","packet_id":79,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":155,"pkt_type":141,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":155,"pkt_l4_len":0,"thread_ts_usec":1576409851581302,"pkt":"AFBWM3ieAAwp1HmyAI3w8AQEDgD\/7xYMAAAoAAIAFQP\/U01CcwAAAAAQAAAAAAAAAAAAAAAAAAAAAAAyAQAhAAp1AEcAPgYCAAAAFQUDgAEAAAAAABAAAE1BUlRJTiBST1NFTkFVAAT\/AAAAAAAYACkANLVcqnsYd8yVvD05\/JKBnmi3H4Zsvi3FXFxNREpSOThcVEVTVABBOgA="}
00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":80,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_usec":1576409859030433}
00364{"packet_event_id":1,"packet_event_name":"packet","packet_id":80,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409851581302,"pkt":"AAwp1HmyAFBWM3ieAATw8QEGAP\/vAAAAAAAAFAAAAAAAAAAAAAAAAAAAAAAAV09SS0dST1VQICAgICAg"}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":81,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":69,"global_ts_usec":1576409859030536}
00399{"packet_event_id":1,"packet_event_name":"packet","packet_id":81,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":83,"pkt_type":69,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":83,"pkt_l4_len":0,"thread_ts_usec":1576409851581302,"pkt":"AAwp1HmyAFBWM3ieAEXw8AQGDgD\/7xYMAAACACgAAxX\/U01CcwAAAACQAAAAAAAAAAAAAAAAAAAAyAAyAAAhAAN1ACkAAAAAAAL\/AAAAAwBBOgA="}
00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":82,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_usec":1576409859030659}
00364{"packet_event_id":1,"packet_event_name":"packet","packet_id":82,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409851581302,"pkt":"AFBWM3ieAAwp1HmyAATw8QEGAP\/vCgADAAAAAwBNREpSOTggICAgICAgICAgVEVTVDEgICAgICAgICAg"}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":83,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":62,"global_ts_usec":1576409859030799}
00390{"packet_event_id":1,"packet_event_name":"packet","packet_id":83,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":76,"pkt_type":62,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":76,"pkt_l4_len":0,"thread_ts_usec":1576409851581302,"pkt":"AFBWM3ieAAwp1HmyAD7w8AYGDgD\/7xYMAAAoAAMAFQP\/U01CKwAAAAAAAAAAAAAAAAAAAAAAAAAAyAAyAABhAAEBAAcABEhlbGxvAA=="}
00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":84,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_usec":1576409859030872}
00364{"packet_event_id":1,"packet_event_name":"packet","packet_id":84,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409851581302,"pkt":"AAwp1HmyAFBWM3ieAATw8QEIEQAAAIARyLrAqO+BwKjv\/wCJAIkATHuvAAIpEAABAAAAAAABIEZIRVBG"}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":85,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":62,"global_ts_usec":1576409859030925}
00390{"packet_event_id":1,"packet_event_name":"packet","packet_id":85,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":76,"pkt_type":62,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":76,"pkt_l4_len":0,"thread_ts_usec":1576409851581302,"pkt":"AAwp1HmyAFBWM3ieAD7w8AYIDgD\/7xYMAAADACgAAxX\/U01CKwAAAACAAAAAAAAAAAAAAAAAAAAAyAAyAABhAAEBAAcABEhlbGxvAA=="}
00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":86,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_usec":1576409859031027}
00365{"packet_event_id":1,"packet_event_name":"packet","packet_id":86,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409851581302,"pkt":"AFBWM3ieAAwp1HmyAATw8QEIAP\/vAAAAAAAAAgAEuP7\/UOih91uNRuQWUOhaV09SS0dST1VQICAgICAg"}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":87,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_usec":1576409859141343}
00366{"packet_event_id":1,"packet_event_name":"packet","packet_id":87,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409851581302,"pkt":"AFBWM3ieAAwp1HmyABLw8AgJDgD\/7xQAAAAoAAAAFQP\/U01CcwAAAAAQAAAAAAAAAAAAAAAAAAAAAAAy"}
00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":88,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_usec":1576409859141465}
00364{"packet_event_id":1,"packet_event_name":"packet","packet_id":88,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409851581302,"pkt":"AAwp1HmyAFBWM3ieAATw8QELEwAAAIARxrrAqO+BwKjv\/wCJAIkATA22AAYpEAABAAAAAAABIEVORUVF"}
00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":89,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":101,"global_ts_usec":1576409859529509}
00461{"packet_event_id":1,"packet_event_name":"packet","packet_id":89,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":115,"pkt_type":101,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":115,"pkt_l4_len":0,"thread_ts_usec":1576409851581302,"pkt":"\/\/\/\/\/\/\/\/AAwp1HmyAGXg4AP\/\/wBiABQAAAAA\/\/\/\/\/\/\/\/BVEAAAAAAAwp1HmyBVIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPMBAYBNREpSOTggICAgICAgICAgVEVTVDEgICAgICAgICAgAA=="}
00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":90,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":101,"global_ts_usec":1576409860077840}
00461{"packet_event_id":1,"packet_event_name":"packet","packet_id":90,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":115,"pkt_type":101,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":115,"pkt_l4_len":0,"thread_ts_usec":1576409851581302,"pkt":"\/\/\/\/\/\/\/\/AAwp1HmyAGXg4AP\/\/wBiABQAAAAA\/\/\/\/\/\/\/\/BVEAAAAAAAwp1HmyBVIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPMBAYBNREpSOTggICAgICAgICAgVEVTVDEgICAgICAgICAgAA=="}
00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":91,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":101,"global_ts_usec":1576409860625807}
00461{"packet_event_id":1,"packet_event_name":"packet","packet_id":91,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":115,"pkt_type":101,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":115,"pkt_l4_len":0,"thread_ts_usec":1576409851581302,"pkt":"\/\/\/\/\/\/\/\/AAwp1HmyAGXg4AP\/\/wBiABQAAAAA\/\/\/\/\/\/\/\/BVEAAAAAAAwp1HmyBVIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPMBAYBNREpSOTggICAgICAgICAgVEVTVDEgICAgICAgICAgAA=="}
00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":92,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":101,"global_ts_usec":1576409861175103}
00461{"packet_event_id":1,"packet_event_name":"packet","packet_id":92,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":115,"pkt_type":101,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":115,"pkt_l4_len":0,"thread_ts_usec":1576409851581302,"pkt":"\/\/\/\/\/\/\/\/AAwp1HmyAGXg4AP\/\/wBiABQAAAAA\/\/\/\/\/\/\/\/BVEAAAAAAAwp1HmyBVIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPMBAYBNREpSOTggICAgICAgICAgVEVTVDEgICAgICAgICAgAA=="}
00753{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1576409861597261,"flow_dst_last_pkt_time":1576409807597015,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":219,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":219,"pkt_l4_len":185,"thread_ts_usec":1576409861597261,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAADNJgAAAIARs03AqO+BwKjv\/wCKAIoAuRxEEQIAEMCo74EAigCjAAAgRU5FRUVLRkNESkRJQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0EAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAACQAAAAAAAAAAAAAAAAAAAAAAAAAJAFYAAwABAAEAAgAaAFxNQUlMU0xPVFxCUk9XU0UAAgBNREpSOTgA"}
00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":94,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":166,"global_ts_usec":1576409862195835}
00528{"packet_event_id":1,"packet_event_name":"packet","packet_id":94,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":180,"pkt_type":166,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":180,"pkt_l4_len":0,"thread_ts_usec":1576409861597261,"pkt":"AwAAAAABAFBWM3ieAKbw8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAdTURKUjk4ICAgICAgICAgAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAIQAAAAAAAAAAAAAAAAAAAAAAAAAhAFYAAwABAAEAAgAyAFxNQUlMU0xPVFxCUk9XU0UAAQRg6gAATURKUjk4AAAAAAAAAAAAAAQAAyBBABUEVaoA"}
01051{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":95,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1576409807597015,"flow_src_last_pkt_time":1576409861597261,"flow_dst_last_pkt_time":1576409807597015,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":177,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":555,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1576409861597261,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","encrypted":0,"breed":"Dangerous","category_id":18,"category":"System"}}
00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":95,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":142,"global_ts_usec":1576409866206390}
00496{"packet_event_id":1,"packet_event_name":"packet","packet_id":95,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":156,"pkt_type":142,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":156,"pkt_l4_len":0,"thread_ts_usec":1576409861597261,"pkt":"AwAAAAABAFBWM3ieAI7w8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAdTURKUjk4ICAgICAgICAgIP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAACQAAAAAAAAAAAAAAAAAAAAAAAAAJAFYAAwABAAEAAgAaAFxNQUlMU0xPVFxCUk9XU0UAAgBNREpSOTgA"}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":97,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":75,"global_ts_usec":1576409868734666}
00410{"packet_event_id":1,"packet_event_name":"packet","packet_id":97,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":89,"pkt_type":75,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":89,"pkt_l4_len":0,"thread_ts_usec":1576409867606753,"pkt":"AFBWM3ieAAwp1HmyAEvw8AoIDgD\/7xYEAAAAAAQAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAACBAAIUAAgAEgAEXD8\/Pz8\/Pz8\/Lj8\/PwAFAAA="}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":98,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_usec":1576409868734893}
00378{"packet_event_id":1,"packet_event_name":"packet","packet_id":98,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"thread_ts_usec":1576409867606753,"pkt":"AAwp1HmyAFBWM3ieADXw8AgMDgD\/7xYMAAAEACgAAxX\/U01CgQEAEgCAAAAAAAAAAAAAAAAAAAAAyHUFAACBAAAAAA=="}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":99,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":62,"global_ts_usec":1576409868736028}
00390{"packet_event_id":1,"packet_event_name":"packet","packet_id":99,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":76,"pkt_type":62,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":76,"pkt_l4_len":0,"thread_ts_usec":1576409867606753,"pkt":"AFBWM3ieAAwp1HmyAD7w8AwKDgD\/7xYMAAAoAAUAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAAChAAIUAAAABQAEAAUAAA=="}
00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":100,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_usec":1576409868736118}
00379{"packet_event_id":1,"packet_event_name":"packet","packet_id":100,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"thread_ts_usec":1576409867606753,"pkt":"AAwp1HmyAFBWM3ieADXw8AoODgD\/7xYMAAAFACgAAxX\/U01CgQEAEgCAAAAAAAAAAAAAAAAAAAAAyHUFAAChAAAAAA=="}
00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":101,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":75,"global_ts_usec":1576409868736262}
00411{"packet_event_id":1,"packet_event_name":"packet","packet_id":101,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":89,"pkt_type":75,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":89,"pkt_l4_len":0,"thread_ts_usec":1576409867606753,"pkt":"AFBWM3ieAAwp1HmyAEvw8A4MDgD\/7xYMAAAoAAYAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAADBAAIUABYAEgAEXD8\/Pz8\/Pz8\/Lj8\/PwAFAAA="}
00201{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":102,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":144,"global_ts_usec":1576409868736631}
00510{"packet_event_id":1,"packet_event_name":"packet","packet_id":102,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":158,"pkt_type":144,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":158,"pkt_l4_len":0,"thread_ts_usec":1576409867606753,"pkt":"AAwp1HmyAFBWM3ieAJDw8AwQDgD\/7xYMAAAGACgAAxX\/U01CgQAAAACAAAAAAAAAAAAAAAAAAAAAyHUFAADBAAECAFkABVYAgz8\/Pz8\/Pz8\/Pz8\/FgAAAQAAAAAAECpjj08AAAAALgAgICAgICAAAAAAAIM\/Pz8\/Pz8\/Pz8\/PxYBAAEAAAAAABAqY49PAAAAAC4uACAgICAgAAAAAAA="}
00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":103,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":83,"global_ts_usec":1576409868739983}
00423{"packet_event_id":1,"packet_event_name":"packet","packet_id":103,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":97,"pkt_type":83,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":97,"pkt_l4_len":0,"thread_ts_usec":1576409867606753,"pkt":"AFBWM3ieAAwp1HmyAFPw8BAODgD\/7xYMAAAoAAcAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAADhAAIUAAAAGgAEAAUVAIM\/Pz8\/Pz8\/Pz8\/PxYBAAEAgwAAAQ=="}
00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":104,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_usec":1576409868740173}
00379{"packet_event_id":1,"packet_event_name":"packet","packet_id":104,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"thread_ts_usec":1576409867606753,"pkt":"AAwp1HmyAFBWM3ieADXw8A4SDgD\/7xYMAAAHACgAAxX\/U01CgQEAEgCAAAAAAAAAAAAAAAAAAAAAyHUFAADhAAAAAA=="}
00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":105,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_usec":1576409868742285}
00379{"packet_event_id":1,"packet_event_name":"packet","packet_id":105,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"thread_ts_usec":1576409867606753,"pkt":"AFBWM3ieAAwp1HmyADXw8BIQDgD\/7xYMAAAoAAgAFQP\/U01CgAAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAAABAQAAAA=="}
00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":106,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":63,"global_ts_usec":1576409868742459}
00393{"packet_event_id":1,"packet_event_name":"packet","packet_id":106,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":77,"pkt_type":63,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":77,"pkt_l4_len":0,"thread_ts_usec":1576409867606753,"pkt":"AAwp1HmyAFBWM3ieAD\/w8BAUDgD\/7xYMAAAIACgAAxX\/U01CgAAAAACAAAAAAAAAAAAAAAAAAAAAyHUFAAABAQVq\/wABAAJ2+AAAAAA="}
00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":107,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_usec":1576409868821798}
00367{"packet_event_id":1,"packet_event_name":"packet","packet_id":107,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409867606753,"pkt":"AFBWM3ieAAwp1HmyABLw8BQTDgD\/7xQAAAAoAAAAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUF"}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":108,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_usec":1576409868821909}
00365{"packet_event_id":1,"packet_event_name":"packet","packet_id":108,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409867606753,"pkt":"AAwp1HmyAFBWM3ieAATw8QEXHAAAAIARvbrAqO+BwKjv\/wCJAIkATA62AAgoEAABAAAAAAABIEVORUVF"}
00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":110,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":93,"global_ts_usec":1576409872653497}
00435{"packet_event_id":1,"packet_event_name":"packet","packet_id":110,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":107,"pkt_type":93,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":107,"pkt_l4_len":0,"thread_ts_usec":1576409871610878,"pkt":"AFBWM3ieAAwp1HmyAF3w8BYSDgD\/7xYEAAAAAAkAFQP\/U01CLQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAAAhAQ\/\/AAAABwACABYAIAAeKfZdEgAAAAAAAAAAAAAAAAAKAFxURVNULlRYVAA="}
00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":111,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":83,"global_ts_usec":1576409872653693}
00421{"packet_event_id":1,"packet_event_name":"packet","packet_id":111,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":97,"pkt_type":83,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":97,"pkt_l4_len":0,"thread_ts_usec":1576409871610878,"pkt":"AAwp1HmyAFBWM3ieAFPw8BIYDgD\/7xYMAAAJACgAAxX\/U01CLQAAAACAAAAAAAAAAAAAAAAAAAAAyHUFAAAhAQ\/\/AAAAAAAgAB4p9l0AAAAAAgAAAAAAAgAAAAAAAAAAAA=="}
00202{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":112,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":1190,"global_ts_usec":1576409872682866}
01901{"packet_event_id":1,"packet_event_name":"packet","packet_id":112,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1204,"pkt_type":1190,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1204,"pkt_l4_len":0,"thread_ts_usec":1576409871610878,"pkt":"AFBWM3ieAAwp1HmyBKbw8BgUDgD\/7xYMAAAoAAoAFQP\/U01CCwAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAABBAQUAAGQEAAAAAGQEZwQBZAQNCiBWb2x1bWUgaW4gZHJpdmUgQyBpcyBNU0RPUyAgICAgIA0KIFZvbHVtZSBTZXJpYWwgTnVtYmVyIGlzIDQwMzEtMEZFMA0KIERpcmVjdG9yeSBvZiBDOlwNCg0KQ09NTUFORCAgQ09NICAgICAgICA1NC42NDUgMzEuMDUuOTQgICAgNjoyMg0KV0lORE9XUyAgICAgIDxESVI+ICAgICAgICAgMjYuMTEuMTMgICAgODozNw0KV0lOQTIwICAgMzg2ICAgICAgICAgOS4zNDkgMzEuMDUuOTQgICAgNjoyMg0KVEVNUCAgICAgICAgIDxESVI+ICAgICAgICAgMjYuMTEuMTMgICAgODowNA0KVE9PTFMgICAgICAgIDxESVI+ICAgICAgICAgMjYuMTEuMTMgICAgODowNQ0KRE9TICAgICAgICAgIDxESVI+ICAgICAgICAgMjYuMTEuMTMgICAgODowNQ0KQVVUT0VYRUMgTkVUICAgICAgICAgICAxNjkgMTMuMTIuMTkgICAgNjo1MA0KTk9WRUxMICAgICAgIDxESVI+ICAgICAgICAgMTQuMTIuMTkgICAyMTozOQ0KTkVUICAgICAgICAgIDxESVI+ICAgICAgICAgMDcuMTAuMTkgICAyMjoxMg0KQ09ORklHICAgV0lOICAgICAgICAgICAyNzggMDcuMTAuMTkgICAyMjoxMw0KQVVUT0VYRUMgV0lOICAgICAgICAgICAyNDEgMDcuMTAuMTkgICAyMjoxMw0KQVVUT0VYRUMgQkFUICAgICAgICAgICAxNjkgMTUuMTIuMTkgICAxMDo0NQ0KQVVUT0VYRUMgT0xEICAgICAgICAgICAyNDEgMDcuMTAuMTkgICAyMjoxMw0KQ09ORklHICAgTkVUICAgICAgICAgICAxMzQgMTMuMTIuMTkgICAgNjo1MA0KQVVUT0VYRUMgTk9WICAgICAgICAgICAzMDkgMTQuMTIuMTkgICAyMTozOQ0KQ09ORklHICAgTk9WICAgICAgICAgICAyODAgMTQuMTIuMTkgICAyMTozOQ0KQ09ORklHICAgT0xEICAgICAgICAgICAyNzggMDcuMTAuMTkgICAyMjoxMw0KTkJJSFcgICAgQ0ZHICAgICAgICAgICAzODggMTUuMTIuMTkgICAxMDoxOA0KQ09ORklHICAgMDAxICAgICAgICAgICAxMzQgMTUuMTIuMTkgICAxMDo0NQ0KQVVUT0VYRUMgMDAxICAgICAgICAgICAxNjkgMTUuMTIuMTkgICAxMDo0NQ0KQ09ORklHICAgU1lTICAgICAgICAgICAxMzQgMTUuMTIuMTkgICAxMDo0NQ0KICAgICAgIDIxIGZpbGUocykgICAgICAgICA2Ni45MTggYnl0ZXMNCiAgICAgICAgICAgICAgICAgICAgIDE1Mi44NTQuNTI4IGJ5dGVzIGZyZWUNCg=="}
00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":113,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":55,"global_ts_usec":1576409872683060}
00379{"packet_event_id":1,"packet_event_name":"packet","packet_id":113,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":69,"pkt_type":55,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":69,"pkt_l4_len":0,"thread_ts_usec":1576409871610878,"pkt":"AAwp1HmyAFBWM3ieADfw8BQaDgD\/7xYMAAAKACgAAxX\/U01CCwAAAACAAAAAAAAAAAAAAAAAAAAAyHUFAABBAQFkBAAA"}
00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":114,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":59,"global_ts_usec":1576409872683183}
00387{"packet_event_id":1,"packet_event_name":"packet","packet_id":114,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":73,"pkt_type":59,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":73,"pkt_l4_len":0,"thread_ts_usec":1576409871610878,"pkt":"AFBWM3ieAAwp1HmyADvw8BoWDgD\/7xYMAAAoAAsAFQP\/U01CBAAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAABhAQMAAB4p9l0AAA=="}
00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":115,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_usec":1576409872683292}
00379{"packet_event_id":1,"packet_event_name":"packet","packet_id":115,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"thread_ts_usec":1576409871610878,"pkt":"AAwp1HmyAFBWM3ieADXw8BYcDgD\/7xYMAAALACgAAxX\/U01CBAAAAACAAAAAAAAAAAAAAAAAAAAAyHUFAABhAQAAAA=="}
00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":116,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_usec":1576409872793837}
00367{"packet_event_id":1,"packet_event_name":"packet","packet_id":116,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409871610878,"pkt":"AFBWM3ieAAwp1HmyABLw8BwYDgD\/7xQAAAAoAAAAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUF"}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":117,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_usec":1576409873117808}
00365{"packet_event_id":1,"packet_event_name":"packet","packet_id":117,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409871610878,"pkt":"AAwp1HmyAFBWM3ieAATw8QEeIQAAAIARuLrAqO+BwKjv\/wCJAIkATG2mAAopEAABAAAAAAABIEZIRVBG"}
00201{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":118,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":142,"global_ts_usec":1576409876181879}
00497{"packet_event_id":1,"packet_event_name":"packet","packet_id":118,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":156,"pkt_type":142,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":156,"pkt_l4_len":0,"thread_ts_usec":1576409871610878,"pkt":"AwAAAAABAFBWM3ieAI7w8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAdTURKUjk4ICAgICAgICAgIP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAACQAAAAAAAAAAAAAAAAAAAAAAAAAJAFYAAwABAAEAAgAaAFxNQUlMU0xPVFxCUk9XU0UAAgBNREpSOTgA"}
00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":119,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":93,"global_ts_usec":1576409876669832}
00435{"packet_event_id":1,"packet_event_name":"packet","packet_id":119,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":107,"pkt_type":93,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":107,"pkt_l4_len":0,"thread_ts_usec":1576409871610878,"pkt":"AFBWM3ieAAwp1HmyAF3w8B4YDgD\/7xYEAAAAAAwAFQP\/U01CLQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAACBAQ\/\/AAAABwAAABYAAAAiKfZdAQAAAAAAAAAAAAAAAAAKAFxURVNULlRYVAA="}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":120,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_usec":1576409876669999}
00365{"packet_event_id":1,"packet_event_name":"packet","packet_id":120,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409871610878,"pkt":"AAwp1HmyAFBWM3ieAATw8QEgIwAAAIARtrrAqO+BwKjv\/wCJAIkATG6mAAooEAABAAAAAAABIEZIRVBG"}
00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":121,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":83,"global_ts_usec":1576409876670119}
00421{"packet_event_id":1,"packet_event_name":"packet","packet_id":121,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":97,"pkt_type":83,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":97,"pkt_l4_len":0,"thread_ts_usec":1576409871610878,"pkt":"AAwp1HmyAFBWM3ieAFPw8BggDgD\/7xYMAAAMACgAAxX\/U01CLQAAAACAAAAAAAAAAAAAAAAAAAAAyHUFAACBAQ\/\/AAAAAQAgAB4p9l1kBAAAAAAAAAAAAQAAAAAAAAAAAA=="}
00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":122,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":59,"global_ts_usec":1576409876703380}
00391{"packet_event_id":1,"packet_event_name":"packet","packet_id":122,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":73,"pkt_type":59,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":73,"pkt_l4_len":0,"thread_ts_usec":1576409871610878,"pkt":"AFBWM3ieAAwp1HmyADvw8CAaDgD\/7xYMAAAoAA0AFQP\/U01CBAAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAAChAQMBAP\/\/\/\/8AAA=="}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":123,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_usec":1576409876703521}
00365{"packet_event_id":1,"packet_event_name":"packet","packet_id":123,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409871610878,"pkt":"AAwp1HmyAFBWM3ieAATw8QEiAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAdTURKUjk4ICAgICAgICAg"}
00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":124,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_usec":1576409876703601}
00379{"packet_event_id":1,"packet_event_name":"packet","packet_id":124,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"thread_ts_usec":1576409871610878,"pkt":"AAwp1HmyAFBWM3ieADXw8BoiDgD\/7xYMAAANACgAAxX\/U01CBAAAAACAAAAAAAAAAAAAAAAAAAAAyHUFAAChAQAAAA=="}
00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":125,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_usec":1576409876764250}
00367{"packet_event_id":1,"packet_event_name":"packet","packet_id":125,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409871610878,"pkt":"AFBWM3ieAAwp1HmyABLw8CIcDgD\/7xQAAAAoAAAAFQP\/U01CBAAAAAAAAAAAAAAAAAAAAAAAAAAAyHUF"}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":126,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_usec":1576409876771024}
00365{"packet_event_id":1,"packet_event_name":"packet","packet_id":126,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409871610878,"pkt":"AAwp1HmyAFBWM3ieAATw8QEkAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAdTURKUjk4ICAgICAgICAg"}
00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":128,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":64,"global_ts_usec":1576409882997566}
00391{"packet_event_id":1,"packet_event_name":"packet","packet_id":128,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":78,"pkt_type":64,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":78,"pkt_l4_len":0,"thread_ts_usec":1576409881580957,"pkt":"AFBWM3ieAAwp1HmyAEDw8CQcDgD\/7xYEAAAAAA4AFQP\/U01CEAAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAADBAQALAARcVEVTVC5UWFQA"}
00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":129,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_usec":1576409882997752}
00379{"packet_event_id":1,"packet_event_name":"packet","packet_id":129,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"thread_ts_usec":1576409881580957,"pkt":"AAwp1HmyAFBWM3ieADXw8BwmDgD\/7xYMAAAOACgAAxX\/U01CEAEAAwCAAAAAAAAAAAAAAAAAAAAAyHUFAADBAQAAAA=="}
00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":130,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":66,"global_ts_usec":1576409882997898}
00395{"packet_event_id":1,"packet_event_name":"packet","packet_id":130,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":80,"pkt_type":66,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":80,"pkt_l4_len":0,"thread_ts_usec":1576409881580957,"pkt":"AFBWM3ieAAwp1HmyAELw8CYeDgD\/7xYMAAAoAA8AFQP\/U01CBgAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAADhAQEAAAsABFxURVNULlRYVAA="}
00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":131,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_usec":1576409882997999}
00379{"packet_event_id":1,"packet_event_name":"packet","packet_id":131,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"thread_ts_usec":1576409881580957,"pkt":"AAwp1HmyAFBWM3ieADXw8B4oDgD\/7xYMAAAPACgAAxX\/U01CBgAAAACAAAAAAAAAAAAAAAAAAAAAyHUFAADhAQAAAA=="}
00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":132,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_usec":1576409883083853}
00367{"packet_event_id":1,"packet_event_name":"packet","packet_id":132,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409881580957,"pkt":"AFBWM3ieAAwp1HmyABLw8CggDgD\/7xQAAAAoAAAAFQP\/U01CBAAAAAAAAAAAAAAAAAAAAAAAAAAAyHUF"}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":133,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_usec":1576409883461819}
00365{"packet_event_id":1,"packet_event_name":"packet","packet_id":133,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409881580957,"pkt":"AAwp1HmyAFBWM3ieAATw8QEqDgD\/7xeBvAUDABUAAxXvAgCJAIkATAvHAAQpAAABAAAAAAABIEVORUVF"}
00201{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":134,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":154,"global_ts_usec":1576409886201847}
00513{"packet_event_id":1,"packet_event_name":"packet","packet_id":134,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":168,"pkt_type":154,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":168,"pkt_l4_len":0,"thread_ts_usec":1576409881580957,"pkt":"AwAAAAABAFBWM3ieAJrw8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAeTURKUjk4ICAgICAgICAgIP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAFQAAAAAAAAAAAAAAAAAAAAAAAAAVAFYAAwABAAEAAgAmAFxNQUlMU0xPVFxCUk9XU0UACAEAAAAAAAAAAAAAAABNREpSOTgA"}
00201{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":135,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":154,"global_ts_usec":1576409888477823}
00513{"packet_event_id":1,"packet_event_name":"packet","packet_id":135,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":168,"pkt_type":154,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":168,"pkt_l4_len":0,"thread_ts_usec":1576409881580957,"pkt":"AwAAAAABAFBWM3ieAJrw8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAeTURKUjk4ICAgICAgICAgIP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAFQAAAAAAAAAAAAAAAAAAAAAAAAAVAFYAAwABAAEAAgAmAFxNQUlMU0xPVFxCUk9XU0UACAEAFQQBfIgBAAAAAABNREpSOTgA"}
00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":136,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_usec":1576409888973798}
00367{"packet_event_id":1,"packet_event_name":"packet","packet_id":136,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409881580957,"pkt":"AFBWM3ieAAwp1HmyABLw8CogDgD\/7x8AAAAAAAAAFQP\/U01CBAAAAAAAAAAAAAAAAAAAAAAAAAAAyHUF"}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":137,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_usec":1576409888973922}
00365{"packet_event_id":1,"packet_event_name":"packet","packet_id":137,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409881580957,"pkt":"AAwp1HmyAFBWM3ieAATw8QEsAP\/vAAAAAAAAFAAAAAAAAAAAAAAAAAAAAAAAV09SS0dST1VQICAgICAg"}
00201{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":138,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":154,"global_ts_usec":1576409889485899}
00513{"packet_event_id":1,"packet_event_name":"packet","packet_id":138,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":168,"pkt_type":154,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":168,"pkt_l4_len":0,"thread_ts_usec":1576409881580957,"pkt":"AwAAAAABAFBWM3ieAJrw8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAeTURKUjk4ICAgICAgICAgIP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAFQAAAAAAAAAAAAAAAAAAAAAAAAAVAFYAAwABAAEAAgAmAFxNQUlMU0xPVFxCUk9XU0UACAEAFQQBfIgBAAAAAABNREpSOTgA"}
00201{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":139,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":154,"global_ts_usec":1576409890489826}
00513{"packet_event_id":1,"packet_event_name":"packet","packet_id":139,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":168,"pkt_type":154,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":168,"pkt_l4_len":0,"thread_ts_usec":1576409881580957,"pkt":"AwAAAAABAFBWM3ieAJrw8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAeTURKUjk4ICAgICAgICAgIP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAFQAAAAAAAAAAAAAAAAAAAAAAAAAVAFYAAwABAAEAAgAmAFxNQUlMU0xPVFxCUk9XU0UACAEAFQQBfIgBAAAAAABNREpSOTgA"}
00201{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":140,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":154,"global_ts_usec":1576409891489903}
00513{"packet_event_id":1,"packet_event_name":"packet","packet_id":140,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":168,"pkt_type":154,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":168,"pkt_l4_len":0,"thread_ts_usec":1576409881580957,"pkt":"AwAAAAABAFBWM3ieAJrw8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAeTURKUjk4ICAgICAgICAgIP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAFQAAAAAAAAAAAAAAAAAAAAAAAAAVAFYAAwABAAEAAgAmAFxNQUlMU0xPVFxCUk9XU0UACAEAFQQBfIgBAAAAAABNREpSOTgA"}
00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":142,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409892489826}
00371{"packet_event_id":1,"packet_event_name":"packet","packet_id":142,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_usec":1576409891609903,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAAFwAAAAAAAAAAAAAAAAAAAAAAV09SS0dST1VQICAgICAgHQ=="}
00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":143,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409893317826}
00371{"packet_event_id":1,"packet_event_name":"packet","packet_id":143,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_usec":1576409891609903,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAAFwAAAAAAAAAAAAAAAAAAAAAAV09SS0dST1VQICAgICAgHQ=="}
00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":145,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409894273832}
00371{"packet_event_id":1,"packet_event_name":"packet","packet_id":145,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_usec":1576409893769840,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAAFwAAAAAAAAAAAAAAAAAAAAAAV09SS0dST1VQICAgICAgHQ=="}
00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":147,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409895177868}
00371{"packet_event_id":1,"packet_event_name":"packet","packet_id":147,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_usec":1576409894785830,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAAAAAAAAGABXT1JLR1JPVVAgICAgICAdAQJfX01TQlJPV1NFX18CAQ=="}
00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":149,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409895982740}
00371{"packet_event_id":1,"packet_event_name":"packet","packet_id":149,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_usec":1576409895741945,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAAAAAAAAGABXT1JLR1JPVVAgICAgICAdAQJfX01TQlJPV1NFX18CAQ=="}
00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":151,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409896865840}
00371{"packet_event_id":1,"packet_event_name":"packet","packet_id":151,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_usec":1576409896749822,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAAAAAAAAGAAAAAAAAAAAAAAAAAAAAAAAAQJfX01TQlJPV1NFX18CAQ=="}
00201{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":152,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":142,"global_ts_usec":1576409897721870}
00497{"packet_event_id":1,"packet_event_name":"packet","packet_id":152,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":156,"pkt_type":142,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":156,"pkt_l4_len":0,"thread_ts_usec":1576409896749822,"pkt":"AwAAAAABAFBWM3ieAI7w8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAeTURKUjk4ICAgICAgICAgIP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAACQAAAAAAAAAAAAAAAAAAAAAAAAAJAFYAAwABAAEAAgAaAFxNQUlMU0xPVFxCUk9XU0UAAgBNREpSOTgA"}
00201{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":153,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":142,"global_ts_usec":1576409897722007}
00497{"packet_event_id":1,"packet_event_name":"packet","packet_id":153,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":156,"pkt_type":142,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":156,"pkt_l4_len":0,"thread_ts_usec":1576409896749822,"pkt":"AwAAAAABAFBWM3ieAI7w8AMsAP\/vCAAAAAAAAAABAl9fTVNCUk9XU0VfXwIBTURKUjk4ICAgICAgICAgIP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAACQAAAAAAAAAAAAAAAAAAAAAAAAAJAFYAAwABAAEAAgAaAFxNQUlMU0xPVFxCUk9XU0UAAgBNREpSOTgA"}
00201{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":155,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":166,"global_ts_usec":1576409897781873}
00529{"packet_event_id":1,"packet_event_name":"packet","packet_id":155,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":180,"pkt_type":166,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":180,"pkt_l4_len":0,"thread_ts_usec":1576409897749849,"pkt":"AwAAAAABAFBWM3ieAKbw8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAeTURKUjk4ICAgICAgICAgAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAIQAAAAAAAAAAAAAAAAAAAAAAAAAhAFYAAwABAAEAAgAyAFxNQUlMU0xPVFxCUk9XU0UADwXA1AEATURKUjk4AAAAAAAAAAAAAAQAAyBFABUEVaoA"}
00882{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":156,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576409798047534,"flow_src_last_pkt_time":1576409798047534,"flow_dst_last_pkt_time":1576409798047534,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1576409897749849,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"224.0.0.2","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00921{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":156,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1576409797553896,"flow_src_last_pkt_time":1576409897749849,"flow_dst_last_pkt_time":1576409797553896,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":612,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1576409897749849,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.2","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
00925{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":156,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":0,"flow_first_seen":1576409800543745,"flow_src_last_pkt_time":1576409805843525,"flow_dst_last_pkt_time":1576409800543745,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1360,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1576409897749849,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":156,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":60,"global_ts_usec":1576409898877607}
00387{"packet_event_id":1,"packet_event_name":"packet","packet_id":156,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":74,"pkt_type":60,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":74,"pkt_l4_len":0,"thread_ts_usec":1576409897749849,"pkt":"AFBWM3ieAAwp1HmyADzw8CwgDgD\/7xYEAAAAABAAFQP\/U01CAAAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAAABAgAHAARcVEVTVAA="}
00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":157,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_usec":1576409898877844}
00379{"packet_event_id":1,"packet_event_name":"packet","packet_id":157,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"thread_ts_usec":1576409897749849,"pkt":"AAwp1HmyAFBWM3ieADXw8CAuDgD\/7xYMAAAQACgAAxX\/U01CAAAAAACAAAAAAAAAAAAAAAAAAAAAyHUFAAABAgAAAA=="}
00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":158,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_usec":1576409898941801}
00367{"packet_event_id":1,"packet_event_name":"packet","packet_id":158,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409897749849,"pkt":"AFBWM3ieAAwp1HmyABLw8C4iDgD\/7xQAAAAoAAAAFQP\/U01CBgAAAAAAAAAAAAAAAAAAAAAAAAAAyHUF"}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":160,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_usec":1576409899293810}
00365{"packet_event_id":1,"packet_event_name":"packet","packet_id":160,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409899251619,"pkt":"AAwp1HmyAFBWM3ieAATw8QEwIwAAAIARtrrAqO+BwKjv\/wCJAIkATG6mAAooEAABAAAAAAABIEZIRVBG"}
00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":164,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":75,"global_ts_usec":1576409903670409}
00411{"packet_event_id":1,"packet_event_name":"packet","packet_id":164,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":89,"pkt_type":75,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":89,"pkt_l4_len":0,"thread_ts_usec":1576409903041832,"pkt":"AFBWM3ieAAwp1HmyAEvw8DAiDgD\/7xYEAAAAABEAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAAAhAgIUAAgAEgAEXD8\/Pz8\/Pz8\/Lj8\/PwAFAAA="}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":165,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_usec":1576409903670550}
00365{"packet_event_id":1,"packet_event_name":"packet","packet_id":165,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409903041832,"pkt":"AAwp1HmyAFBWM3ieAATw8QEyAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAdTURKUjk4ICAgICAgICAg"}
00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":166,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_usec":1576409903670651}
00379{"packet_event_id":1,"packet_event_name":"packet","packet_id":166,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"thread_ts_usec":1576409903041832,"pkt":"AAwp1HmyAFBWM3ieADXw8CIyDgD\/7xYMAAARACgAAxX\/U01CgQEAEgCAAAAAAAAAAAAAAAAAAAAAyHUFAAAhAgAAAA=="}
00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":167,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":62,"global_ts_usec":1576409903671761}
00391{"packet_event_id":1,"packet_event_name":"packet","packet_id":167,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":76,"pkt_type":62,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":76,"pkt_l4_len":0,"thread_ts_usec":1576409903041832,"pkt":"AFBWM3ieAAwp1HmyAD7w8DIkDgD\/7xYMAAAoABIAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAABBAgIUAAAABQAEAAUAAA=="}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":168,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_usec":1576409903671851}
00366{"packet_event_id":1,"packet_event_name":"packet","packet_id":168,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409903041832,"pkt":"AAwp1HmyAFBWM3ieAATw8QE0DgD\/7xYMAAAOACgAAxX\/U01CEAEAAwCAAAAAAAAAAAAAAAAAAAAAyHUF"}
00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":169,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_usec":1576409903671904}
00379{"packet_event_id":1,"packet_event_name":"packet","packet_id":169,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"thread_ts_usec":1576409903041832,"pkt":"AAwp1HmyAFBWM3ieADXw8CQ0DgD\/7xYMAAASACgAAxX\/U01CgQEAEgCAAAAAAAAAAAAAAAAAAAAAyHUFAABBAgAAAA=="}
00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":170,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":75,"global_ts_usec":1576409903672058}
00411{"packet_event_id":1,"packet_event_name":"packet","packet_id":170,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":89,"pkt_type":75,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":89,"pkt_l4_len":0,"thread_ts_usec":1576409903041832,"pkt":"AFBWM3ieAAwp1HmyAEvw8DQmDgD\/7xYMAAAoABMAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAABhAgIUABYAEgAEXD8\/Pz8\/Pz8\/Lj8\/PwAFAAA="}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":171,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_usec":1576409903672135}
00365{"packet_event_id":1,"packet_event_name":"packet","packet_id":171,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409903041832,"pkt":"AAwp1HmyAFBWM3ieAATw8QE2DgD\/7xeBvAUDABUAAxXvAgCJAIkATAvHAAQpAAABAAAAAAABIEVORUVF"}
00201{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":172,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":187,"global_ts_usec":1576409903672211}
00569{"packet_event_id":1,"packet_event_name":"packet","packet_id":172,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":201,"pkt_type":187,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":201,"pkt_l4_len":0,"thread_ts_usec":1576409903041832,"pkt":"AAwp1HmyAFBWM3ieALvw8CY2DgD\/7xYMAAATACgAAxX\/U01CgQAAAACAAAAAAAAAAAAAAAAAAAAAyHUFAABhAgEDAIQABYEAgz8\/Pz8\/Pz8\/Pz8\/FgAAAQAAAAAAECpjj08AAAAALgAgICAgICAAAAAAAIM\/Pz8\/Pz8\/Pz8\/PxYBAAEAAAAAABAqY49PAAAAAC4uACAgICAgAAAAAACDPz8\/Pz8\/Pz8\/Pz8WAgABAAAAAAAQyWSPTwAAAABURVNUACAgIAAAAAAA"}
00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":173,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":83,"global_ts_usec":1576409903677279}
00423{"packet_event_id":1,"packet_event_name":"packet","packet_id":173,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":97,"pkt_type":83,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":97,"pkt_l4_len":0,"thread_ts_usec":1576409903041832,"pkt":"AFBWM3ieAAwp1HmyAFPw8DYoDgD\/7xYMAAAoABQAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAACBAgIUAAAAGgAEAAUVAIM\/Pz8\/Pz8\/Pz8\/PxYCAAEAgwAAAQ=="}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":174,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_usec":1576409903677421}
00365{"packet_event_id":1,"packet_event_name":"packet","packet_id":174,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409903041832,"pkt":"AAwp1HmyAFBWM3ieAATw8QE4AP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAeTURKUjk4ICAgICAgICAg"}
00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":175,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_usec":1576409903677504}
00379{"packet_event_id":1,"packet_event_name":"packet","packet_id":175,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"thread_ts_usec":1576409903041832,"pkt":"AAwp1HmyAFBWM3ieADXw8Cg4DgD\/7xYMAAAUACgAAxX\/U01CgQEAEgCAAAAAAAAAAAAAAAAAAAAAyHUFAACBAgAAAA=="}
00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":176,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_usec":1576409903679586}
00379{"packet_event_id":1,"packet_event_name":"packet","packet_id":176,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"thread_ts_usec":1576409903041832,"pkt":"AFBWM3ieAAwp1HmyADXw8DgqDgD\/7xYMAAAoABUAFQP\/U01CgAAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAAChAgAAAA=="}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":177,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_usec":1576409903679667}
00365{"packet_event_id":1,"packet_event_name":"packet","packet_id":177,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409903041832,"pkt":"AAwp1HmyAFBWM3ieAATw8QE6AP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAeTURKUjk4ICAgICAgICAg"}
00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":178,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":63,"global_ts_usec":1576409903679733}
00393{"packet_event_id":1,"packet_event_name":"packet","packet_id":178,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":77,"pkt_type":63,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":77,"pkt_l4_len":0,"thread_ts_usec":1576409903041832,"pkt":"AAwp1HmyAFBWM3ieAD\/w8Co6DgD\/7xYMAAAVACgAAxX\/U01CgAAAAACAAAAAAAAAAAAAAAAAAAAAyHUFAAChAgVq\/wABAAJ2+AAAAAA="}
00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":179,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_usec":1576409903737930}
00367{"packet_event_id":1,"packet_event_name":"packet","packet_id":179,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409903041832,"pkt":"AFBWM3ieAAwp1HmyABLw8DosDgD\/7xQAAAAoAAAAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUF"}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":180,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_usec":1576409903738050}
00365{"packet_event_id":1,"packet_event_name":"packet","packet_id":180,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409903041832,"pkt":"AAwp1HmyAFBWM3ieAATw8QE8AP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAeTURKUjk4ICAgICAgICAg"}
00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":184,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":60,"global_ts_usec":1576409905957339}
00387{"packet_event_id":1,"packet_event_name":"packet","packet_id":184,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":74,"pkt_type":60,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":74,"pkt_l4_len":0,"thread_ts_usec":1576409905313002,"pkt":"AFBWM3ieAAwp1HmyADzw8DwsDgD\/7xYEAAAAABYAFQP\/U01CAQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAADBAgAHAARcVEVTVAA="}
00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":185,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_usec":1576409905958005}
00379{"packet_event_id":1,"packet_event_name":"packet","packet_id":185,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"thread_ts_usec":1576409905313002,"pkt":"AAwp1HmyAFBWM3ieADXw8Cw+DgD\/7xYMAAAWACgAAxX\/U01CAQAAAACAAAAAAAAAAAAAAAAAAAAAyHUFAADBAgAAAA=="}
00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":186,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_usec":1576409906045807}
00367{"packet_event_id":1,"packet_event_name":"packet","packet_id":186,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409905313002,"pkt":"AFBWM3ieAAwp1HmyABLw8D4uDgD\/7xQAAAAoAAAAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUF"}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":188,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_usec":1576409906373827}
00365{"packet_event_id":1,"packet_event_name":"packet","packet_id":188,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409906065215,"pkt":"AAwp1HmyAFBWM3ieAATw8QFALAAAAIARrUHAqO+BwKjv\/wCKAIoAxYA7EQIAHMCo74EAigCvAAAgRU5F"}
00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":194,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":62,"global_ts_usec":1576409908865229}
00391{"packet_event_id":1,"packet_event_name":"packet","packet_id":194,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":76,"pkt_type":62,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":76,"pkt_l4_len":0,"thread_ts_usec":1576409908392441,"pkt":"AFBWM3ieAAwp1HmyAD7w8EAuDgD\/7xYEAAAAABcAFQP\/U01CKwAAAAAAAAAAAAAAAAAAAAAAAAAAyAAyAADhAgEBAAcABEhlbGxvAA=="}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":195,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_usec":1576409908865369}
00365{"packet_event_id":1,"packet_event_name":"packet","packet_id":195,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409908392441,"pkt":"AAwp1HmyAFBWM3ieAATw8QFCAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAeTURKUjk4ICAgICAgICAg"}
00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":196,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":62,"global_ts_usec":1576409908865432}
00391{"packet_event_id":1,"packet_event_name":"packet","packet_id":196,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":76,"pkt_type":62,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":76,"pkt_l4_len":0,"thread_ts_usec":1576409908392441,"pkt":"AAwp1HmyAFBWM3ieAD7w8C5CDgD\/7xYMAAAXACgAAxX\/U01CKwAAAACAAAAAAAAAAAAAAAAAAAAAyAAyAADhAgEBAAcABEhlbGxvAA=="}
01054{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":197,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":0,"flow_first_seen":1576409807597015,"flow_src_last_pkt_time":1576409908392441,"flow_dst_last_pkt_time":1576409807597015,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":177,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2610,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1576409908392441,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","encrypted":0,"breed":"Dangerous","category_id":18,"category":"System"}}
00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":197,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_usec":1576409908973799}
00367{"packet_event_id":1,"packet_event_name":"packet","packet_id":197,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409908392441,"pkt":"AFBWM3ieAAwp1HmyABLw8EIwDgD\/7xQAAAAoAAAAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUF"}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":198,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_usec":1576409908973907}
00364{"packet_event_id":1,"packet_event_name":"packet","packet_id":198,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409908392441,"pkt":"AAwp1HmyAFBWM3ieAATw8QFELwAAAIARq7fAqO+BwKjvAgCJAIkATO+bACIpAAABAAAAAAABIEZIRVBG"}
00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":199,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_usec":1576409909161807}
00366{"packet_event_id":1,"packet_event_name":"packet","packet_id":199,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409908392441,"pkt":"AAwp1HmyAFBWM3ieABLw8DBEDgD\/7x8AAAAAAAAAAxVLR1JPVVAgICAgICAeTURKUjk4ICAgICAgICAg"}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":200,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_usec":1576409909358578}
00366{"packet_event_id":1,"packet_event_name":"packet","packet_id":200,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409908392441,"pkt":"AFBWM3ieAAwp1HmyAATw8QEyDgD\/7xYEAAAAABYAFQP\/U01CAQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUF"}
00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":201,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_usec":1576409911828356}
00379{"packet_event_id":1,"packet_event_name":"packet","packet_id":201,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"thread_ts_usec":1576409908392441,"pkt":"AFBWM3ieAAwp1HmyADXw8EQyDgD\/7xYEAAAAABgAFQP\/U01CcQAAAAAAAAAAAAAAAAAAAAAAAAAAyAAyAAABAwAAAA=="}
00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":202,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_usec":1576409911828513}
00379{"packet_event_id":1,"packet_event_name":"packet","packet_id":202,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"thread_ts_usec":1576409908392441,"pkt":"AAwp1HmyAFBWM3ieADXw8DJGDgD\/7xYMAAAYACgAAxX\/U01CcQAAAACAAAAAAAAAAAAAAAAAAAAAyAAyAAABAwAAAA=="}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":203,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_usec":1576409911828650}
00366{"packet_event_id":1,"packet_event_name":"packet","packet_id":203,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409908392441,"pkt":"AFBWM3ieAAwp1HmyAATw8QE0DgD\/7xYEAAAAABcAFQP\/U01CKwAAAAAAAAAAAAAAAAAAAAAAAAAAyAAy"}
00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":204,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_usec":1576409911828841}
00367{"packet_event_id":1,"packet_event_name":"packet","packet_id":204,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409908392441,"pkt":"AFBWM3ieAAwp1HmyABLw8EY0DgD\/7xQAAAAoAAAAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUF"}
00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":205,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_usec":1576409911828940}
00367{"packet_event_id":1,"packet_event_name":"packet","packet_id":205,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409908392441,"pkt":"AFBWM3ieAAwp1HmyABLw8Eg1DgD\/7xgAAAAAAAAAFQP\/U01CAQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUF"}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":206,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_usec":1576409911829009}
00364{"packet_event_id":1,"packet_event_name":"packet","packet_id":206,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409908392441,"pkt":"AAwp1HmyAFBWM3ieAATw8QFLMAAAAIARqrfAqO+BwKjvAgCJAIkATO+bACIpAAABAAAAAAABIEZIRVBG"}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":207,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":3,"global_ts_usec":1576409911829099}
00366{"packet_event_id":1,"packet_event_name":"packet","packet_id":207,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":3,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409908392441,"pkt":"AFBWM3ieAAwp1HmyAAPw8FMyDgD\/7xYEAAAAABgAFQP\/U01CcQAAAAAAAAAAAAAAAAAAAAAAAAAAyAAy"}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":208,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":3,"global_ts_usec":1576409911829163}
00365{"packet_event_id":1,"packet_event_name":"packet","packet_id":208,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":3,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409908392441,"pkt":"AAwp1HmyAFBWM3ieAAPw8XMwIwAAAIARtrrAqO+BwKjv\/wCJAIkATG6mAAooEAABAAAAAAABIEZIRVBG"}
00201{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":209,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":172,"global_ts_usec":1576409912777830}
00537{"packet_event_id":1,"packet_event_name":"packet","packet_id":209,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":186,"pkt_type":172,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":186,"pkt_l4_len":0,"thread_ts_usec":1576409908392441,"pkt":"AwAAAAABAFBWM3ieAKzw8AMsAP\/vCAAAAAAAAAABAl9fTVNCUk9XU0VfXwIBTURKUjk4ICAgICAgICAgAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAJwAAAAAAAAAAAAAAAAAAAAAAAAAnAFYAAwABAAEAAgA4AFxNQUlMU0xPVFxCUk9XU0UADADA1AEAV09SS0dST1VQAAAAAAAAAAQAACBAgAAAAABNREpSOTgA"}
00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":212,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409925058018}
00300{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1576409925058018,"packet_id":212,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409925058018}
00371{"packet_event_id":1,"packet_event_name":"packet","packet_id":212,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_usec":1576409925057831,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAAGQBXT1JLR1JPVVAgICAgICAdTUFSVElOIFJPU0VOQVUgAw=="}
00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":213,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409925661877}
00300{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1576409925661877,"packet_id":213,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409925661877}
00371{"packet_event_id":1,"packet_event_name":"packet","packet_id":213,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_usec":1576409925057831,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAAGQBXT1JLR1JPVVAgICAgICAeTUFSVElOIFJPU0VOQVUgAw=="}
00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":214,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409926307736}
00300{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":3,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1576409926307736,"packet_id":214,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409926307736}
00371{"packet_event_id":1,"packet_event_name":"packet","packet_id":214,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_usec":1576409925057831,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAAGQAAAAAAAAAAAAAAAAAAAAAATUFSVElOIFJPU0VOQVUgAw=="}
02131{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":220,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":0,"flow_first_seen":1576409800543745,"flow_src_last_pkt_time":1576409931837438,"flow_dst_last_pkt_time":1576409800543745,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1576409931837438,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":43,"avg":4235280.5,"max":96434388,"stddev":17261798.0,"var":297969697947648.0,"ent":1.5,"data": [471,72,38984,710235,79,43,39467,709823,84,47,40333,710082,133,63,40024,760697,749893,749148,750102,96434388,763919,759984,756024,755162,752213,756593,760022,22000853,749883,749867,755005]},"pktlen": {"min":96,"avg":96.0,"max":96,"stddev":0.0,"var":0.0,"ent":5.0,"data": [96,96,96,96,96,96,96,96,96,96,96,96,96,96,96,96,96,96,96,96,96,96,96,96,96,96,96,96,96,96,96,96]},"bins": {"c_to_s": [0,0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"entropies": [4.156764984,4.210426807,4.197602749,4.176768780,4.197602749,4.231260300,4.177598476,4.176768780,4.177598476,4.193659782,4.197602749,4.176768780,4.197602749,4.231260300,4.177598476,4.155935764,4.289934158,4.323737621,4.323737621,4.323737621,4.282100201,4.282100201,4.282100201,4.248297215,4.376053333,4.376053333,4.376053333,4.355220318,4.281060219,4.286166668,4.277262688,4.307000160]},"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
00880{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":220,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576409798047534,"flow_src_last_pkt_time":1576409798047534,"flow_dst_last_pkt_time":1576409798047534,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1576409931837438,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"224.0.0.2","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00923{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":220,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":0,"flow_first_seen":1576409800543745,"flow_src_last_pkt_time":1576409931837438,"flow_dst_last_pkt_time":1576409800543745,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1576409931837438,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
00920{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":220,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":0,"flow_first_seen":1576409797553896,"flow_src_last_pkt_time":1576409928060524,"flow_dst_last_pkt_time":1576409797553896,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":952,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1576409931837438,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.2","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
01052{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":220,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":0,"flow_first_seen":1576409807597015,"flow_src_last_pkt_time":1576409923353834,"flow_dst_last_pkt_time":1576409807597015,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":177,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2817,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1576409931837438,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","encrypted":0,"breed":"Dangerous","category_id":18,"category":"System"}}
00576{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":220,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","packets-captured":220,"packets-processed":62,"total-skipped-flows":0,"total-l4-payload-len":5953,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":8,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":350,"global_ts_usec":1576409931837438}
00576{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":220,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","packets-captured":220,"packets-processed":62,"total-skipped-flows":0,"total-l4-payload-len":5953,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":8,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":104,"global_ts_usec":1576409931837438}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 220/62
~~ skipped flows.............: 0
@@ -360,6 +114,6 @@
~~ total memory freed........: 6042771 bytes
~~ total allocations/frees...: 121580/121580
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 203 chars
~~ json string min len.......: 303 chars
~~ json string max len.......: 2136 chars
~~ json string avg len.......: 1167 chars
~~ json string avg len.......: 1210 chars

10
test/results/flow-info/4in4tunnel.pcap.out
View File

@@ -1,17 +1,17 @@
DAEMON-EVENT: init
DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [1/16]
DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [1/16]
DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [1/16]
DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [1/16]
DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [1/16]
DAEMON-EVENT: shutdown

2
test/results/flow-info/BGP_redist.pcap.out
View File

@@ -1,7 +1,7 @@
DAEMON-EVENT: init
DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
ERROR-EVENT: Unknown L3 protocol
ERROR-EVENT: Unknown L3 protocol [1/16]
new: [.....1] [ip4][..tcp] [........2.2.2.2][..179] -> [........5.5.5.5][49433] [MIDSTREAM]
detected: [.....1] [ip4][..tcp] [........2.2.2.2][..179] -> [........5.5.5.5][49433] [BGP][Network][Acceptable]
idle: [.....1] [ip4][..tcp] [........2.2.2.2][..179] -> [........5.5.5.5][49433] [BGP][Network][Acceptable]

24
test/results/flow-info/ajp.pcap.out
View File

@@ -2,21 +2,21 @@
DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....1] [ip4][..tcp] [...172.29.9.146][38856] -> [...172.29.9.147][.8009]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16]
detected: [.....1] [ip4][..tcp] [...172.29.9.146][38856] -> [...172.29.9.147][.8009] [AJP][Web][Acceptable]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [2/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [3/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [4/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [5/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [6/16]
new: [.....2] [ip4][..tcp] [...172.29.9.146][38856] -> [...172.29.9.147][.8010]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [7/16]
detected: [.....2] [ip4][..tcp] [...172.29.9.146][38856] -> [...172.29.9.147][.8010] [AJP][Web][Acceptable]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [8/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [9/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [10/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [11/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [12/16]
idle: [.....1] [ip4][..tcp] [...172.29.9.146][38856] -> [...172.29.9.147][.8009] [AJP][Web][Acceptable]
idle: [.....2] [ip4][..tcp] [...172.29.9.146][38856] -> [...172.29.9.147][.8010] [AJP][Web][Acceptable]
DAEMON-EVENT: shutdown

10
test/results/flow-info/alexa-app.pcapng.out
View File

@@ -1,8 +1,8 @@
DAEMON-EVENT: init
DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [1/16]
ERROR-EVENT: Unknown packet type [2/16]
new: [.....1] [ip6][icmp6] [.....................................::] -> [......................ff02::1:ffd3:fbc2]
detected: [.....1] [ip6][icmp6] [.....................................::] -> [......................ff02::1:ffd3:fbc2] [ICMPV6][Network][Acceptable]
new: [.....2] [ip6][icmp6] [.....................................::] -> [...............................ff02::16]
@@ -136,7 +136,7 @@
detection-update: [....36] [ip4][..tcp] [..172.16.42.216][34019] -> [..54.239.24.186][..443] [TLS.AmazonAWS][Cloud][Acceptable][mobileanalytics.us-east-1.amazonaws.com]
new: [....40] [ip4][..udp] [..172.16.42.216][43350] -> [....172.16.42.1][...53]
detected: [....40] [ip4][..udp] [..172.16.42.216][43350] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable][fls-na.amazon.com]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [1/16]
analyse: [....28] [ip4][..tcp] [..172.16.42.216][45661] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 1.016| 0.161| 0.286| 81844.249| 3.400]
@@ -226,7 +226,7 @@
new: [....56] [ip4][..tcp] [..172.16.42.216][42144] -> [..72.21.206.135][..443]
detected: [....56] [ip4][..tcp] [..172.16.42.216][42144] -> [..72.21.206.135][..443] [TLS.Amazon][Web][Acceptable][fls-na.amazon.com]
detection-update: [....56] [ip4][..tcp] [..172.16.42.216][42144] -> [..72.21.206.135][..443] [TLS.Amazon][Web][Acceptable][fls-na.amazon.com]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [2/16]
new: [....57] [ip4][..tcp] [..172.16.42.216][45687] -> [..52.94.232.134][..443]
detected: [....57] [ip4][..tcp] [..172.16.42.216][45687] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable][pitangui.amazon.com]
detection-update: [....57] [ip4][..tcp] [..172.16.42.216][45687] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable][pitangui.amazon.com]
@@ -436,7 +436,7 @@
RISK: TLS (probably) Not Carrying HTTPS
detection-update: [....99] [ip4][..tcp] [..172.16.42.216][44001] -> [..176.32.101.52][..443] [TLS.Amazon][Web][Acceptable][dp-gw-na-js.amazon.com]
RISK: TLS (probably) Not Carrying HTTPS
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [1/16]
update: [....27] [ip4][..udp] [..172.16.42.216][54886] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable]
update: [....14] [ip4][.icmp] [....172.16.42.1] -> [..172.16.42.216] [ICMP][Network][Acceptable]
update: [....40] [ip4][..udp] [..172.16.42.216][43350] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable]

195
test/results/flow-info/badpackets.pcap.out
View File

@@ -1,106 +1,101 @@
DAEMON-EVENT: init
DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: Captured packet size is smaller than expected packet size
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: Captured packet size is smaller than expected packet size
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: Captured packet size is smaller than expected packet size
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: Captured packet size is smaller than expected packet size
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: Captured packet size is smaller than expected packet size
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: Captured packet size is smaller than expected packet size
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: Captured packet size is smaller than expected packet size
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [2/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [3/16]
ERROR-EVENT: Captured packet size is smaller than expected packet size [1/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [2/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [2/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [3/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [4/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [5/16]
ERROR-EVENT: Captured packet size is smaller than expected packet size [6/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [7/16]
ERROR-EVENT: Captured packet size is smaller than expected packet size [8/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [9/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [10/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [11/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [12/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [13/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [14/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [15/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [16/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [2/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [3/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [2/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [2/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [3/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [4/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [5/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [6/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [7/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16]
ERROR-EVENT: Captured packet size is smaller than expected packet size [1/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [2/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [3/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [2/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [2/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [3/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [2/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [2/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [3/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [4/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [5/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [6/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [7/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [8/16]
ERROR-EVENT: Captured packet size is smaller than expected packet size [9/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [10/16]
ERROR-EVENT: Captured packet size is smaller than expected packet size [11/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [12/16]
DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [2/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [3/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [4/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [2/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [3/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [4/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [5/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [6/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [7/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [2/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [3/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [2/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [3/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [2/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [3/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [2/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [3/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [2/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [3/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [4/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [5/16]
DAEMON-EVENT: shutdown

18
test/results/flow-info/capwap.pcap.out
View File

@@ -5,12 +5,12 @@
detected: [.....1] [ip4][..udp] [...192.168.10.9][.5246] -> [..192.168.10.10][12379] [CAPWAP][Network][Acceptable]
new: [.....2] [ip4][..udp] [..192.168.10.10][49259] -> [255.255.255.255][...53]
detected: [.....2] [ip4][..udp] [..192.168.10.10][49259] -> [255.255.255.255][...53] [DNS][Network][Acceptable][cisco-capwap-controller]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [1/16]
ERROR-EVENT: Unknown packet type [2/16]
ERROR-EVENT: Unknown packet type [3/16]
ERROR-EVENT: Unknown packet type [4/16]
ERROR-EVENT: Unknown packet type [5/16]
ERROR-EVENT: Unknown packet type [6/16]
new: [.....3] [ip4][..udp] [..192.168.10.10][12380] -> [255.255.255.255][.5246]
detected: [.....3] [ip4][..udp] [..192.168.10.10][12380] -> [255.255.255.255][.5246] [CAPWAP][Network][Acceptable]
new: [.....4] [ip4][..udp] [...192.168.10.9][.5246] -> [..192.168.10.10][12380]
@@ -29,7 +29,7 @@
new: [.....5] [ip4][..udp] [..192.168.10.10][12380] -> [...192.168.10.9][.5247]
detected: [.....5] [ip4][..udp] [..192.168.10.10][12380] -> [...192.168.10.9][.5247] [CAPWAP][Network][Acceptable]
update: [.....2] [ip4][..udp] [..192.168.10.10][49259] -> [255.255.255.255][...53]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [1/16]
analyse: [.....5] [ip4][..udp] [..192.168.10.10][12380] -> [...192.168.10.9][.5247] [CAPWAP][Network][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.500| 4.000| 1.016| 0.875| 765810.835| 4.600]
@@ -45,13 +45,13 @@
update: [.....4] [ip4][..udp] [...192.168.10.9][.5246] -> [..192.168.10.10][12380] [CAPWAP][Network][Acceptable]
update: [.....5] [ip4][..udp] [..192.168.10.10][12380] -> [...192.168.10.9][.5247] [CAPWAP][Network][Acceptable]
update: [.....2] [ip4][..udp] [..192.168.10.10][49259] -> [255.255.255.255][...53]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [1/16]
update: [.....3] [ip4][..udp] [..192.168.10.10][12380] -> [255.255.255.255][.5246] [CAPWAP][Network][Acceptable]
update: [.....1] [ip4][..udp] [...192.168.10.9][.5246] -> [..192.168.10.10][12379] [CAPWAP][Network][Acceptable]
update: [.....4] [ip4][..udp] [...192.168.10.9][.5246] -> [..192.168.10.10][12380] [CAPWAP][Network][Acceptable]
update: [.....5] [ip4][..udp] [..192.168.10.10][12380] -> [...192.168.10.9][.5247] [CAPWAP][Network][Acceptable]
update: [.....2] [ip4][..udp] [..192.168.10.10][49259] -> [255.255.255.255][...53]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [1/16]
idle: [.....1] [ip4][..udp] [...192.168.10.9][.5246] -> [..192.168.10.10][12379] [CAPWAP][Network][Acceptable]
idle: [.....2] [ip4][..udp] [..192.168.10.10][49259] -> [255.255.255.255][...53]
update: [.....3] [ip4][..udp] [..192.168.10.10][12380] -> [255.255.255.255][.5246] [CAPWAP][Network][Acceptable]

2
test/results/flow-info/dlt_ppp.pcap.out
View File

@@ -1,3 +1,3 @@
DAEMON-EVENT: init
ERROR-EVENT: Unknown L3 protocol
ERROR-EVENT: Unknown L3 protocol [1/16]
DAEMON-EVENT: shutdown

14
test/results/flow-info/dns_fragmented.pcap.out
View File

@@ -4,26 +4,26 @@
new: [.....1] [ip4][..udp] [..172.217.40.76][56680] -> [.193.24.227.238][...53]
detected: [.....1] [ip4][..udp] [..172.217.40.76][56680] -> [.193.24.227.238][...53] [DNS.Google][Web][Acceptable][weberlab.de]
detection-update: [.....1] [ip4][..udp] [..172.217.40.76][56680] -> [.193.24.227.238][...53] [DNS.Google][Web][Acceptable][weberlab.de]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16]
new: [.....2] [ip6][..udp] [................2a00:1450:4013:c03::10a][46433] -> [..................2001:470:765b::a25:53][...53]
detected: [.....2] [ip6][..udp] [................2a00:1450:4013:c03::10a][46433] -> [..................2001:470:765b::a25:53][...53] [DNS][Network][Acceptable][pa.weberlab.de]
detection-update: [.....2] [ip6][..udp] [................2a00:1450:4013:c03::10a][46433] -> [..................2001:470:765b::a25:53][...53] [DNS][Network][Acceptable][pa.weberlab.de]
ERROR-EVENT: nDPI IPv6/L4 payload detection failed
ERROR-EVENT: nDPI IPv6/L4 payload detection failed [2/16]
new: [.....3] [ip6][..udp] [................2a00:1450:4013:c06::105][63369] -> [..................2001:470:765b::a25:53][...53]
detected: [.....3] [ip6][..udp] [................2a00:1450:4013:c06::105][63369] -> [..................2001:470:765b::a25:53][...53] [DNS][Network][Acceptable][fg2.weberlab.de]
detection-update: [.....3] [ip6][..udp] [................2a00:1450:4013:c06::105][63369] -> [..................2001:470:765b::a25:53][...53] [DNS][Network][Acceptable][fg2.weberlab.de]
ERROR-EVENT: nDPI IPv6/L4 payload detection failed
ERROR-EVENT: nDPI IPv6/L4 payload detection failed [3/16]
new: [.....4] [ip4][..udp] [173.194.169.104][59464] -> [.193.24.227.238][...53]
detected: [.....4] [ip4][..udp] [173.194.169.104][59464] -> [.193.24.227.238][...53] [DNS.Google][Web][Acceptable][fg2.weberlab.de]
detection-update: [.....4] [ip4][..udp] [173.194.169.104][59464] -> [.193.24.227.238][...53] [DNS.Google][Web][Acceptable][fg2.weberlab.de]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [4/16]
new: [.....5] [ip6][..udp] [................2a00:1450:400c:c00::106][54430] -> [..................2001:470:765b::a25:53][...53]
detected: [.....5] [ip6][..udp] [................2a00:1450:400c:c00::106][54430] -> [..................2001:470:765b::a25:53][...53] [DNS][Network][Acceptable][fg2.weberlab.de]
detection-update: [.....5] [ip6][..udp] [................2a00:1450:400c:c00::106][54430] -> [..................2001:470:765b::a25:53][...53] [DNS][Network][Acceptable][fg2.weberlab.de]
new: [.....6] [ip4][..udp] [..74.125.47.136][59330] -> [.193.24.227.238][...53]
detected: [.....6] [ip4][..udp] [..74.125.47.136][59330] -> [.193.24.227.238][...53] [DNS.Google][Web][Acceptable][weberlab.de]
detection-update: [.....6] [ip4][..udp] [..74.125.47.136][59330] -> [.193.24.227.238][...53] [DNS.Google][Web][Acceptable][weberlab.de]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [5/16]
new: [.....7] [ip6][..udp] [................2a00:1450:4013:c05::10e][34944] -> [..................2001:470:765b::a25:53][...53]
detected: [.....7] [ip6][..udp] [................2a00:1450:4013:c05::10e][34944] -> [..................2001:470:765b::a25:53][...53] [DNS][Network][Acceptable][fg2.weberlab.de]
detection-update: [.....7] [ip6][..udp] [................2a00:1450:4013:c05::10e][34944] -> [..................2001:470:765b::a25:53][...53] [DNS][Network][Acceptable][fg2.weberlab.de]
@@ -69,11 +69,11 @@
new: [....16] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][55729] -> [..................2001:470:765b::a25:53][...53]
detected: [....16] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][55729] -> [..................2001:470:765b::a25:53][...53] [DNS][Network][Acceptable][weberlab.de]
detection-update: [....16] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][55729] -> [..................2001:470:765b::a25:53][...53] [DNS][Network][Acceptable][weberlab.de]
ERROR-EVENT: nDPI IPv6/L4 payload detection failed
ERROR-EVENT: nDPI IPv6/L4 payload detection failed [1/16]
new: [....17] [ip4][..udp] [....194.247.5.6][51791] -> [.193.24.227.238][...53]
detected: [....17] [ip4][..udp] [....194.247.5.6][51791] -> [.193.24.227.238][...53] [DNS][Network][Acceptable][weberlab.de]
detection-update: [....17] [ip4][..udp] [....194.247.5.6][51791] -> [.193.24.227.238][...53] [DNS][Network][Acceptable][weberlab.de]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [2/16]
new: [....18] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][60550] -> [...................2606:4700:4700::1111][...53]
detected: [....18] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][60550] -> [...................2606:4700:4700::1111][...53] [DNS][Network][Acceptable][ns2.weberdns.de]
detection-update: [....18] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][60550] -> [...................2606:4700:4700::1111][...53] [DNS][Network][Acceptable][ns2.weberdns.de]

176
test/results/flow-info/dnscrypt-v1-and-resolver-pings.pcap.out
View File

@@ -5,15 +5,15 @@
detected: [.....1] [ip4][..udp] [.......10.0.0.1][38388] -> [..149.56.228.45][..443] [DNScrypt][Network][Safe]
new: [.....2] [ip4][..udp] [.......10.0.0.1][45722] -> [..149.56.228.45][..443]
detected: [.....2] [ip4][..udp] [.......10.0.0.1][45722] -> [..149.56.228.45][..443] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16]
new: [.....3] [ip4][..udp] [.......10.0.0.1][35495] -> [..149.56.228.45][..443]
detected: [.....3] [ip4][..udp] [.......10.0.0.1][35495] -> [..149.56.228.45][..443] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [2/16]
new: [.....4] [ip4][..udp] [.......10.0.0.1][33565] -> [..149.56.228.45][..443]
detected: [.....4] [ip4][..udp] [.......10.0.0.1][33565] -> [..149.56.228.45][..443] [DNScrypt][Network][Safe]
new: [.....5] [ip4][..udp] [.......10.0.0.1][35228] -> [..149.56.228.45][..443]
detected: [.....5] [ip4][..udp] [.......10.0.0.1][35228] -> [..149.56.228.45][..443] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [3/16]
new: [.....6] [ip4][..udp] [.......10.0.0.1][60301] -> [..149.56.228.45][..443]
detected: [.....6] [ip4][..udp] [.......10.0.0.1][60301] -> [..149.56.228.45][..443] [DNScrypt][Network][Safe]
DAEMON-EVENT: [Processed: 12 pkts][ZLib][compressions: 0|diff: 0 / 0]
@@ -26,33 +26,33 @@
detected: [.....9] [ip4][..udp] [.......10.0.0.1][49518] -> [..62.210.180.71][.1053] [DNScrypt][Network][Safe]
new: [....10] [ip4][..udp] [.......10.0.0.1][43748] -> [..62.210.180.71][.1053]
detected: [....10] [ip4][..udp] [.......10.0.0.1][43748] -> [..62.210.180.71][.1053] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16]
new: [....11] [ip4][..udp] [.......10.0.0.1][57395] -> [..62.210.180.71][.1053]
detected: [....11] [ip4][..udp] [.......10.0.0.1][57395] -> [..62.210.180.71][.1053] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [2/16]
new: [....12] [ip4][..udp] [.......10.0.0.1][53299] -> [..62.210.180.71][.1053]
detected: [....12] [ip4][..udp] [.......10.0.0.1][53299] -> [..62.210.180.71][.1053] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [3/16]
new: [....13] [ip4][..udp] [.......10.0.0.1][53697] -> [.185.134.196.55][.8443]
detected: [....13] [ip4][..udp] [.......10.0.0.1][53697] -> [.185.134.196.55][.8443] [DNScrypt][Network][Safe]
new: [....14] [ip4][..udp] [.......10.0.0.1][37413] -> [.185.134.196.55][.8443]
detected: [....14] [ip4][..udp] [.......10.0.0.1][37413] -> [.185.134.196.55][.8443] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [4/16]
new: [....15] [ip4][..udp] [.......10.0.0.1][35005] -> [.185.134.196.55][.8443]
detected: [....15] [ip4][..udp] [.......10.0.0.1][35005] -> [.185.134.196.55][.8443] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [5/16]
new: [....16] [ip4][..udp] [.......10.0.0.1][59405] -> [.185.134.196.55][.8443]
detected: [....16] [ip4][..udp] [.......10.0.0.1][59405] -> [.185.134.196.55][.8443] [DNScrypt][Network][Safe]
new: [....17] [ip4][..udp] [.......10.0.0.1][50435] -> [.185.134.196.55][.8443]
detected: [....17] [ip4][..udp] [.......10.0.0.1][50435] -> [.185.134.196.55][.8443] [DNScrypt][Network][Safe]
new: [....18] [ip4][..udp] [.......10.0.0.1][55123] -> [.185.134.196.55][.8443]
detected: [....18] [ip4][..udp] [.......10.0.0.1][55123] -> [.185.134.196.55][.8443] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [6/16]
new: [....19] [ip4][..udp] [.......10.0.0.1][44712] -> [104.238.186.192][..443]
detected: [....19] [ip4][..udp] [.......10.0.0.1][44712] -> [104.238.186.192][..443] [DNScrypt][Network][Safe]
new: [....20] [ip4][..udp] [.......10.0.0.1][56997] -> [104.238.186.192][..443]
detected: [....20] [ip4][..udp] [.......10.0.0.1][56997] -> [104.238.186.192][..443] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [7/16]
new: [....21] [ip4][..udp] [.......10.0.0.1][39655] -> [104.238.186.192][..443]
detected: [....21] [ip4][..udp] [.......10.0.0.1][39655] -> [104.238.186.192][..443] [DNScrypt][Network][Safe]
new: [....22] [ip4][..udp] [.......10.0.0.1][59261] -> [104.238.186.192][..443]
@@ -61,34 +61,34 @@
detected: [....23] [ip4][..udp] [.......10.0.0.1][59641] -> [104.238.186.192][..443] [DNScrypt][Network][Safe]
new: [....24] [ip4][..udp] [.......10.0.0.1][44491] -> [104.238.186.192][..443]
detected: [....24] [ip4][..udp] [.......10.0.0.1][44491] -> [104.238.186.192][..443] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [8/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [9/16]
new: [....25] [ip4][..udp] [.......10.0.0.1][32793] -> [.209.250.241.25][..443]
detected: [....25] [ip4][..udp] [.......10.0.0.1][32793] -> [.209.250.241.25][..443] [DNScrypt][Network][Safe]
new: [....26] [ip4][..udp] [.......10.0.0.1][56035] -> [.209.250.241.25][..443]
detected: [....26] [ip4][..udp] [.......10.0.0.1][56035] -> [.209.250.241.25][..443] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [10/16]
new: [....27] [ip4][..udp] [.......10.0.0.1][37123] -> [.209.250.241.25][..443]
detected: [....27] [ip4][..udp] [.......10.0.0.1][37123] -> [.209.250.241.25][..443] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [11/16]
new: [....28] [ip4][..udp] [.......10.0.0.1][37950] -> [.209.250.241.25][..443]
detected: [....28] [ip4][..udp] [.......10.0.0.1][37950] -> [.209.250.241.25][..443] [DNScrypt][Network][Safe]
new: [....29] [ip4][..udp] [.......10.0.0.1][34324] -> [.209.250.241.25][..443]
detected: [....29] [ip4][..udp] [.......10.0.0.1][34324] -> [.209.250.241.25][..443] [DNScrypt][Network][Safe]
new: [....30] [ip4][..udp] [.......10.0.0.1][59367] -> [.209.250.241.25][..443]
detected: [....30] [ip4][..udp] [.......10.0.0.1][59367] -> [.209.250.241.25][..443] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [12/16]
new: [....31] [ip4][..udp] [.......10.0.0.1][43609] -> [....41.79.69.13][..443]
detected: [....31] [ip4][..udp] [.......10.0.0.1][43609] -> [....41.79.69.13][..443] [DNScrypt][Network][Safe]
new: [....32] [ip4][..udp] [.......10.0.0.1][46229] -> [....41.79.69.13][..443]
detected: [....32] [ip4][..udp] [.......10.0.0.1][46229] -> [....41.79.69.13][..443] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [13/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [14/16]
new: [....33] [ip4][..udp] [.......10.0.0.1][56043] -> [....41.79.69.13][..443]
detected: [....33] [ip4][..udp] [.......10.0.0.1][56043] -> [....41.79.69.13][..443] [DNScrypt][Network][Safe]
new: [....34] [ip4][..udp] [.......10.0.0.1][38136] -> [....41.79.69.13][..443]
detected: [....34] [ip4][..udp] [.......10.0.0.1][38136] -> [....41.79.69.13][..443] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [15/16]
new: [....35] [ip4][..udp] [.......10.0.0.1][56177] -> [....41.79.69.13][..443]
detected: [....35] [ip4][..udp] [.......10.0.0.1][56177] -> [....41.79.69.13][..443] [DNScrypt][Network][Safe]
new: [....36] [ip4][..udp] [.......10.0.0.1][43365] -> [....41.79.69.13][..443]
@@ -97,15 +97,13 @@
detected: [....37] [ip4][..udp] [.......10.0.0.1][45767] -> [..51.15.122.250][..443] [DNScrypt][Network][Safe]
new: [....38] [ip4][..udp] [.......10.0.0.1][38867] -> [..51.15.122.250][..443]
detected: [....38] [ip4][..udp] [.......10.0.0.1][38867] -> [..51.15.122.250][..443] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [16/16]
new: [....39] [ip4][..udp] [.......10.0.0.1][59709] -> [..51.15.122.250][..443]
detected: [....39] [ip4][..udp] [.......10.0.0.1][59709] -> [..51.15.122.250][..443] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
new: [....40] [ip4][..udp] [.......10.0.0.1][36668] -> [..51.15.122.250][..443]
detected: [....40] [ip4][..udp] [.......10.0.0.1][36668] -> [..51.15.122.250][..443] [DNScrypt][Network][Safe]
new: [....41] [ip4][..udp] [.......10.0.0.1][39007] -> [..51.15.122.250][..443]
detected: [....41] [ip4][..udp] [.......10.0.0.1][39007] -> [..51.15.122.250][..443] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
new: [....42] [ip4][..udp] [.......10.0.0.1][38362] -> [..51.15.122.250][..443]
detected: [....42] [ip4][..udp] [.......10.0.0.1][38362] -> [..51.15.122.250][..443] [DNScrypt][Network][Safe]
new: [....43] [ip4][..udp] [.......10.0.0.1][59476] -> [.139.59.200.116][..443]
@@ -116,76 +114,58 @@
detected: [....45] [ip4][..udp] [.......10.0.0.1][50335] -> [.139.59.200.116][..443] [DNScrypt][Network][Safe]
new: [....46] [ip4][..udp] [.......10.0.0.1][43633] -> [.139.59.200.116][..443]
detected: [....46] [ip4][..udp] [.......10.0.0.1][43633] -> [.139.59.200.116][..443] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
new: [....47] [ip4][..udp] [.......10.0.0.1][37595] -> [.139.59.200.116][..443]
detected: [....47] [ip4][..udp] [.......10.0.0.1][37595] -> [.139.59.200.116][..443] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
new: [....48] [ip4][..udp] [.......10.0.0.1][59194] -> [.139.59.200.116][..443]
detected: [....48] [ip4][..udp] [.......10.0.0.1][59194] -> [.139.59.200.116][..443] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
new: [....49] [ip4][..udp] [.......10.0.0.1][47865] -> [...195.30.94.28][.8443]
detected: [....49] [ip4][..udp] [.......10.0.0.1][47865] -> [...195.30.94.28][.8443] [DNScrypt][Network][Safe]
new: [....50] [ip4][..udp] [.......10.0.0.1][33369] -> [...195.30.94.28][.8443]
detected: [....50] [ip4][..udp] [.......10.0.0.1][33369] -> [...195.30.94.28][.8443] [DNScrypt][Network][Safe]
new: [....51] [ip4][..udp] [.......10.0.0.1][34885] -> [...195.30.94.28][.8443]
detected: [....51] [ip4][..udp] [.......10.0.0.1][34885] -> [...195.30.94.28][.8443] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
new: [....52] [ip4][..udp] [.......10.0.0.1][44093] -> [...195.30.94.28][.8443]
detected: [....52] [ip4][..udp] [.......10.0.0.1][44093] -> [...195.30.94.28][.8443] [DNScrypt][Network][Safe]
new: [....53] [ip4][..udp] [.......10.0.0.1][53811] -> [...195.30.94.28][.8443]
detected: [....53] [ip4][..udp] [.......10.0.0.1][53811] -> [...195.30.94.28][.8443] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
new: [....54] [ip4][..udp] [.......10.0.0.1][44282] -> [...195.30.94.28][.8443]
detected: [....54] [ip4][..udp] [.......10.0.0.1][44282] -> [...195.30.94.28][.8443] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
new: [....55] [ip4][..udp] [.......10.0.0.1][32970] -> [..142.4.204.111][..443]
detected: [....55] [ip4][..udp] [.......10.0.0.1][32970] -> [..142.4.204.111][..443] [DNScrypt][Network][Safe]
new: [....56] [ip4][..udp] [.......10.0.0.1][60962] -> [..142.4.204.111][..443]
detected: [....56] [ip4][..udp] [.......10.0.0.1][60962] -> [..142.4.204.111][..443] [DNScrypt][Network][Safe]
new: [....57] [ip4][..udp] [.......10.0.0.1][33071] -> [..142.4.204.111][..443]
detected: [....57] [ip4][..udp] [.......10.0.0.1][33071] -> [..142.4.204.111][..443] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
new: [....58] [ip4][..udp] [.......10.0.0.1][43505] -> [..142.4.204.111][..443]
detected: [....58] [ip4][..udp] [.......10.0.0.1][43505] -> [..142.4.204.111][..443] [DNScrypt][Network][Safe]
new: [....59] [ip4][..udp] [.......10.0.0.1][52284] -> [..142.4.204.111][..443]
detected: [....59] [ip4][..udp] [.......10.0.0.1][52284] -> [..142.4.204.111][..443] [DNScrypt][Network][Safe]
new: [....60] [ip4][..udp] [.......10.0.0.1][46856] -> [..142.4.204.111][..443]
detected: [....60] [ip4][..udp] [.......10.0.0.1][46856] -> [..142.4.204.111][..443] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
new: [....61] [ip4][..udp] [.......10.0.0.1][50035] -> [.149.112.112.10][.8443]
detected: [....61] [ip4][..udp] [.......10.0.0.1][50035] -> [.149.112.112.10][.8443] [DNScrypt][Network][Safe]
new: [....62] [ip4][..udp] [.......10.0.0.1][40009] -> [.149.112.112.10][.8443]
detected: [....62] [ip4][..udp] [.......10.0.0.1][40009] -> [.149.112.112.10][.8443] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
new: [....63] [ip4][..udp] [.......10.0.0.1][56022] -> [.149.112.112.10][.8443]
detected: [....63] [ip4][..udp] [.......10.0.0.1][56022] -> [.149.112.112.10][.8443] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
new: [....64] [ip4][..udp] [.......10.0.0.1][42570] -> [.149.112.112.10][.8443]
detected: [....64] [ip4][..udp] [.......10.0.0.1][42570] -> [.149.112.112.10][.8443] [DNScrypt][Network][Safe]
new: [....65] [ip4][..udp] [.......10.0.0.1][57465] -> [.149.112.112.10][.8443]
detected: [....65] [ip4][..udp] [.......10.0.0.1][57465] -> [.149.112.112.10][.8443] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
new: [....66] [ip4][..udp] [.......10.0.0.1][55482] -> [.149.112.112.10][.8443]
detected: [....66] [ip4][..udp] [.......10.0.0.1][55482] -> [.149.112.112.10][.8443] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
new: [....67] [ip4][..udp] [.......10.0.0.1][49512] -> [..172.104.93.80][.1443]
detected: [....67] [ip4][..udp] [.......10.0.0.1][49512] -> [..172.104.93.80][.1443] [DNScrypt][Network][Safe]
new: [....68] [ip4][..udp] [.......10.0.0.1][50913] -> [..172.104.93.80][.1443]
detected: [....68] [ip4][..udp] [.......10.0.0.1][50913] -> [..172.104.93.80][.1443] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
new: [....69] [ip4][..udp] [.......10.0.0.1][41800] -> [..172.104.93.80][.1443]
detected: [....69] [ip4][..udp] [.......10.0.0.1][41800] -> [..172.104.93.80][.1443] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
new: [....70] [ip4][..udp] [.......10.0.0.1][38283] -> [..172.104.93.80][.1443]
detected: [....70] [ip4][..udp] [.......10.0.0.1][38283] -> [..172.104.93.80][.1443] [DNScrypt][Network][Safe]
new: [....71] [ip4][..udp] [.......10.0.0.1][59489] -> [..172.104.93.80][.1443]
detected: [....71] [ip4][..udp] [.......10.0.0.1][59489] -> [..172.104.93.80][.1443] [DNScrypt][Network][Safe]
new: [....72] [ip4][..udp] [.......10.0.0.1][56902] -> [..172.104.93.80][.1443]
detected: [....72] [ip4][..udp] [.......10.0.0.1][56902] -> [..172.104.93.80][.1443] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
update: [.....1] [ip4][..udp] [.......10.0.0.1][38388] -> [..149.56.228.45][..443] [DNScrypt][Network][Safe]
update: [.....5] [ip4][..udp] [.......10.0.0.1][35228] -> [..149.56.228.45][..443] [DNScrypt][Network][Safe]
update: [.....2] [ip4][..udp] [.......10.0.0.1][45722] -> [..149.56.228.45][..443] [DNScrypt][Network][Safe]
@@ -202,37 +182,28 @@
detected: [....76] [ip4][..udp] [.......10.0.0.1][51770] -> [205.185.116.116][..553] [DNScrypt][Network][Safe]
new: [....77] [ip4][..udp] [.......10.0.0.1][38278] -> [205.185.116.116][..553]
detected: [....77] [ip4][..udp] [.......10.0.0.1][38278] -> [205.185.116.116][..553] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
new: [....78] [ip4][..udp] [.......10.0.0.1][55822] -> [205.185.116.116][..553]
detected: [....78] [ip4][..udp] [.......10.0.0.1][55822] -> [205.185.116.116][..553] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
new: [....79] [ip4][..udp] [.......10.0.0.1][55834] -> [..52.65.235.129][..443]
detected: [....79] [ip4][..udp] [.......10.0.0.1][55834] -> [..52.65.235.129][..443] [DNScrypt][Network][Safe]
new: [....80] [ip4][..udp] [.......10.0.0.1][46313] -> [..52.65.235.129][..443]
detected: [....80] [ip4][..udp] [.......10.0.0.1][46313] -> [..52.65.235.129][..443] [DNScrypt][Network][Safe]
new: [....81] [ip4][..udp] [.......10.0.0.1][52911] -> [..52.65.235.129][..443]
detected: [....81] [ip4][..udp] [.......10.0.0.1][52911] -> [..52.65.235.129][..443] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
new: [....82] [ip4][..udp] [.......10.0.0.1][47685] -> [..52.65.235.129][..443]
detected: [....82] [ip4][..udp] [.......10.0.0.1][47685] -> [..52.65.235.129][..443] [DNScrypt][Network][Safe]
new: [....83] [ip4][..udp] [.......10.0.0.1][55979] -> [..52.65.235.129][..443]
detected: [....83] [ip4][..udp] [.......10.0.0.1][55979] -> [..52.65.235.129][..443] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
new: [....84] [ip4][..udp] [.......10.0.0.1][55409] -> [..52.65.235.129][..443]
detected: [....84] [ip4][..udp] [.......10.0.0.1][55409] -> [..52.65.235.129][..443] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
new: [....85] [ip4][..udp] [.......10.0.0.1][38812] -> [....51.15.62.65][..443]
detected: [....85] [ip4][..udp] [.......10.0.0.1][38812] -> [....51.15.62.65][..443] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
new: [....86] [ip4][..udp] [.......10.0.0.1][45993] -> [....51.15.62.65][..443]
detected: [....86] [ip4][..udp] [.......10.0.0.1][45993] -> [....51.15.62.65][..443] [DNScrypt][Network][Safe]
new: [....87] [ip4][..udp] [.......10.0.0.1][56688] -> [....51.15.62.65][..443]
detected: [....87] [ip4][..udp] [.......10.0.0.1][56688] -> [....51.15.62.65][..443] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
new: [....88] [ip4][..udp] [.......10.0.0.1][33521] -> [....51.15.62.65][..443]
detected: [....88] [ip4][..udp] [.......10.0.0.1][33521] -> [....51.15.62.65][..443] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
new: [....89] [ip4][..udp] [.......10.0.0.1][43714] -> [....51.15.62.65][..443]
detected: [....89] [ip4][..udp] [.......10.0.0.1][43714] -> [....51.15.62.65][..443] [DNScrypt][Network][Safe]
new: [....90] [ip4][..udp] [.......10.0.0.1][60735] -> [....51.15.62.65][..443]
@@ -241,97 +212,78 @@
detected: [....91] [ip4][..udp] [.......10.0.0.1][41913] -> [..45.153.187.96][.4343] [DNScrypt][Network][Safe]
new: [....92] [ip4][..udp] [.......10.0.0.1][37890] -> [..45.153.187.96][.4343]
detected: [....92] [ip4][..udp] [.......10.0.0.1][37890] -> [..45.153.187.96][.4343] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
new: [....93] [ip4][..udp] [.......10.0.0.1][45987] -> [..45.153.187.96][.4343]
detected: [....93] [ip4][..udp] [.......10.0.0.1][45987] -> [..45.153.187.96][.4343] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
new: [....94] [ip4][..udp] [.......10.0.0.1][46063] -> [..45.153.187.96][.4343]
detected: [....94] [ip4][..udp] [.......10.0.0.1][46063] -> [..45.153.187.96][.4343] [DNScrypt][Network][Safe]
new: [....95] [ip4][..udp] [.......10.0.0.1][43129] -> [..45.153.187.96][.4343]
detected: [....95] [ip4][..udp] [.......10.0.0.1][43129] -> [..45.153.187.96][.4343] [DNScrypt][Network][Safe]
new: [....96] [ip4][..udp] [.......10.0.0.1][40451] -> [..45.153.187.96][.4343]
detected: [....96] [ip4][..udp] [.......10.0.0.1][40451] -> [..45.153.187.96][.4343] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
new: [....97] [ip4][..udp] [.......10.0.0.1][55896] -> [...66.85.30.115][..443]
detected: [....97] [ip4][..udp] [.......10.0.0.1][55896] -> [...66.85.30.115][..443] [DNScrypt][Network][Safe]
new: [....98] [ip4][..udp] [.......10.0.0.1][48448] -> [...66.85.30.115][..443]
detected: [....98] [ip4][..udp] [.......10.0.0.1][48448] -> [...66.85.30.115][..443] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
new: [....99] [ip4][..udp] [.......10.0.0.1][40099] -> [...66.85.30.115][..443]
detected: [....99] [ip4][..udp] [.......10.0.0.1][40099] -> [...66.85.30.115][..443] [DNScrypt][Network][Safe]
new: [...100] [ip4][..udp] [.......10.0.0.1][47432] -> [...66.85.30.115][..443]
detected: [...100] [ip4][..udp] [.......10.0.0.1][47432] -> [...66.85.30.115][..443] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
new: [...101] [ip4][..udp] [.......10.0.0.1][54112] -> [...66.85.30.115][..443]
detected: [...101] [ip4][..udp] [.......10.0.0.1][54112] -> [...66.85.30.115][..443] [DNScrypt][Network][Safe]
new: [...102] [ip4][..udp] [.......10.0.0.1][35634] -> [...66.85.30.115][..443]
detected: [...102] [ip4][..udp] [.......10.0.0.1][35634] -> [...66.85.30.115][..443] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
new: [...103] [ip4][..udp] [.......10.0.0.1][46255] -> [..93.95.226.165][..443]
detected: [...103] [ip4][..udp] [.......10.0.0.1][46255] -> [..93.95.226.165][..443] [DNScrypt][Network][Safe]
new: [...104] [ip4][..udp] [.......10.0.0.1][49186] -> [..93.95.226.165][..443]
detected: [...104] [ip4][..udp] [.......10.0.0.1][49186] -> [..93.95.226.165][..443] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
new: [...105] [ip4][..udp] [.......10.0.0.1][58113] -> [..93.95.226.165][..443]
detected: [...105] [ip4][..udp] [.......10.0.0.1][58113] -> [..93.95.226.165][..443] [DNScrypt][Network][Safe]
new: [...106] [ip4][..udp] [.......10.0.0.1][42156] -> [..93.95.226.165][..443]
detected: [...106] [ip4][..udp] [.......10.0.0.1][42156] -> [..93.95.226.165][..443] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
new: [...107] [ip4][..udp] [.......10.0.0.1][58936] -> [..93.95.226.165][..443]
detected: [...107] [ip4][..udp] [.......10.0.0.1][58936] -> [..93.95.226.165][..443] [DNScrypt][Network][Safe]
new: [...108] [ip4][..udp] [.......10.0.0.1][40595] -> [..93.95.226.165][..443]
detected: [...108] [ip4][..udp] [.......10.0.0.1][40595] -> [..93.95.226.165][..443] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
new: [...109] [ip4][..udp] [.......10.0.0.1][37035] -> [..51.158.166.97][..443]
detected: [...109] [ip4][..udp] [.......10.0.0.1][37035] -> [..51.158.166.97][..443] [DNScrypt][Network][Safe]
new: [...110] [ip4][..udp] [.......10.0.0.1][47257] -> [..51.158.166.97][..443]
detected: [...110] [ip4][..udp] [.......10.0.0.1][47257] -> [..51.158.166.97][..443] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
new: [...111] [ip4][..udp] [.......10.0.0.1][46066] -> [..51.158.166.97][..443]
detected: [...111] [ip4][..udp] [.......10.0.0.1][46066] -> [..51.158.166.97][..443] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
new: [...112] [ip4][..udp] [.......10.0.0.1][56494] -> [..51.158.166.97][..443]
detected: [...112] [ip4][..udp] [.......10.0.0.1][56494] -> [..51.158.166.97][..443] [DNScrypt][Network][Safe]
new: [...113] [ip4][..udp] [.......10.0.0.1][60334] -> [..51.158.166.97][..443]
detected: [...113] [ip4][..udp] [.......10.0.0.1][60334] -> [..51.158.166.97][..443] [DNScrypt][Network][Safe]
new: [...114] [ip4][..udp] [.......10.0.0.1][48065] -> [..51.158.166.97][..443]
detected: [...114] [ip4][..udp] [.......10.0.0.1][48065] -> [..51.158.166.97][..443] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
new: [...115] [ip4][..udp] [.......10.0.0.1][41717] -> [.176.56.237.171][..443]
detected: [...115] [ip4][..udp] [.......10.0.0.1][41717] -> [.176.56.237.171][..443] [DNScrypt][Network][Safe]
new: [...116] [ip4][..udp] [.......10.0.0.1][55046] -> [.176.56.237.171][..443]
detected: [...116] [ip4][..udp] [.......10.0.0.1][55046] -> [.176.56.237.171][..443] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
new: [...117] [ip4][..udp] [.......10.0.0.1][51363] -> [.176.56.237.171][..443]
detected: [...117] [ip4][..udp] [.......10.0.0.1][51363] -> [.176.56.237.171][..443] [DNScrypt][Network][Safe]
new: [...118] [ip4][..udp] [.......10.0.0.1][36676] -> [.176.56.237.171][..443]
detected: [...118] [ip4][..udp] [.......10.0.0.1][36676] -> [.176.56.237.171][..443] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
new: [...119] [ip4][..udp] [.......10.0.0.1][49008] -> [.176.56.237.171][..443]
detected: [...119] [ip4][..udp] [.......10.0.0.1][49008] -> [.176.56.237.171][..443] [DNScrypt][Network][Safe]
new: [...120] [ip4][..udp] [.......10.0.0.1][48325] -> [.176.56.237.171][..443]
detected: [...120] [ip4][..udp] [.......10.0.0.1][48325] -> [.176.56.237.171][..443] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
new: [...121] [ip4][..udp] [.......10.0.0.1][60091] -> [178.216.201.222][.2053]
detected: [...121] [ip4][..udp] [.......10.0.0.1][60091] -> [178.216.201.222][.2053] [DNScrypt][Network][Safe]
new: [...122] [ip4][..udp] [.......10.0.0.1][52356] -> [178.216.201.222][.2053]
detected: [...122] [ip4][..udp] [.......10.0.0.1][52356] -> [178.216.201.222][.2053] [DNScrypt][Network][Safe]
new: [...123] [ip4][..udp] [.......10.0.0.1][53117] -> [178.216.201.222][.2053]
detected: [...123] [ip4][..udp] [.......10.0.0.1][53117] -> [178.216.201.222][.2053] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
new: [...124] [ip4][..udp] [.......10.0.0.1][52221] -> [178.216.201.222][.2053]
detected: [...124] [ip4][..udp] [.......10.0.0.1][52221] -> [178.216.201.222][.2053] [DNScrypt][Network][Safe]
new: [...125] [ip4][..udp] [.......10.0.0.1][38594] -> [178.216.201.222][.2053]
detected: [...125] [ip4][..udp] [.......10.0.0.1][38594] -> [178.216.201.222][.2053] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
new: [...126] [ip4][..udp] [.......10.0.0.1][58740] -> [178.216.201.222][.2053]
detected: [...126] [ip4][..udp] [.......10.0.0.1][58740] -> [178.216.201.222][.2053] [DNScrypt][Network][Safe]
new: [...127] [ip4][..udp] [.......10.0.0.1][43224] -> [...45.76.113.31][..443]
detected: [...127] [ip4][..udp] [.......10.0.0.1][43224] -> [...45.76.113.31][..443] [DNScrypt][Network][Safe]
new: [...128] [ip4][..udp] [.......10.0.0.1][55267] -> [...45.76.113.31][..443]
detected: [...128] [ip4][..udp] [.......10.0.0.1][55267] -> [...45.76.113.31][..443] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
new: [...129] [ip4][..udp] [.......10.0.0.1][51589] -> [...45.76.113.31][..443]
detected: [...129] [ip4][..udp] [.......10.0.0.1][51589] -> [...45.76.113.31][..443] [DNScrypt][Network][Safe]
new: [...130] [ip4][..udp] [.......10.0.0.1][43776] -> [...45.76.113.31][..443]
@@ -340,21 +292,16 @@
detected: [...131] [ip4][..udp] [.......10.0.0.1][59707] -> [...45.76.113.31][..443] [DNScrypt][Network][Safe]
new: [...132] [ip4][..udp] [.......10.0.0.1][52069] -> [...45.76.113.31][..443]
detected: [...132] [ip4][..udp] [.......10.0.0.1][52069] -> [...45.76.113.31][..443] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
new: [...133] [ip4][..udp] [.......10.0.0.1][53876] -> [..151.80.222.79][..443]
detected: [...133] [ip4][..udp] [.......10.0.0.1][53876] -> [..151.80.222.79][..443] [DNScrypt][Network][Safe]
new: [...134] [ip4][..udp] [.......10.0.0.1][45497] -> [..151.80.222.79][..443]
detected: [...134] [ip4][..udp] [.......10.0.0.1][45497] -> [..151.80.222.79][..443] [DNScrypt][Network][Safe]
new: [...135] [ip4][..udp] [.......10.0.0.1][47729] -> [..151.80.222.79][..443]
detected: [...135] [ip4][..udp] [.......10.0.0.1][47729] -> [..151.80.222.79][..443] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
new: [...136] [ip4][..udp] [.......10.0.0.1][52040] -> [..151.80.222.79][..443]
detected: [...136] [ip4][..udp] [.......10.0.0.1][52040] -> [..151.80.222.79][..443] [DNScrypt][Network][Safe]
new: [...137] [ip4][..udp] [.......10.0.0.1][57636] -> [..151.80.222.79][..443]
detected: [...137] [ip4][..udp] [.......10.0.0.1][57636] -> [..151.80.222.79][..443] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
new: [...138] [ip4][..udp] [.......10.0.0.1][38511] -> [..151.80.222.79][..443]
detected: [...138] [ip4][..udp] [.......10.0.0.1][38511] -> [..151.80.222.79][..443] [DNScrypt][Network][Safe]
new: [...139] [ip4][..udp] [.......10.0.0.1][59011] -> [...142.4.205.47][..443]
@@ -363,13 +310,10 @@
detected: [...140] [ip4][..udp] [.......10.0.0.1][50387] -> [...142.4.205.47][..443] [DNScrypt][Network][Safe]
new: [...141] [ip4][..udp] [.......10.0.0.1][40138] -> [...142.4.205.47][..443]
detected: [...141] [ip4][..udp] [.......10.0.0.1][40138] -> [...142.4.205.47][..443] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
new: [...142] [ip4][..udp] [.......10.0.0.1][51935] -> [...142.4.205.47][..443]
detected: [...142] [ip4][..udp] [.......10.0.0.1][51935] -> [...142.4.205.47][..443] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
new: [...143] [ip4][..udp] [.......10.0.0.1][54096] -> [...142.4.205.47][..443]
detected: [...143] [ip4][..udp] [.......10.0.0.1][54096] -> [...142.4.205.47][..443] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
new: [...144] [ip4][..udp] [.......10.0.0.1][35903] -> [...142.4.205.47][..443]
detected: [...144] [ip4][..udp] [.......10.0.0.1][35903] -> [...142.4.205.47][..443] [DNScrypt][Network][Safe]
new: [...145] [ip4][..udp] [.......10.0.0.1][37328] -> [193.191.187.107][..443]
@@ -378,43 +322,40 @@
detected: [...146] [ip4][..udp] [.......10.0.0.1][35885] -> [193.191.187.107][..443] [DNScrypt][Network][Safe]
new: [...147] [ip4][..udp] [.......10.0.0.1][33279] -> [193.191.187.107][..443]
detected: [...147] [ip4][..udp] [.......10.0.0.1][33279] -> [193.191.187.107][..443] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
new: [...148] [ip4][..udp] [.......10.0.0.1][54215] -> [193.191.187.107][..443]
detected: [...148] [ip4][..udp] [.......10.0.0.1][54215] -> [193.191.187.107][..443] [DNScrypt][Network][Safe]
new: [...149] [ip4][..udp] [.......10.0.0.1][49040] -> [193.191.187.107][..443]
detected: [...149] [ip4][..udp] [.......10.0.0.1][49040] -> [193.191.187.107][..443] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
new: [...150] [ip4][..udp] [.......10.0.0.1][49115] -> [193.191.187.107][..443]
detected: [...150] [ip4][..udp] [.......10.0.0.1][49115] -> [193.191.187.107][..443] [DNScrypt][Network][Safe]
new: [...151] [ip4][..udp] [.......10.0.0.1][45375] -> [..51.15.124.208][.4343]
detected: [...151] [ip4][..udp] [.......10.0.0.1][45375] -> [..51.15.124.208][.4343] [DNScrypt][Network][Safe]
new: [...152] [ip4][..udp] [.......10.0.0.1][49975] -> [..51.15.124.208][.4343]
detected: [...152] [ip4][..udp] [.......10.0.0.1][49975] -> [..51.15.124.208][.4343] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16]
new: [...153] [ip4][..udp] [.......10.0.0.1][38310] -> [..51.15.124.208][.4343]
detected: [...153] [ip4][..udp] [.......10.0.0.1][38310] -> [..51.15.124.208][.4343] [DNScrypt][Network][Safe]
new: [...154] [ip4][..udp] [.......10.0.0.1][55768] -> [..51.15.124.208][.4343]
detected: [...154] [ip4][..udp] [.......10.0.0.1][55768] -> [..51.15.124.208][.4343] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [2/16]
new: [...155] [ip4][..udp] [.......10.0.0.1][39910] -> [..51.15.124.208][.4343]
detected: [...155] [ip4][..udp] [.......10.0.0.1][39910] -> [..51.15.124.208][.4343] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [3/16]
new: [...156] [ip4][..udp] [.......10.0.0.1][53887] -> [..51.15.124.208][.4343]
detected: [...156] [ip4][..udp] [.......10.0.0.1][53887] -> [..51.15.124.208][.4343] [DNScrypt][Network][Safe]
new: [...157] [ip4][..udp] [.......10.0.0.1][36930] -> [167.114.220.125][..443]
detected: [...157] [ip4][..udp] [.......10.0.0.1][36930] -> [167.114.220.125][..443] [DNScrypt][Network][Safe]
new: [...158] [ip4][..udp] [.......10.0.0.1][38508] -> [167.114.220.125][..443]
detected: [...158] [ip4][..udp] [.......10.0.0.1][38508] -> [167.114.220.125][..443] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [4/16]
new: [...159] [ip4][..udp] [.......10.0.0.1][39816] -> [167.114.220.125][..443]
detected: [...159] [ip4][..udp] [.......10.0.0.1][39816] -> [167.114.220.125][..443] [DNScrypt][Network][Safe]
new: [...160] [ip4][..udp] [.......10.0.0.1][45613] -> [167.114.220.125][..443]
detected: [...160] [ip4][..udp] [.......10.0.0.1][45613] -> [167.114.220.125][..443] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [5/16]
new: [...161] [ip4][..udp] [.......10.0.0.1][59589] -> [167.114.220.125][..443]
detected: [...161] [ip4][..udp] [.......10.0.0.1][59589] -> [167.114.220.125][..443] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [6/16]
new: [...162] [ip4][..udp] [.......10.0.0.1][45747] -> [167.114.220.125][..443]
detected: [...162] [ip4][..udp] [.......10.0.0.1][45747] -> [167.114.220.125][..443] [DNScrypt][Network][Safe]
new: [...163] [ip4][..udp] [.......10.0.0.1][35734] -> [..5.189.170.196][..465]
@@ -423,45 +364,45 @@
detected: [...164] [ip4][..udp] [.......10.0.0.1][44496] -> [..5.189.170.196][..465] [DNScrypt][Network][Safe]
new: [...165] [ip4][..udp] [.......10.0.0.1][58104] -> [..5.189.170.196][..465]
detected: [...165] [ip4][..udp] [.......10.0.0.1][58104] -> [..5.189.170.196][..465] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [7/16]
new: [...166] [ip4][..udp] [.......10.0.0.1][40748] -> [..5.189.170.196][..465]
detected: [...166] [ip4][..udp] [.......10.0.0.1][40748] -> [..5.189.170.196][..465] [DNScrypt][Network][Safe]
new: [...167] [ip4][..udp] [.......10.0.0.1][58650] -> [..5.189.170.196][..465]
detected: [...167] [ip4][..udp] [.......10.0.0.1][58650] -> [..5.189.170.196][..465] [DNScrypt][Network][Safe]
new: [...168] [ip4][..udp] [.......10.0.0.1][59749] -> [..5.189.170.196][..465]
detected: [...168] [ip4][..udp] [.......10.0.0.1][59749] -> [..5.189.170.196][..465] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [8/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [9/16]
new: [...169] [ip4][..udp] [.......10.0.0.1][38709] -> [.185.253.154.66][.4343]
detected: [...169] [ip4][..udp] [.......10.0.0.1][38709] -> [.185.253.154.66][.4343] [DNScrypt][Network][Safe]
new: [...170] [ip4][..udp] [.......10.0.0.1][44469] -> [.185.253.154.66][.4343]
detected: [...170] [ip4][..udp] [.......10.0.0.1][44469] -> [.185.253.154.66][.4343] [DNScrypt][Network][Safe]
new: [...171] [ip4][..udp] [.......10.0.0.1][45815] -> [.185.253.154.66][.4343]
detected: [...171] [ip4][..udp] [.......10.0.0.1][45815] -> [.185.253.154.66][.4343] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16]
new: [...172] [ip4][..udp] [.......10.0.0.1][43540] -> [.185.253.154.66][.4343]
detected: [...172] [ip4][..udp] [.......10.0.0.1][43540] -> [.185.253.154.66][.4343] [DNScrypt][Network][Safe]
new: [...173] [ip4][..udp] [.......10.0.0.1][48159] -> [.185.253.154.66][.4343]
detected: [...173] [ip4][..udp] [.......10.0.0.1][48159] -> [.185.253.154.66][.4343] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [2/16]
new: [...174] [ip4][..udp] [.......10.0.0.1][38482] -> [.185.253.154.66][.4343]
detected: [...174] [ip4][..udp] [.......10.0.0.1][38482] -> [.185.253.154.66][.4343] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [3/16]
new: [...175] [ip4][..udp] [.......10.0.0.1][51647] -> [..142.4.204.111][..443]
detected: [...175] [ip4][..udp] [.......10.0.0.1][51647] -> [..142.4.204.111][..443] [DNScrypt][Network][Safe]
new: [...176] [ip4][..udp] [.......10.0.0.1][59224] -> [..142.4.204.111][..443]
detected: [...176] [ip4][..udp] [.......10.0.0.1][59224] -> [..142.4.204.111][..443] [DNScrypt][Network][Safe]
new: [...177] [ip4][..udp] [.......10.0.0.1][41895] -> [..142.4.204.111][..443]
detected: [...177] [ip4][..udp] [.......10.0.0.1][41895] -> [..142.4.204.111][..443] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [4/16]
new: [...178] [ip4][..udp] [.......10.0.0.1][46363] -> [..142.4.204.111][..443]
detected: [...178] [ip4][..udp] [.......10.0.0.1][46363] -> [..142.4.204.111][..443] [DNScrypt][Network][Safe]
new: [...179] [ip4][..udp] [.......10.0.0.1][57180] -> [..142.4.204.111][..443]
detected: [...179] [ip4][..udp] [.......10.0.0.1][57180] -> [..142.4.204.111][..443] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [5/16]
new: [...180] [ip4][..udp] [.......10.0.0.1][47621] -> [..142.4.204.111][..443]
detected: [...180] [ip4][..udp] [.......10.0.0.1][47621] -> [..142.4.204.111][..443] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [6/16]
update: [....10] [ip4][..udp] [.......10.0.0.1][43748] -> [..62.210.180.71][.1053] [DNScrypt][Network][Safe]
update: [.....8] [ip4][..udp] [.......10.0.0.1][52636] -> [..62.210.180.71][.1053] [DNScrypt][Network][Safe]
update: [.....7] [ip4][..udp] [.......10.0.0.1][51004] -> [..62.210.180.71][.1053] [DNScrypt][Network][Safe]
@@ -474,15 +415,15 @@
detected: [...182] [ip4][..udp] [.......10.0.0.1][34228] -> [.212.47.228.136][..443] [DNScrypt][Network][Safe]
new: [...183] [ip4][..udp] [.......10.0.0.1][52056] -> [.212.47.228.136][..443]
detected: [...183] [ip4][..udp] [.......10.0.0.1][52056] -> [.212.47.228.136][..443] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16]
new: [...184] [ip4][..udp] [.......10.0.0.1][40775] -> [.212.47.228.136][..443]
detected: [...184] [ip4][..udp] [.......10.0.0.1][40775] -> [.212.47.228.136][..443] [DNScrypt][Network][Safe]
new: [...185] [ip4][..udp] [.......10.0.0.1][56335] -> [.212.47.228.136][..443]
detected: [...185] [ip4][..udp] [.......10.0.0.1][56335] -> [.212.47.228.136][..443] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [2/16]
new: [...186] [ip4][..udp] [.......10.0.0.1][60885] -> [.212.47.228.136][..443]
detected: [...186] [ip4][..udp] [.......10.0.0.1][60885] -> [.212.47.228.136][..443] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [3/16]
new: [...187] [ip4][..udp] [.......10.0.0.1][58948] -> [....85.5.93.230][.8443]
detected: [...187] [ip4][..udp] [.......10.0.0.1][58948] -> [....85.5.93.230][.8443] [DNScrypt][Network][Safe]
new: [...188] [ip4][..udp] [.......10.0.0.1][50403] -> [....85.5.93.230][.8443]
@@ -491,13 +432,13 @@
detected: [...189] [ip4][..udp] [.......10.0.0.1][46646] -> [....85.5.93.230][.8443] [DNScrypt][Network][Safe]
new: [...190] [ip4][..udp] [.......10.0.0.1][57090] -> [....85.5.93.230][.8443]
detected: [...190] [ip4][..udp] [.......10.0.0.1][57090] -> [....85.5.93.230][.8443] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [4/16]
new: [...191] [ip4][..udp] [.......10.0.0.1][51826] -> [....85.5.93.230][.8443]
detected: [...191] [ip4][..udp] [.......10.0.0.1][51826] -> [....85.5.93.230][.8443] [DNScrypt][Network][Safe]
new: [...192] [ip4][..udp] [.......10.0.0.1][39259] -> [....85.5.93.230][.8443]
detected: [...192] [ip4][..udp] [.......10.0.0.1][39259] -> [....85.5.93.230][.8443] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [5/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [6/16]
update: [....51] [ip4][..udp] [.......10.0.0.1][34885] -> [...195.30.94.28][.8443] [DNScrypt][Network][Safe]
update: [....47] [ip4][..udp] [.......10.0.0.1][37595] -> [.139.59.200.116][..443] [DNScrypt][Network][Safe]
update: [....96] [ip4][..udp] [.......10.0.0.1][40451] -> [..45.153.187.96][.4343] [DNScrypt][Network][Safe]
@@ -648,50 +589,50 @@
detected: [...194] [ip4][..udp] [.......10.0.0.1][40374] -> [..139.99.222.72][.8443] [DNScrypt][Network][Safe]
new: [...195] [ip4][..udp] [.......10.0.0.1][51509] -> [..139.99.222.72][.8443]
detected: [...195] [ip4][..udp] [.......10.0.0.1][51509] -> [..139.99.222.72][.8443] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16]
new: [...196] [ip4][..udp] [.......10.0.0.1][45682] -> [..139.99.222.72][.8443]
detected: [...196] [ip4][..udp] [.......10.0.0.1][45682] -> [..139.99.222.72][.8443] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [2/16]
new: [...197] [ip4][..udp] [.......10.0.0.1][59400] -> [..139.99.222.72][.8443]
detected: [...197] [ip4][..udp] [.......10.0.0.1][59400] -> [..139.99.222.72][.8443] [DNScrypt][Network][Safe]
new: [...198] [ip4][..udp] [.......10.0.0.1][49796] -> [..139.99.222.72][.8443]
detected: [...198] [ip4][..udp] [.......10.0.0.1][49796] -> [..139.99.222.72][.8443] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [3/16]
new: [...199] [ip4][..udp] [.......10.0.0.1][48300] -> [.144.91.106.227][..443]
detected: [...199] [ip4][..udp] [.......10.0.0.1][48300] -> [.144.91.106.227][..443] [DNScrypt][Network][Safe]
new: [...200] [ip4][..udp] [.......10.0.0.1][41108] -> [.144.91.106.227][..443]
detected: [...200] [ip4][..udp] [.......10.0.0.1][41108] -> [.144.91.106.227][..443] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [4/16]
new: [...201] [ip4][..udp] [.......10.0.0.1][48237] -> [.144.91.106.227][..443]
detected: [...201] [ip4][..udp] [.......10.0.0.1][48237] -> [.144.91.106.227][..443] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [5/16]
new: [...202] [ip4][..udp] [.......10.0.0.1][54305] -> [.144.91.106.227][..443]
detected: [...202] [ip4][..udp] [.......10.0.0.1][54305] -> [.144.91.106.227][..443] [DNScrypt][Network][Safe]
new: [...203] [ip4][..udp] [.......10.0.0.1][55469] -> [.144.91.106.227][..443]
detected: [...203] [ip4][..udp] [.......10.0.0.1][55469] -> [.144.91.106.227][..443] [DNScrypt][Network][Safe]
new: [...204] [ip4][..udp] [.......10.0.0.1][54204] -> [.144.91.106.227][..443]
detected: [...204] [ip4][..udp] [.......10.0.0.1][54204] -> [.144.91.106.227][..443] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [6/16]
new: [...205] [ip4][..udp] [.......10.0.0.1][33293] -> [..46.227.200.55][.8443]
detected: [...205] [ip4][..udp] [.......10.0.0.1][33293] -> [..46.227.200.55][.8443] [DNScrypt][Network][Safe]
new: [...206] [ip4][..udp] [.......10.0.0.1][38242] -> [..46.227.200.55][.8443]
detected: [...206] [ip4][..udp] [.......10.0.0.1][38242] -> [..46.227.200.55][.8443] [DNScrypt][Network][Safe]
new: [...207] [ip4][..udp] [.......10.0.0.1][33246] -> [..46.227.200.55][.8443]
detected: [...207] [ip4][..udp] [.......10.0.0.1][33246] -> [..46.227.200.55][.8443] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [7/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [8/16]
new: [...208] [ip4][..udp] [.......10.0.0.1][50277] -> [..46.227.200.55][.8443]
detected: [...208] [ip4][..udp] [.......10.0.0.1][50277] -> [..46.227.200.55][.8443] [DNScrypt][Network][Safe]
new: [...209] [ip4][..udp] [.......10.0.0.1][44161] -> [..46.227.200.55][.8443]
detected: [...209] [ip4][..udp] [.......10.0.0.1][44161] -> [..46.227.200.55][.8443] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [9/16]
new: [...210] [ip4][..udp] [.......10.0.0.1][49177] -> [..46.227.200.55][.8443]
detected: [...210] [ip4][..udp] [.......10.0.0.1][49177] -> [..46.227.200.55][.8443] [DNScrypt][Network][Safe]
new: [...211] [ip4][..udp] [.......10.0.0.1][54375] -> [..107.170.57.34][..443]
detected: [...211] [ip4][..udp] [.......10.0.0.1][54375] -> [..107.170.57.34][..443] [DNScrypt][Network][Safe]
new: [...212] [ip4][..udp] [.......10.0.0.1][55185] -> [..107.170.57.34][..443]
detected: [...212] [ip4][..udp] [.......10.0.0.1][55185] -> [..107.170.57.34][..443] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [10/16]
new: [...213] [ip4][..udp] [.......10.0.0.1][36335] -> [..107.170.57.34][..443]
detected: [...213] [ip4][..udp] [.......10.0.0.1][36335] -> [..107.170.57.34][..443] [DNScrypt][Network][Safe]
new: [...214] [ip4][..udp] [.......10.0.0.1][37287] -> [..107.170.57.34][..443]
@@ -700,8 +641,8 @@
detected: [...215] [ip4][..udp] [.......10.0.0.1][33143] -> [..107.170.57.34][..443] [DNScrypt][Network][Safe]
new: [...216] [ip4][..udp] [.......10.0.0.1][42141] -> [..107.170.57.34][..443]
detected: [...216] [ip4][..udp] [.......10.0.0.1][42141] -> [..107.170.57.34][..443] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [11/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [12/16]
new: [...217] [ip4][..udp] [.......10.0.0.1][56988] -> [185.193.127.244][..443]
detected: [...217] [ip4][..udp] [.......10.0.0.1][56988] -> [185.193.127.244][..443] [DNScrypt][Network][Safe]
new: [...218] [ip4][..udp] [.......10.0.0.1][50062] -> [185.193.127.244][..443]
@@ -710,13 +651,13 @@
detected: [...219] [ip4][..udp] [.......10.0.0.1][59354] -> [185.193.127.244][..443] [DNScrypt][Network][Safe]
new: [...220] [ip4][..udp] [.......10.0.0.1][54920] -> [185.193.127.244][..443]
detected: [...220] [ip4][..udp] [.......10.0.0.1][54920] -> [185.193.127.244][..443] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [13/16]
new: [...221] [ip4][..udp] [.......10.0.0.1][46314] -> [185.193.127.244][..443]
detected: [...221] [ip4][..udp] [.......10.0.0.1][46314] -> [185.193.127.244][..443] [DNScrypt][Network][Safe]
new: [...222] [ip4][..udp] [.......10.0.0.1][47971] -> [185.193.127.244][..443]
detected: [...222] [ip4][..udp] [.......10.0.0.1][47971] -> [185.193.127.244][..443] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [14/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [15/16]
new: [...223] [ip4][..udp] [.......10.0.0.1][49568] -> [...77.66.84.233][..443]
detected: [...223] [ip4][..udp] [.......10.0.0.1][49568] -> [...77.66.84.233][..443] [DNScrypt][Network][Safe]
new: [...224] [ip4][..udp] [.......10.0.0.1][46140] -> [...77.66.84.233][..443]
@@ -725,13 +666,11 @@
detected: [...225] [ip4][..udp] [.......10.0.0.1][40209] -> [...77.66.84.233][..443] [DNScrypt][Network][Safe]
new: [...226] [ip4][..udp] [.......10.0.0.1][49732] -> [...77.66.84.233][..443]
detected: [...226] [ip4][..udp] [.......10.0.0.1][49732] -> [...77.66.84.233][..443] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [16/16]
new: [...227] [ip4][..udp] [.......10.0.0.1][50757] -> [...77.66.84.233][..443]
detected: [...227] [ip4][..udp] [.......10.0.0.1][50757] -> [...77.66.84.233][..443] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
new: [...228] [ip4][..udp] [.......10.0.0.1][57109] -> [...77.66.84.233][..443]
detected: [...228] [ip4][..udp] [.......10.0.0.1][57109] -> [...77.66.84.233][..443] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
update: [...159] [ip4][..udp] [.......10.0.0.1][39816] -> [167.114.220.125][..443] [DNScrypt][Network][Safe]
update: [...175] [ip4][..udp] [.......10.0.0.1][51647] -> [..142.4.204.111][..443] [DNScrypt][Network][Safe]
update: [...168] [ip4][..udp] [.......10.0.0.1][59749] -> [..5.189.170.196][..465] [DNScrypt][Network][Safe]
@@ -778,11 +717,8 @@
detected: [...232] [ip4][..udp] [.......10.0.0.1][53045] -> [..23.111.74.205][..443] [DNScrypt][Network][Safe]
new: [...233] [ip4][..udp] [.......10.0.0.1][34024] -> [..23.111.74.205][..443]
detected: [...233] [ip4][..udp] [.......10.0.0.1][34024] -> [..23.111.74.205][..443] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
new: [...234] [ip4][..udp] [.......10.0.0.1][60113] -> [..23.111.74.205][..443]
detected: [...234] [ip4][..udp] [.......10.0.0.1][60113] -> [..23.111.74.205][..443] [DNScrypt][Network][Safe]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
new: [...235] [ip4][..udp] [.......10.0.0.1][47545] -> [..151.80.222.79][..443]
detected: [...235] [ip4][..udp] [.......10.0.0.1][47545] -> [..151.80.222.79][..443] [DNScrypt][Network][Safe]
new: [...236] [ip4][..udp] [.......10.0.0.1][38660] -> [.144.91.106.227][..443]

193
test/results/flow-info/dos_win98_smb_netbeui.pcap.out
View File

@@ -1,183 +1,60 @@
DAEMON-EVENT: init
DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [1/16]
ERROR-EVENT: Unknown packet type [2/16]
ERROR-EVENT: Unknown packet type [3/16]
ERROR-EVENT: Unknown packet type [4/16]
ERROR-EVENT: Unknown packet type [5/16]
ERROR-EVENT: Unknown packet type [6/16]
ERROR-EVENT: Unknown packet type [7/16]
ERROR-EVENT: Unknown packet type [8/16]
new: [.....1] [ip4][..udp] [192.168.239.129][..137] -> [..192.168.239.2][..137]
detected: [.....1] [ip4][..udp] [192.168.239.129][..137] -> [..192.168.239.2][..137] [NetBIOS][System][Acceptable][mdjr98]
new: [.....2] [ip4][.icmp] [192.168.239.129] -> [......224.0.0.2]
detected: [.....2] [ip4][.icmp] [192.168.239.129] -> [......224.0.0.2] [ICMP][Network][Acceptable]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [9/16]
ERROR-EVENT: Unknown packet type [10/16]
ERROR-EVENT: Unknown packet type [11/16]
new: [.....3] [ip4][..udp] [192.168.239.129][..137] -> [192.168.239.255][..137]
detected: [.....3] [ip4][..udp] [192.168.239.129][..137] -> [192.168.239.255][..137] [NetBIOS][System][Acceptable][mdjr98]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [12/16]
new: [.....4] [ip4][..udp] [192.168.239.129][..138] -> [192.168.239.255][..138]
detected: [.....4] [ip4][..udp] [192.168.239.129][..138] -> [192.168.239.255][..138] [NetBIOS.SMBv1][System][Dangerous][mdjr98]
RISK: Unsafe Protocol
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [13/16]
ERROR-EVENT: Unknown packet type [14/16]
ERROR-EVENT: Unknown packet type [15/16]
ERROR-EVENT: Unknown packet type [16/16]
update: [.....2] [ip4][.icmp] [192.168.239.129] -> [......224.0.0.2] [ICMP][Network][Acceptable]
update: [.....1] [ip4][..udp] [192.168.239.129][..137] -> [..192.168.239.2][..137] [NetBIOS][System][Acceptable]
update: [.....3] [ip4][..udp] [192.168.239.129][..137] -> [192.168.239.255][..137] [NetBIOS][System][Acceptable]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [1/16]
ERROR-EVENT: Unknown packet type [2/16]
ERROR-EVENT: Unknown packet type [3/16]
ERROR-EVENT: Unknown packet type [4/16]
ERROR-EVENT: Unknown packet type [5/16]
ERROR-EVENT: Unknown packet type [6/16]
ERROR-EVENT: Unknown packet type [7/16]
ERROR-EVENT: Unknown packet type [8/16]
ERROR-EVENT: Unknown packet type [9/16]
ERROR-EVENT: Unknown packet type [10/16]
ERROR-EVENT: Unknown packet type [11/16]
ERROR-EVENT: Unknown packet type [12/16]
ERROR-EVENT: Unknown packet type [13/16]
ERROR-EVENT: Unknown packet type [14/16]
ERROR-EVENT: Unknown packet type [15/16]
ERROR-EVENT: Unknown packet type [16/16]
update: [.....4] [ip4][..udp] [192.168.239.129][..138] -> [192.168.239.255][..138] [NetBIOS.SMBv1][System][Dangerous]
RISK: Unsafe Protocol
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
update: [.....2] [ip4][.icmp] [192.168.239.129] -> [......224.0.0.2] [ICMP][Network][Acceptable]
update: [.....1] [ip4][..udp] [192.168.239.129][..137] -> [..192.168.239.2][..137] [NetBIOS][System][Acceptable]
update: [.....3] [ip4][..udp] [192.168.239.129][..137] -> [192.168.239.255][..137] [NetBIOS][System][Acceptable]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
update: [.....4] [ip4][..udp] [192.168.239.129][..138] -> [192.168.239.255][..138] [NetBIOS.SMBv1][System][Dangerous]
RISK: Unsafe Protocol
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [1/16]
ERROR-EVENT: Unknown packet type [2/16]
ERROR-EVENT: Unknown packet type [3/16]
analyse: [.....3] [ip4][..udp] [192.168.239.129][..137] -> [192.168.239.255][..137] [NetBIOS][System][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 96.434| 4.235| 17.262| 297969697.948| 1.500]

158
test/results/flow-info/fuzz-2006-06-26-2594.pcap.out
View File

@@ -16,7 +16,7 @@
new: [.....8] [ip4][..udp] [..192.168.1.110][.2713] -> [....192.168.1.1][...53]
detected: [.....8] [ip4][..udp] [..192.168.1.110][.2713] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][]
RISK: Malformed Packet
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [1/16]
new: [.....9] [ip4][..udp] [....192.168.1.2][.2597] -> [....192.168.1.1][29440]
detection-update: [.....7] [ip4][..udp] [....192.168.1.2][.2713] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk]
new: [....10] [ip4][..udp] [....192.168.1.2][.2714] -> [....192.168.1.1][...53]
@@ -29,13 +29,13 @@
new: [....13] [ip4][..udp] [....192.168.1.2][.2715] -> [....192.168.1.1][...53]
detected: [....13] [ip4][..udp] [....192.168.1.2][.2715] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk]
detection-update: [....13] [ip4][..udp] [....192.168.1.2][.2715] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [1/16]
detection-update: [....13] [ip4][..udp] [....192.168.1.2][.2715] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cyber?ity.dk]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [2/16]
new: [....14] [ip4][..udp] [....192.168.1.2][.2716] -> [....192.168.1.1][...53]
detected: [....14] [ip4][..udp] [....192.168.1.2][.2716] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][1.0.0.127.in-addr.arpa]
new: [....15] [ip4][..udp] [....192.168.1.1][.9587] -> [....192.168.1.2][..156]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [3/16]
new: [....16] [ip4][..udp] [..208.242.33.35][.5060] -> [....192.168.1.2][.5060]
detected: [....16] [ip4][..udp] [..208.242.33.35][.5060] -> [....192.168.1.2][.5060] [SIP][VoIP][Acceptable]
new: [....17] [ip4][..udp] [....192.168.1.2][..138] -> [..192.168.1.251][..138]
@@ -64,10 +64,10 @@
detection-update: [....22] [ip4][..udp] [....192.168.1.2][.2719] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][]
RISK: Malformed Packet
new: [....23] [ip4][..tcp] [....192.168.1.2][.2720] -> [..147.234.1.253][...21]
ERROR-EVENT: Unknown L3 protocol
ERROR-EVENT: Unknown L3 protocol [1/16]
new: [....24] [ip4][..tcp] [..147.234.1.253][...21] -> [....192.169.1.2][.2720] [MIDSTREAM]
new: [....25] [ip4][..tcp] [....192.168.1.2][.2679] -> [..147.234.1.253][...21] [MIDSTREAM]
ERROR-EVENT: Unknown L3 protocol
ERROR-EVENT: Unknown L3 protocol [2/16]
new: [....26] [ip4][..tcp] [..147.234.1.253][...21] -> [......192.2.1.2][.2720] [MIDSTREAM]
new: [....27] [ip4][..tcp] [..147.234.1.253][...21] -> [...192.168.1.66][.2720] [MIDSTREAM]
new: [....28] [ip4][..tcp] [..147.234.1.253][..120] -> [....192.168.1.2][.2720] [MIDSTREAM]
@@ -77,19 +77,19 @@
new: [....32] [ip4][..tcp] [..147.234.1.253][...21] -> [....192.168.1.2][.2732] [MIDSTREAM]
new: [....33] [ip4][..tcp] [..147.234.1.253][.1045] -> [....192.168.1.2][.2720] [MIDSTREAM]
new: [....34] [ip4][..tcp] [..147.234.1.253][...21] -> [...192.168.65.2][.2720] [MIDSTREAM]
ERROR-EVENT: Unknown L3 protocol
ERROR-EVENT: Unknown L3 protocol [3/16]
new: [....35] [ip4][..tcp] [..147.234.1.253][...21] -> [.....84.168.1.2][.2720] [MIDSTREAM]
new: [....36] [ip4][..tcp] [....192.112.1.2][.2720] -> [..147.234.1.253][...21] [MIDSTREAM]
new: [....37] [ip4][..170] [170.170.170.170] -> [170.170.170.170]
new: [....38] [ip4][..tcp] [....192.168.1.2][.2720] -> [..147.117.1.253][...21] [MIDSTREAM]
new: [....39] [ip4][..tcp] [....192.168.1.6][.2721] -> [..147.234.1.253][58999]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [4/16]
new: [....40] [ip4][..tcp] [...37.115.0.253][58999] -> [....192.168.1.2][.2721]
ERROR-EVENT: TCP packet smaller than expected
ERROR-EVENT: TCP packet smaller than expected [5/16]
new: [....41] [ip4][..tcp] [....192.168.1.2][.2721] -> [..147.234.1.253][58999] [MIDSTREAM]
new: [....42] [ip4][..tcp] [..147.234.1.253][58999] -> [....192.232.1.2][.2721] [MIDSTREAM]
new: [....43] [ip4][..tcp] [.....37.115.0.2][.2639] -> [..147.234.1.253][...21] [MIDSTREAM]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [6/16]
update: [....16] [ip4][..udp] [..208.242.33.35][.5060] -> [....192.168.1.2][.5060] [SIP][VoIP][Acceptable]
update: [....14] [ip4][..udp] [....192.168.1.2][.2716] -> [....192.168.1.1][...53]
update: [....15] [ip4][..udp] [....192.168.1.1][.9587] -> [....192.168.1.2][..156]
@@ -97,7 +97,7 @@
detected: [....44] [ip4][..udp] [....192.168.1.2][.2722] -> [....192.136.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk]
new: [....45] [ip4][..udp] [....192.168.1.2][.2722] -> [....192.168.1.1][...53]
detected: [....45] [ip4][..udp] [....192.168.1.2][.2722] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16]
update: [.....4] [ip4][..udp] [....192.168.1.2][.2712] -> [...192.37.115.0][...53]
update: [.....1] [ip4][..udp] [....192.168.1.2][..137] -> [..192.168.1.255][..137] [NetBIOS][System][Acceptable]
update: [....17] [ip4][..udp] [....192.168.1.2][..138] -> [..192.168.1.251][..138] [NetBIOS.SMBv1][System][Dangerous]
@@ -135,7 +135,7 @@
detection-update: [....51] [ip4][..udp] [....192.168.1.2][.2725] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][1.0.0.127.in-addr.arpa]
new: [....52] [ip4][..udp] [...192.168.1.46][...53] -> [....192.168.1.2][.2726]
detected: [....52] [ip4][..udp] [...192.168.1.46][...53] -> [....192.168.1.2][.2726] [DNS][Network][Acceptable][sip.cybercity.dk]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16]
idle: [.....4] [ip4][..udp] [....192.168.1.2][.2712] -> [...192.37.115.0][...53]
guessed: [.....2] [ip4][..udp] [....217.168.1.2][..137] -> [..192.168.1.255][..137] [NetBIOS][System][Acceptable][]
idle: [.....2] [ip4][..udp] [....217.168.1.2][..137] -> [..192.168.1.255][..137]
@@ -196,10 +196,10 @@
update: [....21] [ip4][..udp] [....192.114.1.2][.2719] -> [....192.168.1.1][...53]
new: [....53] [ip4][..udp] [..192.168.1.202][..137] -> [..192.168.1.255][..137]
detected: [....53] [ip4][..udp] [..192.168.1.202][..137] -> [..192.168.1.255][..137] [NetBIOS][System][Acceptable][eci_dom]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16]
new: [....54] [ip4][..udp] [....192.168.1.2][.2732] -> [....192.168.1.1][...53]
detected: [....54] [ip4][..udp] [....192.168.1.2][.2732] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [2/16]
idle: [....22] [ip4][..udp] [....192.168.1.2][.2719] -> [....192.168.1.1][...53] [DNS][Network][Acceptable]
RISK: Malformed Packet
idle: [....21] [ip4][..udp] [....192.114.1.2][.2719] -> [....192.168.1.1][...53]
@@ -238,7 +238,7 @@
idle: [....46] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2723] [DNS][Network][Acceptable]
guessed: [....49] [ip4][..udp] [....192.168.1.2][..137] -> [..192.168.1.255][25481] [NetBIOS][System][Acceptable][]
idle: [....49] [ip4][..udp] [....192.168.1.2][..137] -> [..192.168.1.255][25481]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16]
new: [....63] [ip4][..udp] [....192.168.1.2][..137] -> [..192.168.1.255][..169]
idle: [....50] [ip4][..udp] [....192.168.1.2][.2724] -> [...192.168.17.1][...53]
idle: [....48] [ip4][..udp] [....192.168.1.2][.2724] -> [....192.168.1.1][...53]
@@ -248,7 +248,7 @@
detected: [....64] [ip4][..udp] [....192.168.1.2][.2736] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk]
new: [....65] [ip4][..udp] [....192.168.1.2][.2684] -> [....192.168.1.1][...53]
detected: [....65] [ip4][..udp] [....192.168.1.2][.2684] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.dybercity.dk]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [1/16]
new: [....66] [ip4][..udp] [....192.168.1.2][.2736] -> [...192.168.1.17][...53]
detected: [....66] [ip4][..udp] [....192.168.1.2][.2736] -> [...192.168.1.17][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk]
detection-update: [....64] [ip4][..udp] [....192.168.1.2][.2736] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk]
@@ -284,7 +284,7 @@
new: [....73] [ip4][..udp] [....192.168.1.2][.2740] -> [....192.168.1.1][...53]
detected: [....73] [ip4][..udp] [....192.168.1.2][.2740] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cyberci_s]
detection-update: [....73] [ip4][..udp] [....192.168.1.2][.2740] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [1/16]
detection-update: [....73] [ip4][..udp] [....192.168.1.2][.2740] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk]
RISK: Malformed Packet
new: [....74] [ip4][..udp] [....192.168.1.2][..137] -> [..192.168.1.255][.8329]
@@ -318,7 +318,7 @@
update: [....61] [ip4][..udp] [....200.168.1.2][.2735] -> [....192.168.1.1][...53]
update: [....62] [ip4][..udp] [....253.168.1.1][...53] -> [....192.168.1.2][.2735] [DNS][Network][Acceptable]
update: [....37] [ip4][..170] [170.170.170.170] -> [170.170.170.170]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [1/16]
new: [....79] [ip4][..udp] [....192.168.1.2][.2743] -> [....192.168.1.1][...53]
detected: [....79] [ip4][..udp] [....192.168.1.2][.2743] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][1.0.0.127.in-addr.arpa]
detection-update: [....79] [ip4][..udp] [....192.168.1.2][.2743] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][1.0.0.127.in-addr.arpa]
@@ -389,7 +389,7 @@
RISK: Malformed Packet
new: [....93] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2733]
detected: [....93] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2733] [DNS][Network][Acceptable][1.0.0.127.in-addr.arpa]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [1/16]
new: [....94] [ip4][..udp] [....192.168.1.2][.2750] -> [....192.168.1.1][...53]
detected: [....94] [ip4][..udp] [....192.168.1.2][.2750] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.voip.brujula.net]
new: [....95] [ip4][..udp] [....192.168.1.2][10942] -> [....192.168.1.1][...53]
@@ -448,7 +448,7 @@
update: [....90] [ip4][..udp] [....192.168.1.2][.2748] -> [....192.168.1.1][...53]
update: [....89] [ip4][..udp] [....192.168.1.2][.5060] -> [..200.68.120.81][.4932] [SIP][VoIP][Acceptable]
update: [....91] [ip4][..udp] [....192.168.1.2][.5060] -> [..200.68.120.81][.5060] [SIP][VoIP][Acceptable]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [1/16]
new: [...106] [ip4][..udp] [....192.168.1.2][.2754] -> [....192.168.1.1][...53]
new: [...107] [ip4][..118] [....192.168.1.2] -> [..200.68.120.81]
detected: [...106] [ip4][..udp] [....192.168.1.2][.2754] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cyberciwy.dk]
@@ -563,13 +563,13 @@
idle: [....79] [ip4][..udp] [....192.168.1.2][.2743] -> [....192.168.1.1][...53] [DNS][Network][Acceptable]
update: [....85] [ip4][..240] [....192.168.1.2] -> [....192.168.1.1]
update: [...110] [ip4][..udp] [....192.168.1.2][.2756] -> [....192.168.1.1][...53]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16]
new: [...118] [ip4][..udp] [.....192.22.1.2][.2760] -> [....192.168.1.1][...53]
new: [...119] [ip4][..udp] [....192.168.1.2][.2760] -> [....192.168.1.1][...53]
detected: [...119] [ip4][..udp] [....192.168.1.2][.2760] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip.eudp.sip.cybercity.dk]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [2/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [3/16]
ERROR-EVENT: Unknown packet type [4/16]
detection-update: [...119] [ip4][..udp] [....192.168.1.2][.2760] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk]
idle: [....81] [ip4][..udp] [....192.168.1.2][...88] -> [..192.168.1.255][..137] [NetBIOS][System][Acceptable]
idle: [....80] [ip4][..udp] [....192.168.1.2][.2744] -> [....192.168.1.1][...53]
@@ -607,8 +607,8 @@
RISK: Malformed Packet
detection-update: [...121] [ip4][..udp] [....192.168.1.2][.2762] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.sk]
RISK: Malformed Packet
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown L3 protocol
ERROR-EVENT: Unknown packet type [1/16]
ERROR-EVENT: Unknown L3 protocol [2/16]
not-detected: [....82] [ip4][..udp] [..192.168.1.170][43690] -> [170.170.170.170][43690] [Unknown][Unrated]
idle: [....82] [ip4][..udp] [..192.168.1.170][43690] -> [170.170.170.170][43690]
idle: [....83] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2745] [DNS][Network][Acceptable]
@@ -616,14 +616,14 @@
update: [...112] [ip4][..udp] [....192.168.1.2][.2640] -> [....192.168.1.1][...53]
update: [...114] [ip4][..udp] [.192.168.37.115][.2758] -> [....128.168.1.1][...53]
update: [...113] [ip4][..udp] [....192.168.1.2][.2785] -> [....192.168.1.1][...53]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [3/16]
new: [...122] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2763]
detected: [...122] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2763] [DNS][Network][Acceptable][1.0.0.127.in-addr.arpa]
RISK: Malformed Packet
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [4/16]
new: [...123] [ip4][..udp] [....192.168.1.2][.2764] -> [....192.168.1.1][...53]
detected: [...123] [ip4][..udp] [....192.168.1.2][.2764] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [5/16]
new: [...124] [ip4][..udp] [....192.168.1.2][43690] -> [170.170.170.170][43690]
detection-update: [...123] [ip4][..udp] [....192.168.1.2][.2764] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.s?p.cibercity.dk]
detection-update: [...123] [ip4][..udp] [....192.168.1.2][.2764] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][]
@@ -652,7 +652,7 @@
new: [...128] [ip4][..udp] [....192.168.1.2][.2766] -> [....192.168.1.1][...53]
detected: [...128] [ip4][..udp] [....192.168.1.2][.2766] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk]
detection-update: [...128] [ip4][..udp] [....192.168.1.2][.2766] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybe0city.dk]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [1/16]
new: [...129] [ip4][..udp] [....192.168.1.2][14798] -> [....192.168.1.1][...53]
detected: [...129] [ip4][..udp] [....192.168.1.2][14798] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk]
idle: [....93] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2733] [DNS][Network][Acceptable]
@@ -680,7 +680,7 @@
detection-update: [...130] [ip4][..udp] [....192.168.1.2][.2767] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][1.0.0.127.in-addr.arpa]
new: [...131] [ip4][..udp] [....192.168.1.2][.2768] -> [....192.168.1.1][...53]
detected: [...131] [ip4][..udp] [....192.168.1.2][.2768] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16]
new: [...132] [ip4][..udp] [....192.168.1.2][35536] -> [....192.168.1.1][...53]
detected: [...132] [ip4][..udp] [....192.168.1.2][35536] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk]
new: [...133] [ip4][..udp] [.....94.168.1.2][.2768] -> [....192.168.1.1][....4]
@@ -713,16 +713,16 @@
RISK: Malformed Packet
update: [...123] [ip4][..udp] [....192.168.1.2][.2764] -> [....192.168.1.1][...53] [DNS][Network][Acceptable]
RISK: Malformed Packet
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [1/16]
ERROR-EVENT: Unknown packet type [2/16]
new: [...136] [ip4][..127] [....192.168.1.2] -> [....192.168.1.1]
new: [...137] [ip4][..udp] [....192.168.1.2][.2770] -> [....192.168.1.1][...53]
detected: [...137] [ip4][..udp] [....192.168.1.2][.2770] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][]
RISK: Malformed Packet
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [3/16]
new: [...138] [ip4][..udp] [....192.168.1.2][..137] -> [..120.168.1.255][..137]
detected: [...138] [ip4][..udp] [....192.168.1.2][..137] -> [..120.168.1.255][..137] [NetBIOS][System][Acceptable][eci_doma]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [4/16]
detection-update: [...137] [ip4][..udp] [....192.168.1.2][.2770] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][]
RISK: Malformed Packet
idle: [...108] [ip4][..udp] [.....14.168.1.2][.2754] -> [....192.168.1.1][...53]
@@ -749,7 +749,7 @@
detected: [...139] [ip4][..udp] [...192.168.1.57][.2771] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][]
new: [...140] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2771]
detected: [...140] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2771] [DNS][Network][Acceptable][1.0.0.127.in-addr.arpa]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16]
new: [...141] [ip4][..udp] [....192.168.1.2][..138] -> [..192.168.1.255][..138]
detected: [...141] [ip4][..udp] [....192.168.1.2][..138] -> [..192.168.1.255][..138] [NetBIOS.SMBv1][System][Dangerous][d002465]
RISK: Unsafe Protocol
@@ -785,7 +785,7 @@
update: [...135] [ip4][..udp] [....192.168.1.1][..117] -> [....192.168.1.2][.2769]
new: [...144] [ip4][..udp] [....192.168.1.2][.2773] -> [....192.168.1.1][...53]
detected: [...144] [ip4][..udp] [....192.168.1.2][.2773] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][1.0.0.127.il-addr.arpa]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16]
idle: [...112] [ip4][..udp] [....192.168.1.2][.2640] -> [....192.168.1.1][...53]
idle: [...111] [ip4][..udp] [....192.168.1.2][.2757] -> [....192.168.1.1][...53] [DNS][Network][Acceptable]
RISK: Malformed Packet
@@ -836,7 +836,7 @@
detected: [...148] [ip4][..udp] [....192.168.1.2][.2776] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk]
detection-update: [...148] [ip4][..udp] [....192.168.1.2][.2776] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][]
RISK: Malformed Packet
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [1/16]
detection-update: [...148] [ip4][..udp] [....192.168.1.2][.2776] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk]
RISK: Malformed Packet
guessed: [...118] [ip4][..udp] [.....192.22.1.2][.2760] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][]
@@ -863,7 +863,7 @@
new: [...151] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2782]
detected: [...151] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2782] [DNS][Network][Acceptable][1.0.0.127.in-addr.arpa]
new: [...152] [ip4][..udp] [....192.168.1.6][.5060] -> [..212.242.33.35][.5060]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [1/16]
idle: [...120] [ip4][..udp] [....192.168.1.2][.2761] -> [....192.168.1.1][...53] [DNS][Network][Acceptable]
idle: [...121] [ip4][..udp] [....192.168.1.2][.2762] -> [....192.168.1.1][...53]
update: [...138] [ip4][..udp] [....192.168.1.2][..137] -> [..120.168.1.255][..137] [NetBIOS][System][Acceptable]
@@ -880,7 +880,7 @@
new: [...153] [ip4][..udp] [....192.168.1.2][.2783] -> [....192.168.1.1][...53]
detected: [...153] [ip4][..udp] [....192.168.1.2][.2783] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk]
detection-update: [...153] [ip4][..udp] [....192.168.1.2][.2783] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [1/16]
new: [...154] [ip4][..udp] [......0.168.1.2][.2783] -> [....192.168.1.1][...53]
detected: [...154] [ip4][..udp] [......0.168.1.2][.2783] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk]
detection-update: [...153] [ip4][..udp] [....192.168.1.2][.2783] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk]
@@ -905,7 +905,7 @@
RISK: Malformed Packet
new: [...156] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.5.2][.2784]
detected: [...156] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.5.2][.2784] [DNS][Network][Acceptable][1.0.0.127.in-addr.aspa]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [1/16]
idle: [...129] [ip4][..udp] [....192.168.1.2][14798] -> [....192.168.1.1][...53]
idle: [...126] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2765] [DNS][Network][Acceptable]
RISK: Malformed Packet
@@ -939,7 +939,7 @@
update: [...151] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2782] [DNS][Network][Acceptable]
new: [...161] [ip4][..udp] [....192.168.1.2][.2786] -> [....192.168.1.3][...53]
detected: [...161] [ip4][..udp] [....192.168.1.2][.2786] -> [....192.168.1.3][...53] [DNS][Network][Acceptable][1.0.0.127.in-ad?r.arpa]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16]
new: [...162] [ip4][..udp] [..212.242.33.35][.9587] -> [....192.168.1.2][..196]
new: [...163] [ip4][..udp] [....192.168.1.2][.2787] -> [....192.168.3.1][...53]
detected: [...163] [ip4][..udp] [....192.168.1.2][.2787] -> [....192.168.3.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk]
@@ -971,8 +971,8 @@
[IATS(ms)....: 17474.8,107207.5,89874.9,17280.7,167478.6,167525.2,17335.8,73902.7,91241.1,17333.2,25.9,17725.0,29031.8,29092.7,68237.2,29272.4,29031.8,29031.6,29031.5,18604.5,279041.8,227.1,15287.5,17115.0,32679.4,257.3,76383.1,29031.1,58063.5,24495.5,17375.1]
[PKTLENS.....: 514,374,495,514,708,514,708,519,514,708,334,498,33,33,33,33,33,33,33,33,853,621,368,33,1104,473,363,33,33,33,466,701]
[ENTROPIES...: 5.8,5.8,5.8,5.8,5.8,1.5,3.4,2.9,5.8,4.1,5.8,3.2,4.1,4.1,4.1,4.1,4.1,4.1,4.1,4.1,5.8,5.8,5.7,4.1,1.5,5.8,4.6,4.1,4.0,4.1,3.3,2.3]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: Unknown packet type [1/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [2/16]
new: [...167] [ip4][..udp] [....192.168.1.2][.2789] -> [....192.168.1.1][...53]
detected: [...167] [ip4][..udp] [....192.168.1.2][.2789] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk]
detection-update: [...167] [ip4][..udp] [....192.168.1.2][.2789] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][]
@@ -992,14 +992,14 @@
update: [...156] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.5.2][.2784] [DNS][Network][Acceptable]
new: [...168] [ip4][..udp] [....192.168.1.2][.2790] -> [....192.168.1.1][...53]
detected: [...168] [ip4][..udp] [....192.168.1.2][.2790] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][1.0.0.127.in-addr.arpa]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16]
new: [...169] [ip4][..udp] [..212.242.33.35][.5060] -> [...192.37.115.0][.5060]
detected: [...169] [ip4][..udp] [..212.242.33.35][.5060] -> [...192.37.115.0][.5060] [SIP][VoIP][Acceptable]
new: [...170] [ip4][..udp] [...192.168.79.2][.2791] -> [....192.168.1.1][...53]
detected: [...170] [ip4][..udp] [...192.168.79.2][.2791] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk]
new: [...171] [ip4][..udp] [...192.168.1.53][.2791] -> [....192.168.1.1][...53]
detected: [...171] [ip4][..udp] [...192.168.1.53][.2791] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [2/16]
new: [...172] [ip4][..udp] [....192.168.1.2][..137] -> [..192.194.1.255][..137]
detected: [...172] [ip4][..udp] [....192.168.1.2][..137] -> [..192.194.1.255][..137] [NetBIOS][System][Acceptable][eci_domain]
new: [...173] [ip4][..udp] [170.170.170.170][43690] -> [170.170.170.170][43690]
@@ -1031,7 +1031,7 @@
new: [...177] [ip4][..udp] [....192.168.1.1][...53] -> [....240.168.1.2][.2792]
detected: [...177] [ip4][..udp] [....192.168.1.1][...53] -> [....240.168.1.2][.2792] [DNS][Network][Acceptable][1.0.0.127.in-a?dr.arpa]
RISK: Malformed Packet
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16]
update: [...117] [ip4][...37] [....192.168.1.1] -> [....192.168.1.2]
update: [...162] [ip4][..udp] [..212.242.33.35][.9587] -> [....192.168.1.2][..196]
update: [....85] [ip4][..240] [....192.168.1.2] -> [....192.168.1.1]
@@ -1105,7 +1105,7 @@
RISK: Malformed Packet
update: [...159] [ip4][..udp] [....192.168.1.2][..137] -> [..192.168.1.255][35721]
update: [...107] [ip4][..118] [....192.168.1.2] -> [..200.68.120.81]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16]
not-detected: [...162] [ip4][..udp] [..212.242.33.35][.9587] -> [....192.168.1.2][..196] [Unknown][Unrated]
idle: [...162] [ip4][..udp] [..212.242.33.35][.9587] -> [....192.168.1.2][..196]
not-detected: [....85] [ip4][..240] [....192.168.1.2] -> [....192.168.1.1] [Unknown][Unrated]
@@ -1153,7 +1153,7 @@
detected: [...183] [ip4][..udp] [...192.168.1.41][..137] -> [..107.168.1.255][..137] [NetBIOS][System][Acceptable][workgroup]
new: [...184] [ip4][..udp] [.....115.0.1.41][..137] -> [..192.168.1.255][..137]
detected: [...184] [ip4][..udp] [.....115.0.1.41][..137] -> [..192.168.1.255][..137] [NetBIOS][System][Acceptable][workgroup]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16]
idle: [...164] [ip4][..udp] [....192.168.1.2][.2787] -> [....192.168.1.1][...53]
idle: [...165] [ip4][..udp] [....192.168.1.2][.2788] -> [....192.168.1.1][...53]
idle: [...167] [ip4][..udp] [....192.168.1.2][.2789] -> [....192.168.1.1][...53]
@@ -1205,7 +1205,7 @@
new: [...190] [ip4][..udp] [....192.168.1.2][.2793] -> [....192.168.1.1][...53]
detected: [...190] [ip4][..udp] [....192.168.1.2][.2793] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][re-.sippstar.com]
detection-update: [...190] [ip4][..udp] [....192.168.1.2][.2793] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][reg.sip?star.com]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16]
detection-update: [...190] [ip4][..udp] [....192.168.1.2][.2793] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][reg.sippstar.com]
new: [...191] [ip4][..udp] [....192.168.1.2][.2794] -> [..192.168.108.1][...53]
detected: [...191] [ip4][..udp] [....192.168.1.2][.2794] -> [..192.168.108.1][...53] [DNS][Network][Acceptable][sip.cybercity.dk]
@@ -1225,7 +1225,7 @@
detected: [...192] [ip4][..udp] [....192.168.1.2][.2795] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][sip.cybercity.dk]
new: [...193] [ip4][..udp] [....192.168.1.2][.2794] -> [....192.168.1.1][...53]
detected: [...193] [ip4][..udp] [....192.168.1.2][.2794] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][sip.cybercity.dk]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16]
detection-update: [...192] [ip4][..udp] [....192.168.1.2][.2795] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][sip.cybercity.dk]
detection-update: [...193] [ip4][..udp] [....192.168.1.2][.2794] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][sip.cybercity.dk]
new: [...194] [ip4][..udp] [....192.168.1.2][.2796] -> [....192.168.1.1][...53]
@@ -1235,7 +1235,7 @@
new: [...195] [ip4][..udp] [192.168.170.170][43690] -> [170.170.170.170][43690]
detection-update: [...194] [ip4][..udp] [....192.168.1.2][.2796] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk]
RISK: Malformed Packet
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [2/16]
update: [.....1] [ip4][..udp] [....192.168.1.2][..137] -> [..192.168.1.255][..137] [NetBIOS][System][Acceptable]
update: [...187] [ip4][..udp] [....192.168.1.2][..137] -> [..200.168.1.255][..137] [NetBIOS][System][Acceptable]
update: [...186] [ip4][..udp] [....192.168.1.2][43690] -> [192.168.170.170][43690]
@@ -1247,14 +1247,14 @@
detection-update: [...197] [ip4][..udp] [....192.168.1.2][.2797] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][1.0.0.127.in-addr.arpa]
new: [...198] [ip4][..udp] [..212.242.33.35][.5060] -> [....192.168.1.2][.5060]
detected: [...198] [ip4][..udp] [..212.242.33.35][.5060] -> [....192.168.1.2][.5060] [SIP][VoIP][Acceptable]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16]
new: [...199] [ip4][..udp] [....192.168.1.2][.2798] -> [....192.168.1.1][...53]
detected: [...199] [ip4][..udp] [....192.168.1.2][.2798] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk]
update: [...166] [ip4][....0] [....192.168.1.1] -> [....192.168.1.2]
update: [...157] [ip4][...19] [....192.168.1.2] -> [....192.168.1.1]
update: [...136] [ip4][..127] [....192.168.1.2] -> [....192.168.1.1]
update: [....37] [ip4][..170] [170.170.170.170] -> [170.170.170.170]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [2/16]
new: [...200] [ip4][..udp] [....192.168.1.2][.2799] -> [....192.168.1.1][...53]
detected: [...200] [ip4][..udp] [....192.168.1.2][.2799] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][1.0.0.127.in-addr.arpa]
new: [...201] [ip4][..udp] [....192.168.1.1][...53] -> [..192.168.119.2][.2799]
@@ -1263,7 +1263,7 @@
detected: [...202] [ip4][..udp] [....192.168.1.2][.2800] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_s?p._udp.sip.cybercity.dk]
detection-update: [...202] [ip4][..udp] [....192.168.1.2][.2800] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk]
new: [...203] [ip4][..udp] [....192.168.1.2][.2800] -> [....192.168.1.1][...21]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [1/16]
update: [...117] [ip4][...37] [....192.168.1.1] -> [....192.168.1.2]
update: [...188] [ip4][..udp] [....192.168.1.2][...68] -> [....192.168.1.1][...67] [DHCP][Network][Acceptable]
update: [...183] [ip4][..udp] [...192.168.1.41][..137] -> [..107.168.1.255][..137] [NetBIOS][System][Acceptable]
@@ -1300,7 +1300,7 @@
detection-update: [...209] [ip4][..udp] [....192.168.1.2][.2803] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][1.0.0.127.in-addr.arpa]
new: [...210] [ip4][..udp] [....192.168.1.2][.2804] -> [....192.168.1.1][...53]
detected: [...210] [ip4][..udp] [....192.168.1.2][.2804] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk]
ERROR-EVENT: Unknown L3 protocol
ERROR-EVENT: Unknown L3 protocol [1/16]
detection-update: [...210] [ip4][..udp] [....192.168.1.2][.2804] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cyberc?ty.dk]
idle: [...183] [ip4][..udp] [...192.168.1.41][..137] -> [..107.168.1.255][..137] [NetBIOS][System][Acceptable]
idle: [...184] [ip4][..udp] [.....115.0.1.41][..137] -> [..192.168.1.255][..137] [NetBIOS][System][Acceptable]
@@ -1311,8 +1311,8 @@
update: [...197] [ip4][..udp] [....192.168.1.2][.2797] -> [....192.168.1.1][...53] [DNS][Network][Acceptable]
update: [...199] [ip4][..udp] [....192.168.1.2][.2798] -> [....192.168.1.1][...53]
detection-update: [...210] [ip4][..udp] [....192.168.1.2][.2804] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: Unknown packet type [2/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [3/16]
idle: [...185] [ip4][..udp] [...192.168.1.41][..137] -> [.192.168.37.115][..137] [NetBIOS][System][Acceptable]
new: [...211] [ip4][..udp] [....192.168.1.2][.2805] -> [....192.168.1.1][...51]
new: [...212] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2805]
@@ -1335,7 +1335,7 @@
update: [...200] [ip4][..udp] [....192.168.1.2][.2799] -> [....192.168.1.1][...53]
update: [...201] [ip4][..udp] [....192.168.1.1][...53] -> [..192.168.119.2][.2799] [DNS][Network][Acceptable]
update: [...202] [ip4][..udp] [....192.168.1.2][.2800] -> [....192.168.1.1][...53]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [1/16]
new: [...214] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2807]
detected: [...214] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2807] [DNS][Network][Acceptable][]
RISK: Malformed Packet
@@ -1354,7 +1354,7 @@
update: [...204] [ip4][..udp] [....192.168.1.2][.2801] -> [....192.168.1.1][...53] [DNS][Network][Acceptable]
RISK: Malformed Packet
update: [...207] [ip4][..udp] [....192.168.1.2][.2802] -> [....192.168.1.1][...53]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [2/16]
new: [...217] [ip4][..udp] [....192.168.1.2][19192] -> [....192.168.1.1][...53]
detected: [...217] [ip4][..udp] [....192.168.1.2][19192] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk]
new: [...218] [ip4][..udp] [....192.168.1.2][.2809] -> [....192.168.1.1][...53]
@@ -1384,8 +1384,8 @@
RISK: Malformed Packet
new: [...224] [ip4][..udp] [..192.168.233.1][...53] -> [....192.168.1.2][.2811]
detected: [...224] [ip4][..udp] [..192.168.233.1][...53] -> [....192.168.1.2][.2811] [DNS][Network][Acceptable][1.0.0.127.in-addr.arpa]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [1/16]
ERROR-EVENT: Unknown packet type [2/16]
new: [...225] [ip4][..udp] [....192.168.1.2][..137] -> [..192.168.1.255][..905]
update: [...149] [ip4][....0] [....192.168.1.2] -> [..192.168.1.255]
update: [...203] [ip4][..udp] [....192.168.1.2][.2800] -> [....192.168.1.1][...21]
@@ -1400,7 +1400,7 @@
new: [...226] [ip4][..udp] [....192.168.1.2][.2812] -> [....192.168.1.1][...53]
detected: [...226] [ip4][..udp] [....192.168.1.2][.2812] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cyaercity.dk]
detection-update: [...226] [ip4][..udp] [....192.168.1.2][.2812] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16]
idle: [...190] [ip4][..udp] [....192.168.1.2][.2793] -> [....192.168.1.1][...53] [DNS][Network][Acceptable]
idle: [...191] [ip4][..udp] [....192.168.1.2][.2794] -> [..192.168.108.1][...53]
update: [...208] [ip4][..udp] [....192.168.1.2][18162] -> [....192.168.1.1][...53]
@@ -1435,17 +1435,17 @@
new: [...227] [ip4][..udp] [....192.168.1.2][.2813] -> [....192.168.1.1][...53]
detected: [...227] [ip4][..udp] [....192.168.1.2][.2813] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][1.0.0.127?in-ad_r?arpa???]
RISK: Malformed Packet
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [2/16]
new: [...228] [ip4][..udp] [....192.168.1.2][.2814] -> [....192.168.1.1][...53]
detected: [...228] [ip4][..udp] [....192.168.1.2][.2814] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][]
RISK: Malformed Packet
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [3/16]
ERROR-EVENT: Unknown packet type [4/16]
ERROR-EVENT: Unknown packet type [5/16]
new: [...229] [ip4][..udp] [....192.168.1.2][29440] -> [...192.168.1.37][..137]
detected: [...229] [ip4][..udp] [....192.168.1.2][29440] -> [...192.168.1.37][..137] [NetBIOS][System][Acceptable][]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [6/16]
detection-update: [...228] [ip4][..udp] [....192.168.1.2][.2814] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sib._udp.sip.cybercity.dk]
RISK: Malformed Packet
not-detected: [...195] [ip4][..udp] [192.168.170.170][43690] -> [170.170.170.170][43690] [Unknown][Unrated]
@@ -1468,7 +1468,7 @@
new: [...230] [ip4][..udp] [....192.168.1.2][.2815] -> [....192.168.1.1][...53]
detected: [...230] [ip4][..udp] [....192.168.1.2][.2815] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][]
RISK: Malformed Packet
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16]
new: [...231] [ip4][..udp] [....192.168.1.2][.2816] -> [....192.168.1.1][...53]
detected: [...231] [ip4][..udp] [....192.168.1.2][.2816] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][?sip._udp.shp.cybercity.dk]
new: [...232] [ip4][..udp] [....192.168.1.2][.5060] -> [.212.242.33.201][.5060]
@@ -1484,9 +1484,9 @@
detected: [...236] [ip4][..udp] [....192.168.1.2][30000] -> [..214.242.33.36][40392] [RTP][Media][Acceptable]
new: [...237] [ip4][..udp] [.....81.168.1.2][30000] -> [..212.242.33.36][40392]
detected: [...237] [ip4][..udp] [.....81.168.1.2][30000] -> [..212.242.33.36][40392] [RTP][Media][Acceptable]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [2/16]
detection-update: [...231] [ip4][..udp] [....192.168.1.2][.2816] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [3/16]
idle: [...197] [ip4][..udp] [....192.168.1.2][.2797] -> [....192.168.1.1][...53] [DNS][Network][Acceptable]
idle: [...199] [ip4][..udp] [....192.168.1.2][.2798] -> [....192.168.1.1][...53]
update: [...205] [ip4][....0] [....192.168.1.2] -> [..212.242.33.35]
@@ -1494,10 +1494,10 @@
detected: [...238] [ip4][..udp] [....192.168.1.2][.2822] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][1.0.0.1?7.in-addr.arpa]
new: [...239] [ip4][..udp] [....192.168.1.2][.5060] -> [..212.234.33.35][.5060]
detected: [...239] [ip4][..udp] [....192.168.1.2][.5060] -> [..212.234.33.35][.5060] [SIP][VoIP][Acceptable]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16]
new: [...240] [ip4][..udp] [....192.168.1.2][.2823] -> [....192.168.1.1][...53]
detected: [...240] [ip4][..udp] [....192.168.1.2][.2823] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [2/16]
detection-update: [...240] [ip4][..udp] [....192.168.1.2][.2823] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk]
detection-update: [...240] [ip4][..udp] [....192.168.1.2][.2823] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk]
not-detected: [...149] [ip4][....0] [....192.168.1.2] -> [..192.168.1.255] [Unknown][Unrated]
@@ -1530,7 +1530,7 @@
new: [...241] [ip4][..udp] [....192.168.1.2][.2824] -> [....192.168.1.1][...53]
detected: [...241] [ip4][..udp] [....192.168.1.2][.2824] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][1.0.0.127.in-addr.arpa]
detection-update: [...241] [ip4][..udp] [....192.168.1.2][.2824] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][1.0.0.127.in-addr.arpa]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16]
new: [...242] [ip4][..udp] [....192.168.1.2][.2825] -> [....192.168.1.1][...53]
detected: [...242] [ip4][..udp] [....192.168.1.2][.2825] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk]
detection-update: [...242] [ip4][..udp] [....192.168.1.2][.2825] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][]
@@ -1572,10 +1572,10 @@
detected: [...245] [ip4][..udp] [....192.168.1.2][.2827] -> [..192.168.1.114][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk]
new: [...246] [ip4][..udp] [....192.168.1.2][.2827] -> [....192.168.1.1][...53]
detected: [...246] [ip4][..udp] [....192.168.1.2][.2827] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercimy.v?]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [1/16]
new: [...247] [ip4][..udp] [....192.168.1.2][.2827] -> [....192.170.1.1][...53]
detected: [...247] [ip4][..udp] [....192.168.1.2][.2827] -> [....192.170.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cyberc?ty.dk]
ERROR-EVENT: Unknown L3 protocol
ERROR-EVENT: Unknown L3 protocol [2/16]
not-detected: [...157] [ip4][...19] [....192.168.1.2] -> [....192.168.1.1] [Unknown][Unrated]
idle: [...157] [ip4][...19] [....192.168.1.2] -> [....192.168.1.1]
not-detected: [...117] [ip4][...37] [....192.168.1.1] -> [....192.168.1.2] [Unknown][Unrated]
@@ -1614,7 +1614,7 @@
update: [...220] [ip4][..udp] [....192.170.1.2][.2810] -> [....192.168.1.1][...53]
new: [...252] [ip4][..udp] [....192.168.1.2][.2829] -> [....192.168.1.1][...53]
detected: [...252] [ip4][..udp] [....192.168.1.2][.2829] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16]
new: [...253] [ip4][..udp] [...192.168.54.2][.2829] -> [....192.168.1.1][...53]
detected: [...253] [ip4][..udp] [...192.168.54.2][.2829] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][]
RISK: Malformed Packet
@@ -1658,7 +1658,7 @@
idle: [...222] [ip4][..udp] [....128.168.1.2][.2810] -> [....192.168.1.1][...53]
update: [...245] [ip4][..udp] [....192.168.1.2][.2827] -> [..192.168.1.114][...53]
update: [...246] [ip4][..udp] [....192.168.1.2][.2827] -> [....192.168.1.1][...53]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16]
new: [...257] [ip4][..udp] [....192.168.1.2][.2832] -> [....192.168.1.1][...53]
detected: [...257] [ip4][..udp] [....192.168.1.2][.2832] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk]
guessed: [....26] [ip4][..tcp] [..147.234.1.253][...21] -> [......192.2.1.2][.2720] [FTP_CONTROL][Download][Unsafe]

16
test/results/flow-info/fuzz-2006-09-29-28586.pcap.out
View File

@@ -1,21 +1,21 @@
DAEMON-EVENT: init
DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [1/16]
new: [.....1] [ip4][..tcp] [....172.20.3.13][...80] -> [.....172.20.3.5][.2600] [MIDSTREAM]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [2/16]
new: [.....2] [ip4][..tcp] [....172.20.3.13][...80] -> [.....172.20.3.5][.2601]
detected: [.....2] [ip4][..tcp] [....172.20.3.13][...80] -> [.....172.20.3.5][.2601] [HTTP][Web][Acceptable][]
new: [.....3] [ip4][..tcp] [....172.20.3.13][...81] -> [.....172.20.3.5][.2601] [MIDSTREAM]
new: [.....4] [ip4][..tcp] [......0.20.3.13][...80] -> [.....172.20.3.5][.2601] [MIDSTREAM]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [3/16]
new: [.....5] [ip4][..tcp] [....172.20.3.13][53132] -> [.....172.20.3.5][...80]
new: [.....6] [ip4][..tcp] [.....172.20.3.1][...80] -> [....172.20.3.13][53132] [MIDSTREAM]
detected: [.....6] [ip4][..tcp] [.....172.20.3.1][...80] -> [....172.20.3.13][53132] [HTTP][Web][Acceptable][]
new: [.....7] [ip4][..tcp] [.....172.20.3.5][...80] -> [....172.57.3.13][53132] [MIDSTREAM]
new: [.....8] [ip4][..tcp] [......172.6.3.5][...80] -> [....172.20.3.13][53132] [MIDSTREAM]
new: [.....9] [ip4][..tcp] [.....172.20.3.5][.2602] -> [....172.21.3.13][...80]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [4/16]
new: [....10] [ip4][..170] [170.170.170.170] -> [170.170.170.170]
new: [....11] [ip4][..tcp] [.....172.20.3.5][.2602] -> [....172.20.3.13][...80] [MIDSTREAM]
detected: [....11] [ip4][..tcp] [.....172.20.3.5][.2602] -> [....172.20.3.13][...80] [HTTP][Web][Acceptable][172.20.3.13]
@@ -29,7 +29,7 @@
new: [....18] [ip4][..tcp] [.....172.20.3.5][.2604] -> [....172.20.3.13][...80]
detected: [....18] [ip4][..tcp] [.....172.20.3.5][.2604] -> [....172.20.3.13][...80] [HTTP][Web][Acceptable][172.20.3.13]
RISK: HTTP Numeric IP Address
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [1/16]
new: [....19] [ip4][..tcp] [....172.20.3.13][...80] -> [....172.20.68.5][.2604] [MIDSTREAM]
new: [....20] [ip4][..tcp] [.....172.20.3.5][.2605] -> [....172.20.3.13][...80]
detected: [....20] [ip4][..tcp] [.....172.20.3.5][.2605] -> [....172.20.3.13][...80] [HTTP][Web][Acceptable][172.20.3.13]
@@ -38,14 +38,14 @@
new: [....22] [ip4][..tcp] [....172.20.3.13][...80] -> [....172.20.76.5][65069] [MIDSTREAM]
new: [....23] [ip4][..tcp] [....172.20.3.13][...80] -> [......44.20.3.5][.2605] [MIDSTREAM]
detected: [....23] [ip4][..tcp] [....172.20.3.13][...80] -> [......44.20.3.5][.2605] [HTTP][Web][Acceptable][]
ERROR-EVENT: Unknown L3 protocol
ERROR-EVENT: Unknown L3 protocol [2/16]
new: [....24] [ip4][..tcp] [170.170.170.170][43690] -> [170.170.170.170][43690]
new: [....25] [ip4][..tcp] [....172.20.3.13][...80] -> [.....172.20.3.5][.2639] [MIDSTREAM]
new: [....26] [ip4][..tcp] [....172.52.3.13][...80] -> [.....172.20.3.5][.2093] [MIDSTREAM]
new: [....27] [ip4][..tcp] [.....172.20.3.5][.2606] -> [....172.20.3.13][...80]
detected: [....27] [ip4][..tcp] [.....172.20.3.5][.2606] -> [....172.20.3.13][...80] [HTTP][Web][Acceptable][172.20.3.13]
RISK: HTTP Numeric IP Address
ERROR-EVENT: Unknown L3 protocol
ERROR-EVENT: Unknown L3 protocol [1/16]
new: [....28] [ip4][..tcp] [....172.20.3.13][...80] -> [....172.20.72.5][.2606] [MIDSTREAM]
detected: [....28] [ip4][..tcp] [....172.20.3.13][...80] -> [....172.20.72.5][.2606] [HTTP][Web][Acceptable][]
detection-update: [....27] [ip4][..tcp] [.....172.20.3.5][.2606] -> [....172.20.3.13][...80] [HTTP][Web][Acceptable][172.20.3.13]
@@ -61,7 +61,7 @@
detected: [....34] [ip4][..tcp] [....172.20.3.13][53136] -> [.....172.20.3.5][...80] [HTTP][Web][Acceptable][]
new: [....35] [ip4][..tcp] [....172.20.3.13][53136] -> [.....172.70.3.5][...80] [MIDSTREAM]
new: [....36] [ip4][..tcp] [...172.20.67.13][53136] -> [.....172.20.3.5][...80] [MIDSTREAM]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [2/16]
new: [....37] [ip4][..tcp] [....172.20.3.13][...80] -> [.....172.20.3.5][.2608]
detected: [....37] [ip4][..tcp] [....172.20.3.13][...80] -> [.....172.20.3.5][.2608] [HTTP][Web][Acceptable][]
new: [....38] [ip4][..tcp] [....172.20.3.13][...80] -> [...172.20.148.5][.2608] [MIDSTREAM]

130
test/results/flow-info/fuzz-2020-02-16-11740.pcap.out
View File

@@ -7,20 +7,20 @@
detected: [.....2] [ip4][..udp] [..198.226.25.53][.1812] -> [...10.102.64.30][29200] [Radius][Network][Acceptable]
new: [.....3] [ip4][..udp] [....10.12.64.30][29200] -> [..198.226.25.53][.1812]
detected: [.....3] [ip4][..udp] [....10.12.64.30][29200] -> [..198.226.25.53][.1812] [Radius][Network][Acceptable]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [1/16]
new: [.....4] [ip4][..udp] [....10.12.64.30][29200] -> [..198.226.25.53][.1796]
idle: [.....2] [ip4][..udp] [..198.226.25.53][.1812] -> [...10.102.64.30][29200] [Radius][Network][Acceptable]
idle: [.....1] [ip4][..udp] [....10.12.64.30][29200] -> [..108.226.25.53][.1812] [Radius][Network][Acceptable]
update: [.....3] [ip4][..udp] [....10.12.64.30][29200] -> [..198.226.25.53][.1812] [Radius][Network][Acceptable]
new: [.....5] [ip4][..udp] [....10.12.64.30][29200] -> [..198.226.25.53][.1813]
detected: [.....5] [ip4][..udp] [....10.12.64.30][29200] -> [..198.226.25.53][.1813] [Radius][Network][Acceptable]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [1/16]
update: [.....3] [ip4][..udp] [....10.12.64.30][29200] -> [..198.226.25.53][.1812] [Radius][Network][Acceptable]
update: [.....4] [ip4][..udp] [....10.12.64.30][29200] -> [..198.226.25.53][.1796]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: Unknown L3 protocol
ERROR-EVENT: Unknown packet type [1/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [2/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [3/16]
ERROR-EVENT: Unknown L3 protocol [4/16]
new: [.....6] [ip4][..udp] [..198.226.25.53][30764] -> [....10.12.64.30][12344]
DAEMON-EVENT: [Processed: 12 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 4 / 6|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 3]
@@ -29,14 +29,14 @@
detected: [.....8] [ip4][..udp] [.....10.4.64.30][29200] -> [..198.226.25.53][.1812] [Radius][Network][Acceptable]
new: [.....9] [ip4][..udp] [..198.226.25.53][.1812] -> [....10.12.64.30][29270]
detected: [.....9] [ip4][..udp] [..198.226.25.53][.1812] -> [....10.12.64.30][29270] [Radius][Network][Acceptable]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16]
update: [.....3] [ip4][..udp] [....10.12.64.30][29200] -> [..198.226.25.53][.1812] [Radius][Network][Acceptable]
update: [.....5] [ip4][..udp] [....10.12.64.30][29200] -> [..198.226.25.53][.1813] [Radius][Network][Acceptable]
update: [.....6] [ip4][..udp] [..198.226.25.53][30764] -> [....10.12.64.30][12344]
update: [.....4] [ip4][..udp] [....10.12.64.30][29200] -> [..198.226.25.53][.1796]
new: [....10] [ip4][..udp] [..198.226.25.53][..309] -> [....10.12.64.30][12339]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: Unknown packet type [1/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [2/16]
not-detected: [.....4] [ip4][..udp] [....10.12.64.30][29200] -> [..198.226.25.53][.1796] [Unknown][Unrated]
idle: [.....4] [ip4][..udp] [....10.12.64.30][29200] -> [..198.226.25.53][.1796]
update: [.....3] [ip4][..udp] [....10.12.64.30][29200] -> [..198.226.25.53][.1812] [Radius][Network][Acceptable]
@@ -56,7 +56,7 @@
new: [....11] [ip4][..udp] [170.170.170.170][43690] -> [170.170.170.170][43690]
new: [....12] [ip4][..udp] [..198.226.25.53][.1813] -> [....10.12.64.30][29264]
detected: [....12] [ip4][..udp] [..198.226.25.53][.1813] -> [....10.12.64.30][29264] [Radius][Network][Acceptable]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [1/16]
idle: [.....8] [ip4][..udp] [.....10.4.64.30][29200] -> [..198.226.25.53][.1812] [Radius][Network][Acceptable]
not-detected: [....10] [ip4][..udp] [..198.226.25.53][..309] -> [....10.12.64.30][12339] [Unknown][Unrated]
idle: [....10] [ip4][..udp] [..198.226.25.53][..309] -> [....10.12.64.30][12339]
@@ -65,8 +65,8 @@
idle: [.....7] [ip4][..udp] [198.226.170.170][43690] -> [170.170.170.170][43690]
update: [.....3] [ip4][..udp] [....10.12.64.30][29200] -> [..198.226.25.53][.1812] [Radius][Network][Acceptable]
update: [.....5] [ip4][..udp] [....10.12.64.30][29200] -> [..198.226.25.53][.1813] [Radius][Network][Acceptable]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: Unknown packet type [2/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [3/16]
idle: [.....5] [ip4][..udp] [....10.12.64.30][29200] -> [..198.226.25.53][.1813] [Radius][Network][Acceptable]
analyse: [.....3] [ip4][..udp] [....10.12.64.30][29200] -> [..198.226.25.53][.1812] [Radius][Network][Acceptable]
min| max| avg| stddev| variance| entropy
@@ -78,9 +78,9 @@
[IATS(ms)....: 155.2,452627.7,595.4,114837.3,612411.2,44261.5,205.2,4046.5,4037.8,201.9,4553.2,187.1,43562.4,202.6,48502.1,3244.5,3442.4,3335.8,3536.4,209.1,201.4,255983.2,256164.3,599.6,6263.0,492.5,7309.6,8000.5,8015.3,522.3,7260.9]
[PKTLENS.....: 683,243,225,304,225,731,165,683,165,683,192,731,683,731,683,192,165,683,731,165,683,192,731,225,711,731,711,304,731,225,711,731]
[ENTROPIES...: 6.0,2.8,6.3,6.9,6.4,5.6,6.0,6.1,6.0,0.9,6.1,6.0,6.1,2.9,4.1,6.1,6.0,6.0,6.1,6.0,5.0,6.1,6.1,6.4,6.0,6.1,5.5,6.8,6.1,6.5,5.8,4.2]
ERROR-EVENT: Unknown L3 protocol
ERROR-EVENT: Unknown L3 protocol [1/16]
new: [....13] [ip4][..udp] [..198.162.25.53][.1810] -> [....10.12.64.30][29200]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [1/16]
update: [....12] [ip4][..udp] [..198.226.25.53][.1813] -> [....10.12.64.30][29264] [Radius][Network][Acceptable]
update: [....11] [ip4][..udp] [170.170.170.170][43690] -> [170.170.170.170][43690]
new: [....14] [ip4][..udp] [..198.226.25.53][.1812] -> [....74.12.64.30][29200]
@@ -89,13 +89,13 @@
detected: [....15] [ip4][..udp] [....10.12.64.30][29200] -> [..198.226.77.53][.1812] [Radius][Network][Acceptable]
new: [....16] [ip4][..udp] [....10.12.64.30][29200] -> [..198.226.25.62][.1812]
detected: [....16] [ip4][..udp] [....10.12.64.30][29200] -> [..198.226.25.62][.1812] [Radius][Network][Acceptable]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16]
update: [.....3] [ip4][..udp] [....10.12.64.30][29200] -> [..198.226.25.53][.1812] [Radius][Network][Acceptable]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [2/16]
new: [....17] [ip4][...88] [..198.226.25.53] -> [....10.12.64.30]
new: [....18] [ip4][..254] [....10.12.64.30] -> [..198.226.25.53]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [3/16]
update: [....13] [ip4][..udp] [..198.162.25.53][.1810] -> [....10.12.64.30][29200]
update: [.....3] [ip4][..udp] [....10.12.64.30][29200] -> [..198.226.25.53][.1812] [Radius][Network][Acceptable]
update: [....15] [ip4][..udp] [....10.12.64.30][29200] -> [..198.226.77.53][.1812] [Radius][Network][Acceptable]
@@ -103,14 +103,14 @@
update: [....14] [ip4][..udp] [..198.226.25.53][.1812] -> [....74.12.64.30][29200] [Radius][Network][Acceptable]
update: [....12] [ip4][..udp] [..198.226.25.53][.1813] -> [....10.12.64.30][29264] [Radius][Network][Acceptable]
update: [....11] [ip4][..udp] [170.170.170.170][43690] -> [170.170.170.170][43690]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [1/16]
new: [....19] [ip4][..udp] [..198.226.25.53][.1812] -> [...10.12.120.30][29200]
new: [....20] [ip4][..udp] [....10.12.64.30][29200] -> [..206.226.25.53][.1812]
detected: [....20] [ip4][..udp] [....10.12.64.30][29200] -> [..206.226.25.53][.1812] [Radius][Network][Acceptable]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [1/16]
new: [....21] [ip4][..udp] [..198.157.25.53][.1812] -> [....10.12.64.30][29200]
detected: [....21] [ip4][..udp] [..198.157.25.53][.1812] -> [....10.12.64.30][29200] [Radius][Network][Acceptable]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [2/16]
not-detected: [....13] [ip4][..udp] [..198.162.25.53][.1810] -> [....10.12.64.30][29200] [Unknown][Unrated]
idle: [....13] [ip4][..udp] [..198.162.25.53][.1810] -> [....10.12.64.30][29200]
idle: [....12] [ip4][..udp] [..198.226.25.53][.1813] -> [....10.12.64.30][29264] [Radius][Network][Acceptable]
@@ -126,7 +126,7 @@
new: [....23] [ip4][...85] [..198.226.25.62] -> [....10.12.64.30]
new: [....24] [ip4][..udp] [..198.226.82.53][.1812] -> [....10.12.64.30][29200]
detected: [....24] [ip4][..udp] [..198.226.82.53][.1812] -> [....10.12.64.30][29200] [Radius][Network][Acceptable]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16]
new: [....25] [ip4][..udp] [..198.226.25.53][.1895] -> [....10.12.64.30][29200]
new: [....26] [ip4][..udp] [....10.12.64.30][30224] -> [..198.226.25.53][.1812]
detected: [....26] [ip4][..udp] [....10.12.64.30][30224] -> [..198.226.25.53][.1812] [Radius][Network][Acceptable]
@@ -141,14 +141,14 @@
DAEMON-EVENT: [Flows][active: 13 / 27|skipped: 0|!detected: 6|guessed: 0|detection-updates: 0|updates: 39]
new: [....28] [ip4][..udp] [..198.226.25.53][.1812] -> [....10.28.64.30][29200]
detected: [....28] [ip4][..udp] [..198.226.25.53][.1812] -> [....10.28.64.30][29200] [Radius][Network][Acceptable]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [1/16]
ERROR-EVENT: Unknown packet type [2/16]
ERROR-EVENT: Unknown packet type [3/16]
update: [.....3] [ip4][..udp] [....10.12.64.30][29200] -> [..198.226.25.53][.1812] [Radius][Network][Acceptable]
update: [....16] [ip4][..udp] [....10.12.64.30][29200] -> [..198.226.25.62][.1812] [Radius][Network][Acceptable]
update: [....19] [ip4][..udp] [..198.226.25.53][.1812] -> [...10.12.120.30][29200]
update: [....21] [ip4][..udp] [..198.157.25.53][.1812] -> [....10.12.64.30][29200] [Radius][Network][Acceptable]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [4/16]
new: [....29] [ip4][..udp] [....10.12.64.30][29200] -> [..198.224.25.53][.1812]
detected: [....29] [ip4][..udp] [....10.12.64.30][29200] -> [..198.224.25.53][.1812] [Radius][Network][Acceptable]
update: [....24] [ip4][..udp] [..198.226.82.53][.1812] -> [....10.12.64.30][29200] [Radius][Network][Acceptable]
@@ -157,10 +157,10 @@
update: [....22] [ip4][..udp] [..198.230.25.62][.1812] -> [....10.12.64.30][29200] [Radius][Network][Acceptable]
update: [....26] [ip4][..udp] [....10.12.64.30][30224] -> [..198.226.25.53][.1812] [Radius][Network][Acceptable]
update: [....27] [ip4][..udp] [..198.226.25.53][.1812] -> [....10.56.64.30][.9472] [Radius][Network][Acceptable]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [1/16]
new: [....30] [ip4][..udp] [..198.226.25.53][.1812] -> [.....10.12.37.0][29200]
detected: [....30] [ip4][..udp] [..198.226.25.53][.1812] -> [.....10.12.37.0][29200] [Radius][Network][Acceptable]
ERROR-EVENT: Unknown L3 protocol
ERROR-EVENT: Unknown L3 protocol [2/16]
new: [....31] [ip4][..udp] [...10.12.64.110][29200] -> [..198.226.25.53][.1812]
detected: [....31] [ip4][..udp] [...10.12.64.110][29200] -> [..198.226.25.53][.1812] [Radius][Network][Acceptable]
new: [....32] [ip4][..udp] [...72.226.25.53][.1812] -> [....10.12.64.30][29200]
@@ -178,8 +178,8 @@
update: [....26] [ip4][..udp] [....10.12.64.30][30224] -> [..198.226.25.53][.1812] [Radius][Network][Acceptable]
update: [....29] [ip4][..udp] [....10.12.64.30][29200] -> [..198.224.25.53][.1812] [Radius][Network][Acceptable]
update: [....27] [ip4][..udp] [..198.226.25.53][.1812] -> [....10.56.64.30][.9472] [Radius][Network][Acceptable]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [1/16]
ERROR-EVENT: Unknown packet type [2/16]
new: [....33] [ip4][..udp] [....10.12.64.30][29200] -> [...198.226.37.0][.1812]
detected: [....33] [ip4][..udp] [....10.12.64.30][29200] -> [...198.226.37.0][.1812] [Radius][Network][Acceptable]
idle: [....28] [ip4][..udp] [..198.226.25.53][.1812] -> [....10.28.64.30][29200] [Radius][Network][Acceptable]
@@ -200,7 +200,7 @@
update: [....18] [ip4][..254] [....10.12.64.30] -> [..198.226.25.53]
new: [....34] [ip4][..112] [....10.12.64.30] -> [..198.226.25.53]
detected: [....34] [ip4][..112] [....10.12.64.30] -> [..198.226.25.53] [VRRP][Network][Acceptable]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [1/16]
idle: [....31] [ip4][..udp] [...10.12.64.110][29200] -> [..198.226.25.53][.1812] [Radius][Network][Acceptable]
idle: [....30] [ip4][..udp] [..198.226.25.53][.1812] -> [.....10.12.37.0][29200] [Radius][Network][Acceptable]
idle: [....29] [ip4][..udp] [....10.12.64.30][29200] -> [..198.224.25.53][.1812] [Radius][Network][Acceptable]
@@ -214,7 +214,7 @@
detected: [....35] [ip4][..udp] [....10.12.64.30][29200] -> [..198.226.25.62][.1812] [Radius][Network][Acceptable]
new: [....36] [ip4][..udp] [.....37.0.25.62][.1812] -> [....10.12.64.30][29200]
detected: [....36] [ip4][..udp] [.....37.0.25.62][.1812] -> [....10.12.64.30][29200] [Radius][Network][Acceptable]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16]
new: [....37] [ip4][..udp] [..198.226.25.62][.1812] -> [.....10.12.37.0][29200]
detected: [....37] [ip4][..udp] [..198.226.25.62][.1812] -> [.....10.12.37.0][29200] [Radius][Network][Acceptable]
new: [....38] [ip4][..udp] [..198.226.25.62][.1812] -> [....10.12.64.30][29295]
@@ -223,13 +223,13 @@
detected: [....39] [ip4][..udp] [....10.12.64.30][29304] -> [..198.226.25.53][.1812] [Radius][Network][Acceptable]
new: [....40] [ip4][..170] [170.170.170.170] -> [170.170.170.170]
idle: [....33] [ip4][..udp] [....10.12.64.30][29200] -> [...198.226.37.0][.1812] [Radius][Network][Acceptable]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: Unknown L3 protocol
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [2/16]
ERROR-EVENT: Unknown L3 protocol [1/16]
new: [....41] [ip4][..udp] [..198.226.25.53][.1812] -> [..10.12.172.158][29200]
detected: [....41] [ip4][..udp] [..198.226.25.53][.1812] -> [..10.12.172.158][29200] [Radius][Network][Acceptable]
new: [....42] [ip4][..udp] [....10.12.64.30][29200] -> [..198.119.25.53][.1812]
new: [....43] [ip4][..udp] [..198.226.25.53][.1965] -> [....10.12.64.30][29200]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [2/16]
update: [.....3] [ip4][..udp] [....10.12.64.30][29200] -> [..198.226.25.53][.1812] [Radius][Network][Acceptable]
new: [....44] [ip4][....0] [....10.12.64.30] -> [..198.226.25.53]
new: [....45] [ip4][..udp] [..198.234.25.53][.1812] -> [....10.12.64.30][29200]
@@ -254,11 +254,11 @@
detected: [....48] [ip4][..udp] [..198.226.25.53][.1812] -> [...10.12.112.30][29200] [Radius][Network][Acceptable]
new: [....49] [ip4][..udp] [.....10.84.37.0][29200] -> [..198.226.25.53][.1812]
detected: [....49] [ip4][..udp] [.....10.84.37.0][29200] -> [..198.226.25.53][.1812] [Radius][Network][Acceptable]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: Unknown L3 protocol
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: Unknown L3 protocol
ERROR-EVENT: Unknown L3 protocol
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16]
ERROR-EVENT: Unknown L3 protocol [2/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [3/16]
ERROR-EVENT: Unknown L3 protocol [4/16]
ERROR-EVENT: Unknown L3 protocol [1/16]
new: [....50] [ip4][..udp] [....10.12.64.37][29200] -> [....0.226.25.53][.1812]
detected: [....50] [ip4][..udp] [....10.12.64.37][29200] -> [....0.226.25.53][.1812] [Radius][Network][Acceptable]
new: [....51] [ip4][..udp] [....10.12.64.30][29200] -> [...198.48.25.53][.1812]
@@ -284,8 +284,8 @@
update: [....34] [ip4][..112] [....10.12.64.30] -> [..198.226.25.53] [VRRP][Network][Acceptable]
new: [....53] [ip4][..udp] [..198.226.25.53][.1813] -> [....10.12.64.30][29200]
detected: [....53] [ip4][..udp] [..198.226.25.53][.1813] -> [....10.12.64.30][29200] [Radius][Network][Acceptable]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown L3 protocol
ERROR-EVENT: Unknown packet type [1/16]
ERROR-EVENT: Unknown L3 protocol [2/16]
idle: [....37] [ip4][..udp] [..198.226.25.62][.1812] -> [.....10.12.37.0][29200] [Radius][Network][Acceptable]
idle: [....36] [ip4][..udp] [.....37.0.25.62][.1812] -> [....10.12.64.30][29200] [Radius][Network][Acceptable]
new: [....54] [ip4][..udp] [..198.226.25.53][.1812] -> [....10.12.64.30][29204]
@@ -300,8 +300,8 @@
idle: [....23] [ip4][...85] [..198.226.25.62] -> [....10.12.64.30]
DAEMON-EVENT: [Processed: 200 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 15 / 54|skipped: 0|!detected: 10|guessed: 2|detection-updates: 0|updates: 98]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [1/16]
ERROR-EVENT: Unknown packet type [2/16]
idle: [....48] [ip4][..udp] [..198.226.25.53][.1812] -> [...10.12.112.30][29200] [Radius][Network][Acceptable]
idle: [....46] [ip4][..udp] [....10.76.64.30][29200] -> [..198.226.25.53][.1812] [Radius][Network][Acceptable]
idle: [....45] [ip4][..udp] [..198.234.25.53][.1812] -> [....10.12.64.30][29200] [Radius][Network][Acceptable]
@@ -341,18 +341,18 @@
detected: [....59] [ip4][..udp] [....88.12.80.30][29200] -> [..198.226.25.53][.1812] [Radius][Network][Acceptable]
new: [....60] [ip4][..udp] [....10.12.64.30][29200] -> [..198.226.25.62][.1812]
detected: [....60] [ip4][..udp] [....10.12.64.30][29200] -> [..198.226.25.62][.1812] [Radius][Network][Acceptable]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16]
new: [....61] [ip4][..udp] [.....10.6.64.30][29200] -> [..198.226.25.53][.1812]
detected: [....61] [ip4][..udp] [.....10.6.64.30][29200] -> [..198.226.25.53][.1812] [Radius][Network][Acceptable]
new: [....62] [ip4][..udp] [..198.226.25.53][.1812] -> [....10.82.64.30][29200]
detected: [....62] [ip4][..udp] [..198.226.25.53][.1812] -> [....10.82.64.30][29200] [Radius][Network][Acceptable]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: Unknown packet type [2/16]
ERROR-EVENT: Unknown packet type [3/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16]
new: [....63] [ip4][..udp] [....10.12.64.30][29200] -> [..198.226.80.53][.1812]
detected: [....63] [ip4][..udp] [....10.12.64.30][29200] -> [..198.226.80.53][.1812] [Radius][Network][Acceptable]
new: [....64] [ip4][..udp] [..198.226.25.53][.3860] -> [....14.12.64.30][29200]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [2/16]
update: [.....3] [ip4][..udp] [....10.12.64.30][29200] -> [..198.226.25.53][.1812] [Radius][Network][Acceptable]
update: [....57] [ip4][..udp] [....10.12.82.30][29200] -> [..198.226.25.53][.1812] [Radius][Network][Acceptable]
update: [....58] [ip4][..udp] [..198.226.25.53][.1812] -> [....10.12.64.66][29200]
@@ -361,29 +361,29 @@
detected: [....65] [ip4][..udp] [.....198.7.9.53][.1812] -> [....10.12.64.30][29200] [Radius][Network][Acceptable]
new: [....66] [ip4][..udp] [....10.12.64.30][29232] -> [..198.226.25.53][.1812]
detected: [....66] [ip4][..udp] [....10.12.64.30][29232] -> [..198.226.25.53][.1812] [Radius][Network][Acceptable]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown L3 protocol
ERROR-EVENT: Unknown packet type [1/16]
ERROR-EVENT: Unknown L3 protocol [2/16]
new: [....67] [ip4][..udp] [..198.226.25.53][.1812] -> [....10.81.64.30][29200]
detected: [....67] [ip4][..udp] [..198.226.25.53][.1812] -> [....10.81.64.30][29200] [Radius][Network][Acceptable]
new: [....68] [ip4][..udp] [..198.226.25.53][43028] -> [....10.12.64.30][29200]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: Unknown packet type
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [3/16]
ERROR-EVENT: Unknown packet type [4/16]
update: [....60] [ip4][..udp] [....10.12.64.30][29200] -> [..198.226.25.62][.1812] [Radius][Network][Acceptable]
update: [....61] [ip4][..udp] [.....10.6.64.30][29200] -> [..198.226.25.53][.1812] [Radius][Network][Acceptable]
update: [....62] [ip4][..udp] [..198.226.25.53][.1812] -> [....10.82.64.30][29200] [Radius][Network][Acceptable]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: Unknown L3 protocol
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [5/16]
ERROR-EVENT: Unknown L3 protocol [6/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16]
new: [....69] [ip4][..udp] [..198.226.25.53][.1812] -> [....10.12.64.73][29200]
detected: [....69] [ip4][..udp] [..198.226.25.53][.1812] -> [....10.12.64.73][29200] [Radius][Network][Acceptable]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [2/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [3/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [4/16]
new: [....70] [ip4][..udp] [..198.226.25.53][.1812] -> [....10.12.64.30][29208]
detected: [....70] [ip4][..udp] [..198.226.25.53][.1812] -> [....10.12.64.30][29208] [Radius][Network][Acceptable]
new: [....71] [ip4][..udp] [....10.12.64.30][29289] -> [..198.226.25.53][.1812]
detected: [....71] [ip4][..udp] [....10.12.64.30][29289] -> [..198.226.25.53][.1812] [Radius][Network][Acceptable]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [5/16]
update: [.....3] [ip4][..udp] [....10.12.64.30][29200] -> [..198.226.25.53][.1812] [Radius][Network][Acceptable]
update: [....57] [ip4][..udp] [....10.12.82.30][29200] -> [..198.226.25.53][.1812] [Radius][Network][Acceptable]
update: [....58] [ip4][..udp] [..198.226.25.53][.1812] -> [....10.12.64.66][29200]
@@ -401,7 +401,7 @@
update: [....65] [ip4][..udp] [.....198.7.9.53][.1812] -> [....10.12.64.30][29200] [Radius][Network][Acceptable]
update: [....67] [ip4][..udp] [..198.226.25.53][.1812] -> [....10.81.64.30][29200] [Radius][Network][Acceptable]
update: [....62] [ip4][..udp] [..198.226.25.53][.1812] -> [....10.82.64.30][29200] [Radius][Network][Acceptable]
ERROR-EVENT: Unknown L3 protocol
ERROR-EVENT: Unknown L3 protocol [1/16]
idle: [....69] [ip4][..udp] [..198.226.25.53][.1812] -> [....10.12.64.73][29200] [Radius][Network][Acceptable]
idle: [....63] [ip4][..udp] [....10.12.64.30][29200] -> [..198.226.80.53][.1812] [Radius][Network][Acceptable]
guessed: [....58] [ip4][..udp] [..198.226.25.53][.1812] -> [....10.12.64.66][29200] [Radius][Network][Acceptable]
@@ -426,11 +426,11 @@
new: [....73] [ip4][..udp] [....10.12.64.30][29200] -> [..198.226.25.53][.1812]
detected: [....73] [ip4][..udp] [....10.12.64.30][29200] -> [..198.226.25.53][.1812] [Radius][Network][Acceptable]
new: [....74] [ip4][..udp] [..198.226.25.53][.1814] -> [....10.12.64.30][29200]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16]
new: [....75] [ip4][..udp] [....57.12.64.30][29200] -> [..198.226.25.53][28948]
new: [....76] [ip4][..udp] [..198.226.25.53][.1812] -> [....10.12.64.30][22544]
detected: [....76] [ip4][..udp] [..198.226.25.53][.1812] -> [....10.12.64.30][22544] [Radius][Network][Acceptable]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [2/16]
DAEMON-EVENT: [Processed: 285 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 6 / 76|skipped: 0|!detected: 15|guessed: 3|detection-updates: 0|updates: 132]
new: [....77] [ip4][..udp] [....10.12.64.30][29200] -> [..198.226.25.53][.1813]
@@ -441,8 +441,8 @@
idle: [....40] [ip4][..170] [170.170.170.170] -> [170.170.170.170]
update: [....60] [ip4][..udp] [....10.12.64.30][29200] -> [..198.226.25.62][.1812] [Radius][Network][Acceptable]
new: [....79] [ip4][...37] [..198.226.25.53] -> [....10.12.64.30]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [1/16]
ERROR-EVENT: Unknown packet type [2/16]
idle: [....73] [ip4][..udp] [....10.12.64.30][29200] -> [..198.226.25.53][.1812] [Radius][Network][Acceptable]
idle: [....60] [ip4][..udp] [....10.12.64.30][29200] -> [..198.226.25.62][.1812] [Radius][Network][Acceptable]
idle: [....78] [ip4][..udp] [..198.226.25.53][.1813] -> [....10.12.64.30][21008] [Radius][Network][Acceptable]

4
test/results/flow-info/fuzz-2021-06-07-c6c72a0a56.pcap.out
View File

@@ -1,6 +1,6 @@
DAEMON-EVENT: init
DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
ERROR-EVENT: Captured packet size is smaller than expected packet size
ERROR-EVENT: nDPI IPv4/L4 payload detection failed
ERROR-EVENT: Captured packet size is smaller than expected packet size [1/16]
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [2/16]
DAEMON-EVENT: shutdown

2
test/results/flow-info/fuzz-2021-10-13.pcap.out
View File

@@ -1,5 +1,5 @@
DAEMON-EVENT: init
DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
ERROR-EVENT: Unknown datalink layer packet
ERROR-EVENT: Unknown datalink layer packet [1/16]
DAEMON-EVENT: shutdown

2
test/results/flow-info/gnutella.pcap.out
View File

@@ -1,5 +1,5 @@
DAEMON-EVENT: init
ERROR-EVENT: Packet too short
ERROR-EVENT: Packet too short [1/16]
new: [.....1] [ip6][icmp6] [.....................................::] -> [......................ff02::1:ffa4:e108]
detected: [.....1] [ip6][icmp6] [.....................................::] -> [......................ff02::1:ffa4:e108] [ICMPV6][Network][Acceptable]
new: [.....2] [ip6][icmp6] [..............fe80::c50d:519f:96a4:e108] -> [................................ff02::2]

2
test/results/flow-info/gtp_prime.pcapng.out
View File

@@ -1,5 +1,5 @@
DAEMON-EVENT: init
DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [1/16]
DAEMON-EVENT: shutdown

9064
test/results/flow-info/ip_fragmented_garbage.pcap.out
View File

File diff suppressed because it is too large Load Diff

4
test/results/flow-info/ipv6_in_gtp.pcap.out
View File

@@ -1,8 +1,8 @@
DAEMON-EVENT: init
DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [1/16]
DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [1/16]
DAEMON-EVENT: shutdown

22
test/results/flow-info/ja3_lots_of_cipher_suites.pcap.out
View File

@@ -1,15 +1,15 @@
DAEMON-EVENT: init
DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [1/16]
ERROR-EVENT: Unknown packet type [2/16]
ERROR-EVENT: Unknown packet type [3/16]
ERROR-EVENT: Unknown packet type [4/16]
ERROR-EVENT: Unknown packet type [5/16]
ERROR-EVENT: Unknown packet type [6/16]
ERROR-EVENT: Unknown packet type [7/16]
ERROR-EVENT: Unknown packet type [8/16]
ERROR-EVENT: Unknown packet type [9/16]
ERROR-EVENT: Unknown packet type [10/16]
ERROR-EVENT: Unknown packet type [11/16]
DAEMON-EVENT: shutdown

26
test/results/flow-info/ja3_lots_of_cipher_suites_2_anon.pcap.out
View File

@@ -1,20 +1,20 @@
DAEMON-EVENT: init
DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
ERROR-EVENT: Captured packet size is smaller than expected packet size
ERROR-EVENT: Captured packet size is smaller than expected packet size [1/16]
new: [.....1] [ip4][..udp] [.132.190.244.12][.2152] -> [.151.121.185.44][.2152]
detected: [.....1] [ip4][..udp] [.132.190.244.12][.2152] -> [.151.121.185.44][.2152] [GTP.GTP_U][Network][Acceptable]
ERROR-EVENT: Captured packet size is smaller than expected packet size
ERROR-EVENT: Captured packet size is smaller than expected packet size
ERROR-EVENT: Captured packet size is smaller than expected packet size
ERROR-EVENT: Captured packet size is smaller than expected packet size
ERROR-EVENT: Captured packet size is smaller than expected packet size
ERROR-EVENT: Captured packet size is smaller than expected packet size
ERROR-EVENT: Captured packet size is smaller than expected packet size
ERROR-EVENT: Captured packet size is smaller than expected packet size
ERROR-EVENT: Captured packet size is smaller than expected packet size
ERROR-EVENT: Captured packet size is smaller than expected packet size
ERROR-EVENT: Captured packet size is smaller than expected packet size
ERROR-EVENT: Captured packet size is smaller than expected packet size
ERROR-EVENT: Captured packet size is smaller than expected packet size [2/16]
ERROR-EVENT: Captured packet size is smaller than expected packet size [3/16]
ERROR-EVENT: Captured packet size is smaller than expected packet size [4/16]
ERROR-EVENT: Captured packet size is smaller than expected packet size [5/16]
ERROR-EVENT: Captured packet size is smaller than expected packet size [6/16]
ERROR-EVENT: Captured packet size is smaller than expected packet size [7/16]
ERROR-EVENT: Captured packet size is smaller than expected packet size [8/16]
ERROR-EVENT: Captured packet size is smaller than expected packet size [9/16]
ERROR-EVENT: Captured packet size is smaller than expected packet size [10/16]
ERROR-EVENT: Captured packet size is smaller than expected packet size [11/16]
ERROR-EVENT: Captured packet size is smaller than expected packet size [12/16]
ERROR-EVENT: Captured packet size is smaller than expected packet size [13/16]
idle: [.....1] [ip4][..udp] [.132.190.244.12][.2152] -> [.151.121.185.44][.2152] [GTP.GTP_U][Network][Acceptable]
DAEMON-EVENT: shutdown

8
test/results/flow-info/log4j-webapp-exploit.pcap.out
View File

@@ -4,8 +4,8 @@
new: [.....1] [ip4][..tcp] [...172.16.238.1][.1984] -> [..172.16.238.10][.8080]
detected: [.....1] [ip4][..tcp] [...172.16.238.1][.1984] -> [..172.16.238.10][.8080] [HTTP][Web][Acceptable][192.168.13.31]
RISK: Known Proto on Non Std Port, HTTP Numeric IP Address
ERROR-EVENT: Unknown L3 protocol
ERROR-EVENT: Unknown L3 protocol
ERROR-EVENT: Unknown L3 protocol [1/16]
ERROR-EVENT: Unknown L3 protocol [2/16]
new: [.....2] [ip4][..tcp] [..172.16.238.10][57650] -> [..172.16.238.11][.1389]
detected: [.....2] [ip4][..tcp] [..172.16.238.10][57650] -> [..172.16.238.11][.1389] [LDAP][System][Acceptable]
RISK: Known Proto on Non Std Port
@@ -15,8 +15,8 @@
detection-update: [.....3] [ip4][..tcp] [..172.16.238.10][48444] -> [..172.16.238.11][...80] [HTTP][Download][Acceptable][172.16.238.11]
RISK: Binary App Transfer, HTTP Numeric IP Address
new: [.....4] [ip4][..tcp] [..172.16.238.10][55408] -> [....10.10.10.31][.9001]
ERROR-EVENT: Unknown L3 protocol
ERROR-EVENT: Unknown L3 protocol
ERROR-EVENT: Unknown L3 protocol [3/16]
ERROR-EVENT: Unknown L3 protocol [4/16]
analyse: [.....4] [ip4][..tcp] [..172.16.238.10][55408] -> [....10.10.10.31][.9001]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 7.289| 0.474| 1.790| 3202664.366| 1.100]

44
test/results/flow-info/reasm_segv_anon.pcapng.out
View File

@@ -1,17 +1,17 @@
DAEMON-EVENT: init
DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
ERROR-EVENT: Captured packet size is smaller than expected packet size
ERROR-EVENT: Captured packet size is smaller than expected packet size [1/16]
new: [.....1] [ip4][..udp] [...145.76.2.236][.2152] -> [...187.96.52.85][.2152]
detected: [.....1] [ip4][..udp] [...145.76.2.236][.2152] -> [...187.96.52.85][.2152] [GTP.GTP_U][Network][Acceptable]
ERROR-EVENT: Captured packet size is smaller than expected packet size
ERROR-EVENT: Captured packet size is smaller than expected packet size
ERROR-EVENT: Captured packet size is smaller than expected packet size
ERROR-EVENT: Captured packet size is smaller than expected packet size
ERROR-EVENT: Captured packet size is smaller than expected packet size
ERROR-EVENT: Captured packet size is smaller than expected packet size
ERROR-EVENT: Captured packet size is smaller than expected packet size
ERROR-EVENT: Captured packet size is smaller than expected packet size
ERROR-EVENT: Captured packet size is smaller than expected packet size [2/16]
ERROR-EVENT: Captured packet size is smaller than expected packet size [3/16]
ERROR-EVENT: Captured packet size is smaller than expected packet size [4/16]
ERROR-EVENT: Captured packet size is smaller than expected packet size [5/16]
ERROR-EVENT: Captured packet size is smaller than expected packet size [6/16]
ERROR-EVENT: Captured packet size is smaller than expected packet size [7/16]
ERROR-EVENT: Captured packet size is smaller than expected packet size [8/16]
ERROR-EVENT: Captured packet size is smaller than expected packet size [9/16]
analyse: [.....1] [ip4][..udp] [...145.76.2.236][.2152] -> [...187.96.52.85][.2152] [GTP.GTP_U][Network][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 1.859| 0.305| 0.564| 318078.976| 3.100]
@@ -22,24 +22,12 @@
[IATS(ms)....: 396.0,83.8,1376.2,0.1,0.0,0.0,0.0,0.0,0.0,0.0,0.1,0.1,1859.1,964.9,439.7,439.7,0.1,0.0,0.0,0.0,0.0,0.1,163.9,20.1,1615.4,1799.0,0.1,0.0,155.8,155.6,0.1]
[PKTLENS.....: 92,92,92,1476,1476,1476,1476,1476,1476,1476,1476,1476,1476,100,1476,100,1476,1476,1476,1476,1372,1476,1476,108,108,100,76,388,1164,100,76,388]
[ENTROPIES...: 5.4,5.4,5.4,7.9,7.8,7.8,7.9,7.8,7.8,7.8,7.8,7.8,7.8,5.4,7.8,5.4,7.8,7.9,7.8,7.9,7.8,7.9,7.8,5.5,5.5,5.4,5.2,7.3,7.8,5.5,5.2,7.4]
ERROR-EVENT: Captured packet size is smaller than expected packet size
ERROR-EVENT: Captured packet size is smaller than expected packet size
ERROR-EVENT: Captured packet size is smaller than expected packet size
ERROR-EVENT: Captured packet size is smaller than expected packet size
ERROR-EVENT: Captured packet size is smaller than expected packet size
ERROR-EVENT: Captured packet size is smaller than expected packet size
ERROR-EVENT: Captured packet size is smaller than expected packet size
ERROR-EVENT: Captured packet size is smaller than expected packet size
ERROR-EVENT: Captured packet size is smaller than expected packet size
ERROR-EVENT: Captured packet size is smaller than expected packet size
ERROR-EVENT: Captured packet size is smaller than expected packet size
ERROR-EVENT: Captured packet size is smaller than expected packet size
ERROR-EVENT: Captured packet size is smaller than expected packet size
ERROR-EVENT: Captured packet size is smaller than expected packet size
ERROR-EVENT: Captured packet size is smaller than expected packet size
ERROR-EVENT: Captured packet size is smaller than expected packet size
ERROR-EVENT: Captured packet size is smaller than expected packet size
ERROR-EVENT: Captured packet size is smaller than expected packet size
ERROR-EVENT: Captured packet size is smaller than expected packet size
ERROR-EVENT: Captured packet size is smaller than expected packet size [10/16]
ERROR-EVENT: Captured packet size is smaller than expected packet size [11/16]
ERROR-EVENT: Captured packet size is smaller than expected packet size [12/16]
ERROR-EVENT: Captured packet size is smaller than expected packet size [13/16]
ERROR-EVENT: Captured packet size is smaller than expected packet size [14/16]
ERROR-EVENT: Captured packet size is smaller than expected packet size [15/16]
ERROR-EVENT: Captured packet size is smaller than expected packet size [16/16]
idle: [.....1] [ip4][..udp] [...145.76.2.236][.2152] -> [...187.96.52.85][.2152] [GTP.GTP_U][Network][Acceptable]
DAEMON-EVENT: shutdown

4
test/results/flow-info/rsh-syslog-false-positive.pcap.out
View File

@@ -3,7 +3,7 @@
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....1] [ip4][..tcp] [..172.31.78.129][.9039] -> [..172.29.43.201][..514] [MIDSTREAM]
detected: [.....1] [ip4][..tcp] [..172.31.78.129][.9039] -> [..172.29.43.201][..514] [Syslog][System][Acceptable]
ERROR-EVENT: Captured packet size is smaller than expected packet size
ERROR-EVENT: Captured packet size is smaller than expected packet size
ERROR-EVENT: Captured packet size is smaller than expected packet size [1/16]
ERROR-EVENT: Captured packet size is smaller than expected packet size [2/16]
idle: [.....1] [ip4][..tcp] [..172.31.78.129][.9039] -> [..172.29.43.201][..514] [Syslog][System][Acceptable]
DAEMON-EVENT: shutdown

2
test/results/flow-info/skype_no_unknown.pcap.out
View File

@@ -306,7 +306,7 @@
detected: [...144] [ip4][..udp] [...192.168.1.34][13021] -> [..157.55.56.161][40031] [Skype_Teams.Skype_TeamsCall][VoIP][Acceptable]
new: [...145] [ip4][..udp] [...192.168.1.34][13021] -> [.157.55.235.148][40033]
detected: [...145] [ip4][..udp] [...192.168.1.34][13021] -> [.157.55.235.148][40033] [Skype_Teams.Skype_TeamsCall][VoIP][Acceptable]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [1/16]
new: [...146] [ip4][..tcp] [...192.168.1.34][51255] -> [.157.55.130.142][40005]
new: [...147] [ip4][..tcp] [...192.168.1.34][51256] -> [.111.221.77.142][40013]
new: [...148] [ip4][..tcp] [...192.168.1.34][51257] -> [.157.55.235.170][40032]

12
test/results/flow-info/someip_sd_sample.pcap.out
View File

@@ -1,10 +1,10 @@
DAEMON-EVENT: init
DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
ERROR-EVENT: Unknown datalink layer packet
ERROR-EVENT: Unknown datalink layer packet
ERROR-EVENT: Unknown datalink layer packet
ERROR-EVENT: Unknown datalink layer packet
ERROR-EVENT: Unknown datalink layer packet
ERROR-EVENT: Unknown datalink layer packet
ERROR-EVENT: Unknown datalink layer packet [1/16]
ERROR-EVENT: Unknown datalink layer packet [2/16]
ERROR-EVENT: Unknown datalink layer packet [3/16]
ERROR-EVENT: Unknown datalink layer packet [4/16]
ERROR-EVENT: Unknown datalink layer packet [5/16]
ERROR-EVENT: Unknown datalink layer packet [6/16]
DAEMON-EVENT: shutdown

2
test/results/flow-info/starcraft_battle.pcap.out
View File

@@ -26,7 +26,7 @@
detection-update: [.....9] [ip4][..udp] [..192.168.1.100][58851] -> [..192.168.1.254][...53] [DNS][Network][Acceptable][110.212.58.216.in-addr.arpa]
new: [....10] [ip4][..tcp] [..192.168.1.100][.3427] -> [.80.239.208.193][.1119] [MIDSTREAM]
new: [....11] [ip4][..tcp] [..192.168.1.100][.2759] -> [.64.233.184.188][.5228] [MIDSTREAM]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [1/16]
new: [....12] [ip4][..udp] [..192.168.1.254][38605] -> [239.255.255.250][.1900]
detected: [....12] [ip4][..udp] [..192.168.1.254][38605] -> [239.255.255.250][.1900] [SSDP][System][Acceptable][239.255.255.250:1900]
new: [....13] [ip4][..tcp] [..192.168.1.100][.3506] -> [173.194.113.224][...80]

12
test/results/flow-info/syslog.pcap.out
View File

@@ -1,6 +1,6 @@
DAEMON-EVENT: init
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [1/16]
ERROR-EVENT: Unknown packet type [2/16]
DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....1] [ip4][..udp] [...172.20.51.54][..514] -> [..172.31.110.40][..514]
@@ -81,10 +81,10 @@
RISK: Known Proto on Non Std Port
DAEMON-EVENT: [Processed: 82 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 1 / 17|skipped: 0|!detected: 2|guessed: 0|detection-updates: 0|updates: 10]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [1/16]
ERROR-EVENT: Unknown packet type [2/16]
ERROR-EVENT: Unknown packet type [3/16]
ERROR-EVENT: Unknown packet type [4/16]
DAEMON-EVENT: [Processed: 82 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 1 / 17|skipped: 0|!detected: 2|guessed: 0|detection-updates: 0|updates: 10]
new: [....18] [ip4][..udp] [...10.94.232.21][57374] -> [...10.94.150.21][..514]

55
test/results/flow-info/teams.pcap.out
View File

@@ -3,13 +3,13 @@
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....1] [ip4][..udp] [....192.168.0.1][...68] -> [255.255.255.255][...67]
detected: [.....1] [ip4][..udp] [....192.168.0.1][...68] -> [255.255.255.255][...67] [DHCP][Network][Acceptable][tl-sg116e]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [1/16]
new: [.....2] [ip4][..tcp] [....192.168.1.6][58533] -> [.149.154.167.91][..443] [MIDSTREAM]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [2/16]
ERROR-EVENT: Unknown packet type [3/16]
ERROR-EVENT: Unknown packet type [4/16]
ERROR-EVENT: Unknown packet type [5/16]
ERROR-EVENT: Unknown packet type [6/16]
new: [.....3] [ip4][..udp] [....192.168.1.6][60813] -> [....192.168.1.1][...53]
detected: [.....3] [ip4][..udp] [....192.168.1.6][60813] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][skypedataprdcolneu04.cloudapp.net]
detection-update: [.....3] [ip4][..udp] [....192.168.1.6][60813] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][skypedataprdcolneu04.cloudapp.net]
@@ -32,7 +32,7 @@
detection-update: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] [TLS.Teams][Collaborative][Safe][teams.microsoft.com]
detection-update: [.....4] [ip4][..tcp] [....192.168.1.6][60532] -> [...52.114.77.33][..443] [TLS.Microsoft][Cloud][Safe][mobile.pipe.aria.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [7/16]
new: [.....6] [ip4][..tcp] [....192.168.1.6][60534] -> [.....40.126.9.5][..443]
detected: [.....6] [ip4][..tcp] [....192.168.1.6][60534] -> [.....40.126.9.5][..443] [TLS.Microsoft365][Collaborative][Acceptable][login.microsoftonline.com]
detection-update: [.....6] [ip4][..tcp] [....192.168.1.6][60534] -> [.....40.126.9.5][..443] [TLS.Microsoft365][Collaborative][Acceptable][login.microsoftonline.com]
@@ -75,33 +75,33 @@
[PKTLENS.....: 64,52,40,254,46,1492,1492,40,1492,40,1492,257,40,198,46,133,366,109,40,40,78,1480,1047,124,46,78,40,46,46,46,1492,1055]
[ENTROPIES...: 4.4,4.9,4.6,5.5,4.5,7.3,7.4,4.7,7.5,4.6,7.6,7.1,4.7,6.5,4.5,6.1,7.2,5.9,4.7,4.6,5.1,7.9,7.8,6.1,4.5,5.4,4.6,4.6,4.6,4.5,7.8,7.8]
detection-update: [.....8] [ip4][..tcp] [....192.168.1.6][60536] -> [.52.113.194.132][..443] [TLS.Teams][Collaborative][Safe][teams.microsoft.com]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [8/16]
ERROR-EVENT: Unknown packet type [9/16]
new: [.....9] [ip4][..tcp] [....192.168.1.6][60537] -> [...52.114.77.33][..443]
detected: [.....9] [ip4][..tcp] [....192.168.1.6][60537] -> [...52.114.77.33][..443] [TLS.Microsoft][Cloud][Safe][mobile.pipe.aria.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
detection-update: [.....9] [ip4][..tcp] [....192.168.1.6][60537] -> [...52.114.77.33][..443] [TLS.Microsoft][Cloud][Safe][mobile.pipe.aria.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [10/16]
new: [....10] [ip4][..udp] [....192.168.1.6][64046] -> [....192.168.1.1][...53]
detected: [....10] [ip4][..udp] [....192.168.1.6][64046] -> [....192.168.1.1][...53] [DNS.ntop][Network][Safe][b._dns-sd._udp.ntop.org]
new: [....11] [ip4][..udp] [....192.168.1.6][17500] -> [255.255.255.255][17500]
detected: [....11] [ip4][..udp] [....192.168.1.6][17500] -> [255.255.255.255][17500] [Dropbox][Cloud][Acceptable]
new: [....12] [ip4][..udp] [....192.168.1.6][17500] -> [..192.168.1.255][17500]
detected: [....12] [ip4][..udp] [....192.168.1.6][17500] -> [..192.168.1.255][17500] [Dropbox][Cloud][Acceptable]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [11/16]
ERROR-EVENT: Unknown packet type [12/16]
detection-update: [....10] [ip4][..udp] [....192.168.1.6][64046] -> [....192.168.1.1][...53] [DNS.ntop][Network][Safe][b._dns-sd._udp.ntop.org]
new: [....13] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67]
detected: [....13] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Network][Acceptable][]
new: [....14] [ip4][..tcp] [..93.62.150.157][..443] -> [....192.168.1.6][60512] [MIDSTREAM]
detected: [....14] [ip4][..tcp] [..93.62.150.157][..443] -> [....192.168.1.6][60512] [TLS][Web][Safe]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [13/16]
new: [....15] [ip4][..udp] [....192.168.1.6][56634] -> [....192.168.1.1][...53]
detected: [....15] [ip4][..udp] [....192.168.1.6][56634] -> [....192.168.1.1][...53] [DNS][ConnCheck][Acceptable][captive.apple.com.edgekey.net]
detection-update: [....15] [ip4][..udp] [....192.168.1.6][56634] -> [....192.168.1.1][...53] [DNS][ConnCheck][Acceptable][captive.apple.com.edgekey.net]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [14/16]
ERROR-EVENT: Unknown packet type [15/16]
new: [....16] [ip4][..udp] [....192.168.1.6][51033] -> [....192.168.1.1][...53]
detected: [....16] [ip4][..udp] [....192.168.1.6][51033] -> [....192.168.1.1][...53] [DNS.Teams][VoIP][Safe][eu-api.asm.skype.com]
new: [....17] [ip4][..udp] [....192.168.1.6][63106] -> [....192.168.1.1][...53]
@@ -137,7 +137,7 @@
detection-update: [....26] [ip4][..tcp] [....192.168.1.6][60544] -> [...52.114.76.48][..443] [TLS.Teams][Collaborative][Safe][northeurope.notifications.teams.microsoft.com]
detection-update: [....25] [ip4][..tcp] [....192.168.1.6][60543] -> [...52.114.77.33][..443] [TLS.Microsoft][Cloud][Safe][mobile.pipe.aria.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [16/16]
new: [....27] [ip4][..udp] [....192.168.1.6][57530] -> [....192.168.1.1][...53]
detected: [....27] [ip4][..udp] [....192.168.1.6][57530] -> [....192.168.1.1][...53] [DNS.Microsoft][Web][Safe][presence.services.sfb.trafficmanager.net]
detection-update: [....27] [ip4][..udp] [....192.168.1.6][57530] -> [....192.168.1.1][...53] [DNS.Microsoft][Web][Safe][presence.services.sfb.trafficmanager.net]
@@ -181,7 +181,6 @@
new: [....33] [ip4][..tcp] [....192.168.1.6][60548] -> [...52.114.77.33][..443]
detected: [....33] [ip4][..tcp] [....192.168.1.6][60548] -> [...52.114.77.33][..443] [TLS.Microsoft][Cloud][Safe][mobile.pipe.aria.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
ERROR-EVENT: Unknown packet type
detection-update: [....33] [ip4][..tcp] [....192.168.1.6][60548] -> [...52.114.77.33][..443] [TLS.Microsoft][Cloud][Safe][mobile.pipe.aria.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
analyse: [....32] [ip4][..tcp] [....192.168.1.6][60547] -> [...52.114.88.59][..443] [TLS.Teams][Collaborative][Safe]
@@ -194,7 +193,6 @@
[IATS(ms)....: 34.2,34.3,0.3,36.9,0.0,36.6,0.0,0.2,0.2,0.1,0.0,0.1,1.0,12.0,0.3,36.0,22.7,0.2,0.2,0.1,10.4,10.3,0.6,0.6,77.1,91.7,0.0,49.1,80.4,115.1,0.2]
[PKTLENS.....: 64,60,52,273,1492,1492,64,52,1492,52,1492,302,52,178,145,533,103,52,121,52,90,90,52,414,52,52,1480,247,52,227,52,1139]
[ENTROPIES...: 4.3,5.1,4.7,5.5,7.4,7.3,4.8,4.8,7.5,4.7,7.6,7.4,4.8,6.3,6.2,7.5,5.6,4.9,6.0,4.9,5.4,5.5,4.8,7.4,4.9,5.1,7.8,7.0,5.0,6.8,4.7,7.8]
ERROR-EVENT: Unknown packet type
new: [....34] [ip4][..udp] [....192.168.1.6][59403] -> [....192.168.1.1][...53]
detected: [....34] [ip4][..udp] [....192.168.1.6][59403] -> [....192.168.1.1][...53] [DNS.Microsoft365][Collaborative][Acceptable][substrate.office.com]
detection-update: [....34] [ip4][..udp] [....192.168.1.6][59403] -> [....192.168.1.1][...53] [DNS.Microsoft365][Collaborative][Acceptable][substrate.office.com]
@@ -212,7 +210,6 @@
[PKTLENS.....: 64,52,40,257,46,1492,1492,40,1492,40,1492,181,40,198,46,366,109,40,40,133,78,561,46,78,40,46,46,440,40,342,46,345]
[ENTROPIES...: 4.4,5.0,4.6,5.5,4.5,7.3,7.5,4.6,7.5,4.6,7.7,6.8,4.7,6.5,4.5,7.2,6.0,4.6,4.6,6.2,5.2,7.6,4.4,5.4,4.6,4.5,4.5,7.5,4.7,7.2,4.5,7.3]
detection-update: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] [TLS.Teams][Collaborative][Safe][config.teams.microsoft.com]
ERROR-EVENT: Unknown packet type
analyse: [....35] [ip4][..tcp] [....192.168.1.6][60549] -> [...13.107.18.11][..443]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.540| 0.024| 0.095| 8949.939| 1.900]
@@ -264,7 +261,6 @@
RISK: TLS (probably) Not Carrying HTTPS
detection-update: [....45] [ip4][..tcp] [....192.168.1.6][60555] -> [...52.114.77.33][..443] [TLS.Microsoft][Cloud][Safe][mobile.pipe.aria.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
ERROR-EVENT: Unknown packet type
detection-update: [....40] [ip4][..tcp] [....192.168.1.6][60551] -> [...52.114.15.45][..443] [TLS.Teams][Collaborative][Safe][trouter2-asse-a.trouter.teams.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
analyse: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443]
@@ -279,7 +275,6 @@
[ENTROPIES...: 4.4,4.9,4.5,5.5,4.4,7.3,7.5,4.6,7.5,4.5,7.7,6.7,4.6,6.5,4.5,5.7,4.5,5.6,4.6,7.8,4.6,7.9,7.9,4.6,7.9,4.6,7.9,7.9,4.6,4.5,7.9,7.9]
detection-update: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443] [TLS.Teams][Collaborative][Safe][config.teams.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
ERROR-EVENT: Unknown packet type
new: [....47] [ip4][..tcp] [....192.168.1.6][60557] -> [.52.113.194.132][..443]
detected: [....47] [ip4][..tcp] [....192.168.1.6][60557] -> [.52.113.194.132][..443] [TLS.Teams][Collaborative][Safe][teams.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
@@ -300,7 +295,6 @@
[IATS(ms)....: 48.6,48.7,0.3,51.0,0.1,50.7,0.0,0.3,0.3,1.7,49.8,48.1,1.4,0.0,0.0,50.5,49.1,0.0,0.0,0.0,37.2,37.2,0.0,11.5,11.5,1.0,36.0,16.0,53.0,0.7,0.1]
[PKTLENS.....: 64,60,52,258,1492,1492,64,52,1375,52,145,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,52,985,52,52,497,52,83,52]
[ENTROPIES...: 4.4,5.3,4.9,6.0,7.3,7.3,5.1,4.9,7.6,5.0,5.9,5.7,5.0,7.9,7.9,7.9,5.1,7.9,7.9,7.9,7.9,5.2,7.8,7.9,5.1,7.8,5.1,5.2,7.6,5.1,5.3,5.0]
ERROR-EVENT: Unknown packet type
new: [....49] [ip4][..udp] [..192.168.1.112][57621] -> [..192.168.1.255][57621]
detected: [....49] [ip4][..udp] [..192.168.1.112][57621] -> [..192.168.1.255][57621] [Spotify][Music][Acceptable]
new: [....50] [ip4][..tcp] [....192.168.1.6][60560] -> [....40.126.9.67][..443]
@@ -311,13 +305,11 @@
RISK: TLS (probably) Not Carrying HTTPS
new: [....52] [ip4][..udp] [....192.168.1.6][54069] -> [....192.168.1.1][...53]
detected: [....52] [ip4][..udp] [....192.168.1.6][54069] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][api.microsoftstream.com]
ERROR-EVENT: Unknown packet type
detection-update: [....52] [ip4][..udp] [....192.168.1.6][54069] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][api.microsoftstream.com]
new: [....53] [ip4][..tcp] [....192.168.1.6][60562] -> [.104.40.187.151][..443]
detected: [....53] [ip4][..tcp] [....192.168.1.6][60562] -> [.104.40.187.151][..443] [TLS.Azure][Cloud][Acceptable][api.microsoftstream.com]
detection-update: [....51] [ip4][..tcp] [....192.168.1.6][60561] -> [...52.114.77.33][..443] [TLS.Microsoft][Cloud][Safe][mobile.pipe.aria.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
ERROR-EVENT: Unknown packet type
analyse: [....53] [ip4][..tcp] [....192.168.1.6][60562] -> [.104.40.187.151][..443] [TLS.Azure][Cloud][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.126| 0.019| 0.032| 1006.354| 3.400]
@@ -345,10 +337,6 @@
detection-update: [....51] [ip4][..tcp] [....192.168.1.6][60561] -> [...52.114.77.33][..443] [TLS.Microsoft][Cloud][Safe][mobile.pipe.aria.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
detected: [....55] [ip4][..tcp] [....192.168.1.6][60563] -> [.52.169.186.119][..443] [TLS.Azure][Cloud][Acceptable][euno-1.api.microsoftstream.com]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
new: [....56] [ip4][..udp] [....192.168.1.6][63930] -> [....192.168.1.1][...53]
detected: [....56] [ip4][..udp] [....192.168.1.6][63930] -> [....192.168.1.1][...53] [DNS.Microsoft][Cloud][Safe][dc.applicationinsights.microsoft.com]
detection-update: [....56] [ip4][..udp] [....192.168.1.6][63930] -> [....192.168.1.1][...53] [DNS.Microsoft][Cloud][Safe][dc.applicationinsights.microsoft.com]
@@ -361,7 +349,6 @@
new: [....59] [ip4][..tcp] [....192.168.1.6][60565] -> [...52.114.108.8][..443]
detected: [....59] [ip4][..tcp] [....192.168.1.6][60565] -> [...52.114.108.8][..443] [TLS.Teams][Collaborative][Safe][emea.ng.msg.teams.microsoft.com]
detection-update: [....59] [ip4][..tcp] [....192.168.1.6][60565] -> [...52.114.108.8][..443] [TLS.Teams][Collaborative][Safe][emea.ng.msg.teams.microsoft.com]
ERROR-EVENT: Unknown packet type
analyse: [....59] [ip4][..tcp] [....192.168.1.6][60565] -> [...52.114.108.8][..443] [TLS.Teams][Collaborative][Safe]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.277| 0.019| 0.049| 2449.644| 2.900]
@@ -372,7 +359,6 @@
[IATS(ms)....: 19.2,19.3,0.2,22.0,0.0,21.8,0.0,0.2,0.2,0.2,0.0,0.2,1.1,12.3,0.3,19.9,0.0,6.3,0.0,0.6,12.0,11.4,1.5,1.4,55.0,62.1,0.0,25.5,0.0,18.4,276.9]
[PKTLENS.....: 64,60,52,274,1492,1492,64,52,1492,52,1492,471,52,178,145,525,103,121,52,52,90,90,52,511,52,52,1046,134,52,94,52,1335]
[ENTROPIES...: 4.4,5.3,4.9,5.6,7.1,7.3,5.0,5.0,7.5,4.9,7.6,7.5,4.9,6.3,6.3,7.6,5.6,5.9,5.0,4.9,5.4,5.7,5.0,7.5,5.0,5.2,7.8,6.2,5.2,5.6,5.0,7.8]
ERROR-EVENT: Unknown packet type
analyse: [....26] [ip4][..tcp] [....192.168.1.6][60544] -> [...52.114.76.48][..443] [TLS.Teams][Collaborative][Safe]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 8.978| 0.329| 1.582| 2503841.415| 0.800]
@@ -384,13 +370,11 @@
[PKTLENS.....: 64,52,40,276,1492,1492,52,40,40,1492,1492,309,40,40,198,133,568,91,40,109,40,78,46,409,40,46,1100,46,411,415,86,78]
[ENTROPIES...: 4.3,4.9,4.6,5.6,7.4,7.3,4.7,4.6,4.6,7.5,7.6,7.1,4.7,4.6,6.5,6.1,7.6,5.4,4.6,5.9,4.6,5.2,4.5,7.4,4.7,4.5,7.8,4.6,7.4,7.5,5.6,5.5]
new: [....60] [ip4][..tcp] [..151.11.50.139][.2222] -> [....192.168.1.6][54750] [MIDSTREAM]
ERROR-EVENT: Unknown packet type
new: [....61] [ip4][..tcp] [....192.168.1.6][60566] -> [.167.99.215.164][.4434]
detected: [....61] [ip4][..tcp] [....192.168.1.6][60566] -> [.167.99.215.164][.4434] [TLS.ntop][Network][Safe][dati.ntop.org]
RISK: Known Proto on Non Std Port
detection-update: [....61] [ip4][..tcp] [....192.168.1.6][60566] -> [.167.99.215.164][.4434] [TLS.ntop][Network][Safe][dati.ntop.org]
RISK: Known Proto on Non Std Port
ERROR-EVENT: Unknown packet type
new: [....62] [ip4][..udp] [....192.168.1.6][51681] -> [..52.114.77.136][.3478]
new: [....63] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.123][.3478]
detected: [....63] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.123][.3478] [STUN.Teams][VoIP][Safe][]
@@ -407,7 +391,6 @@
detected: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.Teams][VoIP][Safe][]
detection-update: [....64] [ip4][..tcp] [....192.168.1.6][50018] -> [.52.114.250.123][..443] [TLS.Teams][Collaborative][Safe][euaz.tr.teams.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
ERROR-EVENT: Unknown packet type
new: [....69] [ip4][..udp] [....192.168.1.6][50017] -> [.52.114.250.141][.3478]
detected: [....69] [ip4][..udp] [....192.168.1.6][50017] -> [.52.114.250.141][.3478] [STUN.Teams][VoIP][Safe][]
detected: [....67] [ip4][..tcp] [....192.168.1.6][50021] -> [.52.114.250.123][..443] [TLS.Teams][Collaborative][Safe][euaz.tr.teams.microsoft.com]
@@ -436,7 +419,6 @@
RISK: TLS (probably) Not Carrying HTTPS
detection-update: [....74] [ip4][..tcp] [....192.168.1.6][60567] -> [..52.114.77.136][..443] [TLS.Teams][Collaborative][Safe][api.flightproxy.teams.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
ERROR-EVENT: Unknown packet type
new: [....76] [ip4][..udp] [....192.168.1.6][50016] -> [....192.168.0.4][50005]
detected: [....76] [ip4][..udp] [....192.168.1.6][50016] -> [....192.168.0.4][50005] [STUN.Teams][VoIP][Safe][]
RISK: Known Proto on Non Std Port
@@ -449,7 +431,6 @@
new: [....79] [ip4][..udp] [..93.71.110.205][16333] -> [....192.168.1.6][50036]
detected: [....79] [ip4][..udp] [..93.71.110.205][16333] -> [....192.168.1.6][50036] [STUN.Skype_TeamsCall][VoIP][Acceptable][]
RISK: Known Proto on Non Std Port
ERROR-EVENT: Unknown packet type
new: [....80] [ip4][..udp] [..52.114.252.21][.3480] -> [....192.168.1.6][50036]
detected: [....80] [ip4][..udp] [..52.114.252.21][.3480] -> [....192.168.1.6][50036] [STUN.Skype_TeamsCall][VoIP][Acceptable][]
RISK: Known Proto on Non Std Port
@@ -466,13 +447,9 @@
[IATS(ms)....: 45.0,45.1,0.2,47.4,47.2,0.2,0.0,0.1,0.0,0.1,0.0,0.1,0.0,0.1,0.0,0.1,0.0,0.0,8.0,0.0,0.0,52.4,1.2,45.6,48.6,92.2,43.7,69.1,0.3,113.5,1566.9]
[PKTLENS.....: 64,52,40,227,1492,52,1492,588,52,52,1492,588,52,40,588,166,40,40,40,147,46,85,46,91,40,141,224,40,71,40,46,46]
[ENTROPIES...: 4.4,4.9,4.5,5.4,7.5,4.6,7.4,6.2,4.7,4.7,7.7,7.0,4.7,4.5,7.6,6.6,4.4,4.5,4.5,6.4,4.5,5.8,4.6,5.4,4.6,6.4,6.9,4.5,5.4,4.4,4.6,4.6]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
new: [....82] [ip4][..tcp] [....192.168.1.6][60568] -> [...40.79.138.41][..443]
detected: [....82] [ip4][..tcp] [....192.168.1.6][60568] -> [...40.79.138.41][..443] [TLS.Azure][Cloud][Acceptable][gate.hockeyapp.net]
detection-update: [....82] [ip4][..tcp] [....192.168.1.6][60568] -> [...40.79.138.41][..443] [TLS.Azure][Cloud][Acceptable][gate.hockeyapp.net]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
new: [....83] [ip4][.icmp] [..93.71.110.205] -> [....192.168.1.6]
detected: [....83] [ip4][.icmp] [..93.71.110.205] -> [....192.168.1.6] [ICMP][Network][Acceptable]
analyse: [....78] [ip4][..udp] [..93.71.110.205][16332] -> [....192.168.1.6][50016] [STUN.Skype_TeamsCall][VoIP][Acceptable]

6
test/results/flow-info/tls_invalid_reads.pcap.out
View File

@@ -15,9 +15,9 @@
RISK: Obsolete TLS (v1.1 or older)
DAEMON-EVENT: [Processed: 9 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 2|updates: 0]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [1/16]
ERROR-EVENT: Unknown packet type [2/16]
ERROR-EVENT: Unknown packet type [3/16]
guessed: [.....2] [ip4][..tcp] [...74.80.160.99][.3258] -> [...67.217.77.28][..443] [TLS.GoTo][VoIP][Acceptable]
idle: [.....2] [ip4][..tcp] [...74.80.160.99][.3258] -> [...67.217.77.28][..443]
DAEMON-EVENT: shutdown

173
test/results/flow-info/tor.pcap.out
View File

@@ -1,49 +1,42 @@
DAEMON-EVENT: init
DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [1/16]
ERROR-EVENT: Unknown packet type [2/16]
ERROR-EVENT: Unknown packet type [3/16]
new: [.....1] [ip4][..tcp] [..192.168.1.252][51110] -> [..91.143.93.242][..443]
detected: [.....1] [ip4][..tcp] [..192.168.1.252][51110] -> [..91.143.93.242][..443] [TLS][Web][Safe][www.ct7ctrgb6cr7.com]
RISK: Obsolete TLS (v1.1 or older)
detection-update: [.....1] [ip4][..tcp] [..192.168.1.252][51110] -> [..91.143.93.242][..443] [TLS][Web][Safe][www.ct7ctrgb6cr7.com]
RISK: Obsolete TLS (v1.1 or older)
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [4/16]
new: [.....2] [ip4][..tcp] [..192.168.1.252][51111] -> [....46.59.52.31][..443]
detected: [.....2] [ip4][..tcp] [..192.168.1.252][51111] -> [....46.59.52.31][..443] [TLS.Tor][VPN][Potentially Dangerous][www.e6r5p57kbafwrxj3plz.com]
RISK: Obsolete TLS (v1.1 or older), Suspicious DGA Domain name, Unsafe Protocol
detection-update: [.....2] [ip4][..tcp] [..192.168.1.252][51111] -> [....46.59.52.31][..443] [TLS.Tor][VPN][Potentially Dangerous][www.e6r5p57kbafwrxj3plz.com]
RISK: Obsolete TLS (v1.1 or older), Suspicious DGA Domain name, Unsafe Protocol
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [5/16]
new: [.....3] [ip4][..tcp] [..192.168.1.252][51112] -> [...38.229.70.53][..443]
detected: [.....3] [ip4][..tcp] [..192.168.1.252][51112] -> [...38.229.70.53][..443] [TLS.Tor][VPN][Potentially Dangerous][www.q4cyamnc6mtokjurvdclt.com]
RISK: Obsolete TLS (v1.1 or older), Suspicious DGA Domain name, Unsafe Protocol
detection-update: [.....3] [ip4][..tcp] [..192.168.1.252][51112] -> [...38.229.70.53][..443] [TLS.Tor][VPN][Potentially Dangerous][www.q4cyamnc6mtokjurvdclt.com]
RISK: Obsolete TLS (v1.1 or older), Suspicious DGA Domain name, Unsafe Protocol
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [6/16]
ERROR-EVENT: Unknown packet type [7/16]
new: [.....4] [ip4][..udp] [....192.168.1.1][17500] -> [..192.168.1.255][17500]
detected: [.....4] [ip4][..udp] [....192.168.1.1][17500] -> [..192.168.1.255][17500] [Dropbox][Cloud][Acceptable]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [8/16]
ERROR-EVENT: Unknown packet type [9/16]
ERROR-EVENT: Unknown packet type [10/16]
ERROR-EVENT: Unknown packet type [11/16]
ERROR-EVENT: Unknown packet type [12/16]
ERROR-EVENT: Unknown packet type [13/16]
ERROR-EVENT: Unknown packet type [14/16]
ERROR-EVENT: Unknown packet type [15/16]
ERROR-EVENT: Unknown packet type [16/16]
new: [.....5] [ip4][..udp] [..192.168.1.252][..138] -> [..192.168.1.255][..138]
detected: [.....5] [ip4][..udp] [..192.168.1.252][..138] -> [..192.168.1.255][..138] [NetBIOS.SMBv1][System][Dangerous][endian-pc]
RISK: Unsafe Protocol
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
analyse: [.....3] [ip4][..tcp] [..192.168.1.252][51112] -> [...38.229.70.53][..443] [TLS.Tor][VPN][Potentially Dangerous]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 31.166| 2.329| 7.550| 56997495.964| 1.900]
@@ -64,45 +57,10 @@
[IATS(ms)....: 71.0,71.3,6.7,104.3,10.8,112.6,88.6,84.6,73.7,0.1,73.7,0.8,108.4,107.7,67.8,2.3,74.6,103.6,101.8,113.4,368.7,686.5,37720.4,37995.8,68.2,67.5,104.0,189.0,360.8,68.7,0.2]
[PKTLENS.....: 52,52,46,255,40,788,174,99,114,1500,142,46,626,40,626,40,626,626,626,626,40,626,46,626,40,626,40,626,1500,46,1500,1500]
[ENTROPIES...: 4.5,4.9,4.5,5.4,4.9,7.4,6.6,6.0,6.1,7.9,6.5,4.5,7.7,4.9,7.6,4.9,7.6,7.6,7.7,7.7,4.8,7.7,4.4,7.7,4.9,7.7,4.9,7.7,7.9,4.5,7.9,7.9]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
update: [.....4] [ip4][..udp] [....192.168.1.1][17500] -> [..192.168.1.255][17500] [Dropbox][Cloud][Acceptable]
ERROR-EVENT: Unknown packet type
new: [.....6] [ip4][..tcp] [..192.168.1.252][51104] -> [...157.56.30.46][..443] [MIDSTREAM]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
update: [.....5] [ip4][..udp] [..192.168.1.252][..138] -> [..192.168.1.255][..138] [NetBIOS.SMBv1][System][Dangerous]
RISK: Unsafe Protocol
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
analyse: [.....2] [ip4][..tcp] [..192.168.1.252][51111] -> [....46.59.52.31][..443] [TLS.Tor][VPN][Potentially Dangerous]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 71.328| 4.658| 14.789| 218716025.389| 1.800]
@@ -113,15 +71,9 @@
[IATS(ms)....: 73.4,74.4,0.4,74.1,3.2,80.2,86.1,83.2,77.3,0.1,76.2,0.8,117.2,116.3,75.2,24.0,101.9,114.5,465.6,429.3,3.5,80.8,117.0,388.8,507.3,75.9,393.9,666.2,34353.1,34399.0,71328.4]
[PKTLENS.....: 52,52,46,262,40,789,174,99,114,1500,142,46,626,40,626,40,626,626,40,626,40,626,626,40,626,626,40,626,46,626,46,46]
[ENTROPIES...: 4.5,4.9,4.4,5.5,4.7,7.3,6.7,5.9,6.2,7.9,6.5,4.4,7.6,4.8,7.6,4.8,7.7,7.7,4.8,7.7,4.8,7.6,7.7,4.8,7.7,7.7,4.8,7.6,4.5,7.6,4.3,4.5]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [1/16]
ERROR-EVENT: Unknown packet type [2/16]
ERROR-EVENT: Unknown packet type [3/16]
new: [.....7] [ip4][..tcp] [..192.168.1.252][51174] -> [.212.83.155.250][..443]
new: [.....8] [ip4][..tcp] [..192.168.1.252][51175] -> [..91.143.93.242][..443]
detected: [.....7] [ip4][..tcp] [..192.168.1.252][51174] -> [.212.83.155.250][..443] [TLS][Web][Safe][www.t3i3ru.com]
@@ -132,7 +84,7 @@
RISK: Obsolete TLS (v1.1 or older)
detection-update: [.....8] [ip4][..tcp] [..192.168.1.252][51175] -> [..91.143.93.242][..443] [TLS.Tor][VPN][Potentially Dangerous][www.gfu7hbxpfp.com]
RISK: Obsolete TLS (v1.1 or older), Suspicious DGA Domain name, Unsafe Protocol
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [4/16]
new: [.....9] [ip4][..tcp] [..192.168.1.252][51176] -> [...38.229.70.53][..443]
detected: [.....9] [ip4][..tcp] [..192.168.1.252][51176] -> [...38.229.70.53][..443] [TLS][Web][Safe][www.jmts2id.com]
RISK: Obsolete TLS (v1.1 or older)
@@ -148,7 +100,7 @@
[IATS(ms)....: 64.4,65.8,9.5,82.1,4.2,79.8,91.0,88.4,79.6,0.1,78.2,0.9,110.0,109.4,69.1,1.5,80.2,113.6,35.7,145.8,70.8,343.7,637.5,693.9,990.9,1.6,72.0,109.0,69.0,180.1,69.9]
[PKTLENS.....: 52,52,46,253,40,788,174,99,114,1500,142,46,626,40,626,40,626,626,40,626,626,40,626,46,626,40,626,626,40,626,626,40]
[ENTROPIES...: 4.5,4.9,4.4,5.4,4.8,7.4,6.7,5.9,6.1,7.8,6.6,4.4,7.7,4.8,7.7,4.7,7.7,7.6,4.7,7.6,7.6,4.7,7.7,4.4,7.7,4.8,7.6,7.7,4.8,7.7,7.7,4.7]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [5/16]
analyse: [.....9] [ip4][..tcp] [..192.168.1.252][51176] -> [...38.229.70.53][..443] [TLS][Web][Safe]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.755| 0.186| 0.164| 26767.544| 4.500]
@@ -170,83 +122,28 @@
end: [.....3] [ip4][..tcp] [..192.168.1.252][51112] -> [...38.229.70.53][..443] [TLS.Tor][VPN][Potentially Dangerous]
RISK: Obsolete TLS (v1.1 or older), Suspicious DGA Domain name, Unsafe Protocol
update: [.....4] [ip4][..udp] [....192.168.1.1][17500] -> [..192.168.1.255][17500] [Dropbox][Cloud][Acceptable]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [6/16]
ERROR-EVENT: Unknown packet type [7/16]
ERROR-EVENT: Unknown packet type [8/16]
ERROR-EVENT: Unknown packet type [9/16]
ERROR-EVENT: Unknown packet type [10/16]
ERROR-EVENT: Unknown packet type [11/16]
ERROR-EVENT: Unknown packet type [12/16]
ERROR-EVENT: Unknown packet type [13/16]
ERROR-EVENT: Unknown packet type [14/16]
ERROR-EVENT: Unknown packet type [15/16]
ERROR-EVENT: Unknown packet type [16/16]
update: [.....4] [ip4][..udp] [....192.168.1.1][17500] -> [..192.168.1.255][17500] [Dropbox][Cloud][Acceptable]
ERROR-EVENT: Unknown packet type
new: [....10] [ip4][..tcp] [..192.168.1.252][51185] -> [.62.210.137.230][..443]
detected: [....10] [ip4][..tcp] [..192.168.1.252][51185] -> [.62.210.137.230][..443] [TLS][Web][Safe][www.6gyip7tqim7sieb.com]
RISK: Obsolete TLS (v1.1 or older)
detection-update: [....10] [ip4][..tcp] [..192.168.1.252][51185] -> [.62.210.137.230][..443] [TLS][Web][Safe][www.6gyip7tqim7sieb.com]
RISK: Obsolete TLS (v1.1 or older)
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
new: [....11] [ip6][..udp] [..............fe80::c583:1972:5728:7323][..546] -> [..............................ff02::1:2][..547]
detected: [....11] [ip6][..udp] [..............fe80::c583:1972:5728:7323][..546] -> [..............................ff02::1:2][..547] [DHCPV6][Network][Acceptable]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
update: [.....4] [ip4][..udp] [....192.168.1.1][17500] -> [..192.168.1.255][17500] [Dropbox][Cloud][Acceptable]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
DAEMON-EVENT: [Processed: 3664 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 6 / 11|skipped: 0|!detected: 0|guessed: 1|detection-updates: 7|updates: 5]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
analyse: [.....7] [ip4][..tcp] [..192.168.1.252][51174] -> [.212.83.155.250][..443] [TLS][Web][Safe]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 72.890| 8.727| 22.569| 509351076.823| 2.100]
@@ -257,13 +154,7 @@
[IATS(ms)....: 59.4,61.6,13.8,72.1,2.1,62.9,63.5,60.0,79.4,0.3,78.8,1.7,98.3,96.6,56.5,4.5,61.8,64.9,64.0,73.7,275.7,252.8,50.8,9.7,261.4,61538.3,61491.4,72591.4,72890.0,4.0,98.0]
[PKTLENS.....: 52,52,46,249,40,783,174,99,114,1500,126,46,626,40,626,40,626,626,626,626,626,46,626,52,626,46,626,46,46,40,40,46]
[ENTROPIES...: 4.5,4.9,4.4,5.3,4.8,7.4,6.7,6.0,6.2,7.9,6.5,4.4,7.7,4.8,7.6,4.9,7.7,7.7,7.6,7.7,7.6,4.5,7.7,4.9,7.6,4.5,7.7,4.5,4.5,4.7,4.7,4.5]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
update: [....11] [ip6][..udp] [..............fe80::c583:1972:5728:7323][..546] -> [..............................ff02::1:2][..547] [DHCPV6][Network][Acceptable]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type
end: [.....8] [ip4][..tcp] [..192.168.1.252][51175] -> [..91.143.93.242][..443] [TLS.Tor][VPN][Potentially Dangerous]
RISK: Obsolete TLS (v1.1 or older), Suspicious DGA Domain name, Unsafe Protocol
idle: [.....4] [ip4][..udp] [....192.168.1.1][17500] -> [..192.168.1.255][17500] [Dropbox][Cloud][Acceptable]

6
test/results/flow-info/zoom.pcap.out
View File

@@ -11,7 +11,7 @@
RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS
detection-update: [.....3] [ip4][..tcp] [..192.168.1.117][54863] -> [.167.99.215.164][.4434] [TLS.ntop][Network][Safe][dati.ntop.org]
RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [1/16]
new: [.....4] [ip4][..tcp] [..192.168.1.117][54341] -> [.62.149.152.153][..993] [MIDSTREAM]
detected: [.....4] [ip4][..tcp] [..192.168.1.117][54341] -> [.62.149.152.153][..993] [IMAPS][Email][Safe]
new: [.....5] [ip4][..udp] [..192.168.1.117][57025] -> [239.255.255.250][.1900]
@@ -43,7 +43,7 @@
detected: [....16] [ip4][..tcp] [..192.168.1.117][53872] -> [..35.186.224.53][..443] [TLS.GoogleCloud][Cloud][Acceptable]
new: [....17] [ip4][.icmp] [..192.168.1.117] -> [..162.255.38.14]
detected: [....17] [ip4][.icmp] [..192.168.1.117] -> [..162.255.38.14] [ICMP][Network][Acceptable]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [2/16]
new: [....18] [ip4][..udp] [....192.168.0.1][...68] -> [255.255.255.255][...67]
detected: [....18] [ip4][..udp] [....192.168.0.1][...68] -> [255.255.255.255][...67] [DHCP][Network][Acceptable][tl-sg116e]
new: [....19] [ip4][..tcp] [..192.168.1.117][54865] -> [..52.202.62.196][..443]
@@ -126,7 +126,7 @@
[ENTROPIES...: 4.4,5.3,5.0,4.3,5.2,7.1,7.3,7.3,5.0,5.1,7.6,5.6,5.1,6.6,7.1,5.1,6.9,6.3,5.1,7.9,7.6,5.1,5.9,5.1,7.9,5.1,7.9,6.6,5.1,5.8,6.9,7.0]
new: [....31] [ip4][..udp] [..192.168.1.117][58327] -> [..109.94.160.99][.8801]
detected: [....31] [ip4][..udp] [..192.168.1.117][58327] -> [..109.94.160.99][.8801] [Zoom][Video][Acceptable]
ERROR-EVENT: Unknown packet type
ERROR-EVENT: Unknown packet type [3/16]
new: [....32] [ip4][..udp] [..192.168.1.117][60620] -> [..109.94.160.99][.8801]
detected: [....32] [ip4][..udp] [..192.168.1.117][60620] -> [..109.94.160.99][.8801] [Zoom][Video][Acceptable]
analyse: [....31] [ip4][..udp] [..192.168.1.117][58327] -> [..109.94.160.99][.8801] [Zoom][Video][Acceptable]

162
test/results/fuzz-2006-06-26-2594.pcap.out
View File

@@ -23,7 +23,7 @@
00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469556827530,"flow_src_last_pkt_time":1120469556827530,"flow_dst_last_pkt_time":1120469556827530,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469556827530,"l3_proto":"ip4","src_ip":"192.168.1.110","dst_ip":"192.168.1.1","src_port":2713,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1120469556827530,"flow_dst_last_pkt_time":1120469556827530,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120469556827530,"pkt":"ADBUADRWAODtAW69CABFAABIaZMAAIARTb7AqAFuwKgBAQqZADUANN1ZTNIBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5JXMAJXMAAAE="}
01111{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469556827530,"flow_src_last_pkt_time":1120469556827530,"flow_dst_last_pkt_time":1120469556827530,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469556827530,"l3_proto":"ip4","src_ip":"192.168.1.110","dst_ip":"192.168.1.1","src_port":2713,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":9587,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
00201{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":12,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":27904,"global_ts_usec":1120469558830554}
00301{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120469558830554,"packet_id":12,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":27904,"global_ts_usec":1120469558830554}
00402{"packet_event_id":1,"packet_event_name":"packet","packet_id":12,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":27904,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_usec":1120469556827530,"pkt":"ADBUADRWAODtAW69bQBFAABIaZQAAIARTb3QqAECwKgBAQqZADUANN1ZTNIBAAABAAAAAAAABF9zaXAMX3VkcINzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469560833324,"flow_src_last_pkt_time":1120469560833324,"flow_dst_last_pkt_time":1120469560833324,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469560833324,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2597,"dst_port":29440,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1120469560833324,"flow_dst_last_pkt_time":1120469560833324,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120469560833324,"pkt":"ADBUADRWAODtAW69CABFAABIaZUAAIARTbzAqAECwKgBAQolcwAANN9ZTE4BAAABACVzAAAABF9zaXAEX1VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
@@ -45,11 +45,11 @@
01014{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469573246062,"flow_src_last_pkt_time":1120469573246062,"flow_dst_last_pkt_time":1120469573246062,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469573246062,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2715,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":32,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1120469574242837,"flow_dst_last_pkt_time":1120469573246062,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120469574242837,"pkt":"ADBUADRWAODtAW69CABFAABIaZoAAIARTbfAqAECwKgBAQqbADUANPFWONMBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
01022{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120469573246062,"flow_src_last_pkt_time":1120469574242837,"flow_dst_last_pkt_time":1120469573246062,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469574242837,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2715,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
00201{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":23,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_usec":1120469576245476}
00301{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120469576245476,"packet_id":23,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_usec":1120469576245476}
00402{"packet_event_id":1,"packet_event_name":"packet","packet_id":23,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_usec":1120469574242837,"pkt":"ADCqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_src_last_pkt_time":1120469578248603,"flow_dst_last_pkt_time":1120469573246062,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120469578248603,"pkt":"ADBUADRWAODtAW69CABFAABIaZwAAIARTbXAqAECwKgBAQqbADUANPFWONMBAAABAAAAAABJBF9zaXAEX3VkcANzaXAJY3liZXLyaXR5AmRrAAAhAAE="}
01023{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":24,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120469573246062,"flow_src_last_pkt_time":1120469578248603,"flow_dst_last_pkt_time":1120469573246062,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469578248603,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2715,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cyber?ity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":25,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_usec":1120469582254242}
00318{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120469582254242,"packet_id":25,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_usec":1120469582254242}
00401{"packet_event_id":1,"packet_event_name":"packet","packet_id":25,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_usec":1120469578248603,"pkt":"ADBUADRWAODtAW69CABFAAB2aZ0AAIARTbTAqAECwKgBAQqbADUANPFWONMBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5TWRrAAAhAAE="}
00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1120469589080368,"flow_dst_last_pkt_time":1120469540839312,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1120469589080368,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABOaZ4AAIARTK\/AqAECwKgB\/wCJAIkAOluxhOoBEAABAAAAAAAAIEVGRURFSkZQRUVFUEVORUJFSkVPQ0FDQUNBQ0FDQUJNAAAgAAE="}
00764{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469590256418,"flow_src_last_pkt_time":1120469590256418,"flow_dst_last_pkt_time":1120469590256418,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469590256418,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2716,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -57,7 +57,7 @@
01010{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469590256418,"flow_src_last_pkt_time":1120469590256418,"flow_dst_last_pkt_time":1120469590256418,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469590256418,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2716,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-addr.arpa","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469590257920,"flow_src_last_pkt_time":1120469590257920,"flow_dst_last_pkt_time":1120469590257920,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":57,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":57,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":57,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469590257920,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":9587,"dst_port":156,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":1120469590257920,"flow_dst_last_pkt_time":1120469590257920,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":65,"thread_ts_usec":1120469590257920,"pkt":"AODtAW69ADBUADRWCABFAABVAABAAEARtz7AqAEBwKgBAiVzAJwAx1zLqtOAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"}
00201{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":30,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":10240,"global_ts_usec":1120469590259876}
00301{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":3,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120469590259876,"packet_id":30,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":10240,"global_ts_usec":1120469590259876}
01252{"packet_event_id":1,"packet_event_name":"packet","packet_id":30,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":722,"pkt_type":10240,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":722,"pkt_l4_len":0,"thread_ts_usec":1120469590257920,"pkt":"ADBUADRWAODtAW69KABFAALEaaEAAIARFsjAqAEC1PIhIxPEE8QCsIioUkVHSVNURVIgc2lwOnNpcC5jeWJlcmNpdHkuZGsgU0lQLzIuMA0KVmlhVyBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjticmFsY2g9ejloRzRiS25wMTQ5NTA1MTc4LTQzOGM1MjhiMTkyLjE2OC4xLjI7cnBvcnQNCkZyb206IDxzaXA6dm9pMTgwNjNAc2lwLmN5YmVyY2l0eS5kaz47dGFnPThlOTQ4YjANClRvOiA8c2lwOnZvaTE4MDYzQHNpcC5jeWJlcmNpdHkuZGs+DQpDYWxsLUlEOiA1NzgyMjI3MjktNDY2NWQ3NzVANTc4MjIyNzMyLTQ2NjVkNzcyDQpDb250YWN0OiAgPHNpcDp2b2kxODA2M0AxOTIuMTY4PjEuMjo1MDYwO2xpbmU8OWM3ZDJkYmQ4ODIyMDHhYz47ZXhwaXJlcz0xMjAwO3E9MC41MDANCkV4cGlyZXM6IDEyMDANCkNTZXE6IDY5IFJFR0lTVEVSDQpDb250ZW50LUxlbmd0aDogMA0KQXV0aG9yaXphdGlvbjogRGlnZXMlcwBzZXJuYW1lPSJ2b2mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469590405967,"flow_src_last_pkt_time":1120469590405967,"flow_dst_last_pkt_time":1120469590405967,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":306,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":306,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":306,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469590405967,"l3_proto":"ip4","src_ip":"208.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00917{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1120469590405967,"flow_dst_last_pkt_time":1120469590405967,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":348,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":348,"pkt_l4_len":314,"thread_ts_usec":1120469590405967,"pkt":"AODtAW69ADBUADRWCABFAAFOAABAADcRit\/Q8iEjwKgBAhPEE8QBOln2U0lQLzIuMCAxMDAgVHJ5aW5nDQpDYWxsLUlEOiA1NzgyMjI3MjktNDY2NWQ3NzVANTc4MjIyNzMyLTQ2NjVkNzcyDQpDQ2VxOiA2OSBSRUdJU1RFUg0KRnJvbTogPHNpcEZ2b2kxODA2M0DzaXAuY3liZXJjaXR5LmRrPjt0YWc9OGU5NDhiMA0KVG86IDxzaXA6dm9pMTgwNjNAc2lwLmN5YmVyY2l0eS5kaz4NClacYTogU0lQLzIuMC9VRFAgMTkyLjE2OC4xLjI7cmVjZWl2ZWQ9ODAuMjMwLjIxOS43MDtycG9ydD01MDYwO2JyYW5jaD16OWhHNGJLbnAxNDk1MDUxNzhTNDM4YzUyOGIxOTIuMTY4LjEuMg0KQ29udGVudC1MZW5ndGg6IDANCg0K"}
@@ -98,7 +98,7 @@
01125{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":43,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120469633828778,"flow_src_last_pkt_time":1120469633828778,"flow_dst_last_pkt_time":1120469634840520,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":126,"flow_src_tot_l4_payload_len":33,"flow_dst_tot_l4_payload_len":126,"midstream":0,"thread_ts_usec":1120469634840520,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2719,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"147.234.1.253"}}}
00764{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469634878338,"flow_src_last_pkt_time":1120469634878338,"flow_dst_last_pkt_time":1120469634878338,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469634878338,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.234.1.253","src_port":2720,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_src_last_pkt_time":1120469634878338,"flow_dst_last_pkt_time":1120469634878338,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1120469634878338,"pkt":"ADBUAHNWAODtAW69CABFAAAwaaxAAIAGOYrAqAECk+oB\/QqgABWvnVkPAABkAHACQABuKwAAAgQFtAEBBAI="}
00198{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":1,"packet_id":45,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","protocol":2048,"global_ts_usec":1120469634896583}
00298{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120469634896583,"packet_id":45,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","protocol":2048,"global_ts_usec":1120469634896583}
00369{"packet_event_id":1,"packet_event_name":"packet","packet_id":45,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":62,"pkt_l4_len":0,"thread_ts_usec":1120469634878338,"pkt":"AODtAW69ADBUADRWCABVAAAweP9AADkGcTeT6gH9wKgBAgAVCqDlH5UEr53DEHASYzbQ8AAAAQEEAgIEBYM="}
00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_src_last_pkt_time":1120469634896665,"flow_dst_last_pkt_time":1120469634878338,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1120469634896665,"pkt":"ADBUADRWAODtAW69CABFAAAoaa1eAIAGOZHAqAECk+oB\/QqgABWvncMQ5R+VBVAQQiQelgAA"}
00596{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_src_last_pkt_time":1120469634896665,"flow_dst_last_pkt_time":1120469634993209,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":108,"pkt_l4_len":74,"thread_ts_usec":1120469634993209,"pkt":"AODtAW4UADBUADRWCABFEABeeQBAADkGcPiT6gH9wKgBAgAVCqDlH5UFr53DEFAYYzaF6QAAMjIwIFByb0ZUUEQgU2VydmVyIEluIEVDSSBUZWxlY29tIChudHAsZWNpdGVsZS5jQ20pIA0K"}
@@ -106,7 +106,7 @@
00628{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_src_last_pkt_time":1120469635010547,"flow_dst_last_pkt_time":1120469635010547,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_usec":1120469635010547,"pkt":"AOBzAW69ADBUADRWCABFEAB0eQJAADkGcOCT6gH9wKkBAgAVCqDlH5U7r53DIFAYYzZecwAAMzMxIEFub255bW91cyBsb2dpbiBvaywgc2VuZCB5b3VyIGNvbXBsZXRlIGVtYWlsIGFkZHJlc3Mg4XMgeW91ciBwYXNzd29yZC4NCg=="}
00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":51,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469635012954,"flow_src_last_pkt_time":1120469635012954,"flow_dst_last_pkt_time":1120469635012954,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1120469635012954,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.234.1.253","src_port":2679,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_src_last_pkt_time":1120469635012954,"flow_dst_last_pkt_time":1120469635012954,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1120469635012954,"pkt":"ADBUACRWAODtAW69CABFAAA0aa9AAIAGOYPAqAECk+oB\/Qp3ABWvncMg5R+Vb1AYQaK71QAAUEFTUyBkMHhhIQ0K"}
00198{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":1,"packet_id":55,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","protocol":2048,"global_ts_usec":1120469635042435}
00298{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120469635042435,"packet_id":55,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","protocol":2048,"global_ts_usec":1120469635042435}
00358{"packet_event_id":1,"packet_event_name":"packet","packet_id":55,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":54,"pkt_l4_len":0,"thread_ts_usec":1120469635042383,"pkt":"ADBUADRWAODtAW69CAAGAAAoabBAAIAGOY7AqAECk+oB\/QqgABWvncMs5R+VqVAQQYAeegAA"}
00762{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469635042587,"flow_src_last_pkt_time":1120469635042587,"flow_dst_last_pkt_time":1120469635042587,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":3,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":3,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":3,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1120469635042587,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.2.1.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_src_last_pkt_time":1120469635042587,"flow_dst_last_pkt_time":1120469635042587,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":23,"thread_ts_usec":1120469635042587,"pkt":"AODtAW69ADBUBDRWCABFEAAreQZAADkGcSWT6gH9wAIBAgAVCqDlH5Wpr53DLFAYYzbSqwAAIA0KAAAA"}
@@ -126,7 +126,7 @@
00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_src_last_pkt_time":1120469635049544,"flow_dst_last_pkt_time":1120469635049544,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":23,"thread_ts_usec":1120469635049544,"pkt":"AODtAW69ADBUADRWCABFEAAreRJAADkGcRmT6gH9wKgBAgQVCqDlH5cvr53DLFAYYzbRJQAAIA0KAAAA"}
00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469635052210,"flow_src_last_pkt_time":1120469635052210,"flow_dst_last_pkt_time":1120469635052210,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1120469635052210,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.65.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_src_last_pkt_time":1120469635052210,"flow_dst_last_pkt_time":1120469635052210,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_usec":1120469635052210,"pkt":"AODtAW69ADBUADRWCABFEABReRRAADkGcPGT6gH9wKhBAgAVCqDlH5dFr53DLFAYYzYwqgAAMjMwIEd1ZXN0IGFjY2VzcyBncmFudGVkIGZvciBhbm9ueW1vdSVzAAo="}
00198{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":1,"packet_id":78,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","protocol":2048,"global_ts_usec":1120469635053223}
00298{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":1,"threshold_n":3,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120469635053223,"packet_id":78,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","protocol":2048,"global_ts_usec":1120469635053223}
00370{"packet_event_id":1,"packet_event_name":"packet","packet_id":78,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":62,"pkt_l4_len":0,"thread_ts_usec":1120469635052210,"pkt":"ADBUADRWAODtAW69CADFAAAwabhAAIAGOX7AqAECk+oB\/QqgABWvncMs5R+XblAYP7tMeAAAVFlQRSBJDQo="}
00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469635105699,"flow_src_last_pkt_time":1120469635105699,"flow_dst_last_pkt_time":1120469635105699,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":19,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":19,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":19,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1120469635105699,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"84.168.1.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_src_last_pkt_time":1120469635105699,"flow_dst_last_pkt_time":1120469635105699,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_usec":1120469635105699,"pkt":"AODtAW69ADBUADRWCABFEAA7eRVAADkGcQaT6gH9VKgBAgAVCqDlH5dur53DNFAYYzYlcwAAMjAwIFR5cGUgc2V0IHRvIEkNCg=="}
@@ -138,11 +138,11 @@
00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_src_last_pkt_time":1120469635128754,"flow_dst_last_pkt_time":1120469635128754,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_usec":1120469635128754,"pkt":"ADBUADRWAODtAW6zCABFAAA7aU1AAIAGOXHAqAECk3UB\/QqgABWvHcM65R+X+lAYP3SxkwAAUkVUUiBTaXRlJXMAdC54bWwNCg=="}
00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469635129222,"flow_src_last_pkt_time":1120469635129222,"flow_dst_last_pkt_time":1120469635129222,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469635129222,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"147.234.1.253","src_port":2721,"dst_port":58999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_src_last_pkt_time":1120469635129222,"flow_dst_last_pkt_time":1120469635129222,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1120469635129222,"pkt":"ADBUADRWAODtAW69CABFAAB6abtAAIAGOXvAqAEGk+oB\/Qqh5ncb6piKAAAAAHACQABGAAAAAgQFtAkBBAI="}
00201{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":84,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_usec":1120469635147102}
00301{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":4,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120469635147102,"packet_id":84,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_usec":1120469635147102}
00418{"packet_event_id":1,"packet_event_name":"packet","packet_id":84,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":99,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":99,"pkt_l4_len":0,"thread_ts_usec":1120469635129222,"pkt":"qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469635152654,"flow_src_last_pkt_time":1120469635152654,"flow_dst_last_pkt_time":1120469635152654,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469635152654,"l3_proto":"ip4","src_ip":"37.115.0.253","dst_ip":"192.168.1.2","src_port":58999,"dst_port":2721,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_src_last_pkt_time":1120469635152654,"flow_dst_last_pkt_time":1120469635152654,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1120469635152654,"pkt":"AODtAW69ADBUADRWCABFAAAweRhAADkGcR4lcwD9wKgBAuZ3CqHlIbocG+qYi3ASYzaDqwAAAQEEAgIEBYM="}
00220{"error_event_id":13,"error_event_name":"TCP packet smaller than expected","datalink":1,"packet_id":86,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","size":54,"expected":62,"global_ts_usec":1120469635152721}
00320{"error_event_id":13,"error_event_name":"TCP packet smaller than expected","datalink":1,"threshold_n":5,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120469635152721,"packet_id":86,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","size":54,"expected":62,"global_ts_usec":1120469635152721}
00360{"packet_event_id":1,"packet_event_name":"packet","packet_id":86,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":42,"pkt_len":54,"pkt_l4_len":12,"thread_ts_usec":1120469635152654,"pkt":"ADBUADRWAODtAW69CABHAAAoabxAAIAGOYLAqAECk+oB\/Qqh5ncb6piL5SG6HVAQQiTRUAAA"}
00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":87,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469635153018,"flow_src_last_pkt_time":1120469635153018,"flow_dst_last_pkt_time":1120469635153018,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1120469635153018,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.234.1.253","src_port":2721,"dst_port":58999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_src_last_pkt_time":1120469635153018,"flow_dst_last_pkt_time":1120469635153018,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1120469635153018,"pkt":"ADBUADRWAODtAW69CABFAAAoab1AAIAGOYHAqAECk+oB\/Qqh5ncb6piL5SG6HVARQiTRTwAA"}
@@ -150,7 +150,7 @@
00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_src_last_pkt_time":1120469635173643,"flow_dst_last_pkt_time":1120469635173643,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1120469635173643,"pkt":"AODtAW69ADBUADRWCABFAAAoeRlAADkGcSWT6gH9wOgBAuZ3CqHlIbodG+qYjFAQYzawPQAAAAAAAAAA"}
00763{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":93,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469635179061,"flow_src_last_pkt_time":1120469635179061,"flow_dst_last_pkt_time":1120469635179061,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1120469635179061,"l3_proto":"ip4","src_ip":"37.115.0.2","dst_ip":"147.234.1.253","src_port":2639,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_src_last_pkt_time":1120469635179061,"flow_dst_last_pkt_time":1120469635179061,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1120469635179061,"pkt":"ADBUADRWAODtAW69CABFAAAoacBAAIAGOX4lcwACk+oB\/QpPABWvncNU5R+X8VAQPzkeUQAA"}
00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":97,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":58,"global_ts_usec":1120469638585059}
00318{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":6,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120469638585059,"packet_id":97,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":58,"global_ts_usec":1120469638585059}
00417{"packet_event_id":1,"packet_event_name":"packet","packet_id":97,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":92,"pkt_l4_len":0,"thread_ts_usec":1120469637833975,"pkt":"\/\/\/\/\/7\/\/AODtAW69CABFAABeacMAAIARTIrAqAECwKgB\/wCJAIkAOluqhPEBEAABAAAAAAB0IEVGRURFSkZQRUVFUEVORUJFSkVPQ0FDQUNBQ0FDQUJNAAAgAAE="}
00916{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":100,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469590405967,"flow_src_last_pkt_time":1120469590405967,"flow_dst_last_pkt_time":1120469590405967,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":306,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":306,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":306,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469637833975,"l3_proto":"ip4","src_ip":"208.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
00768{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":100,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469590256418,"flow_src_last_pkt_time":1120469590256418,"flow_dst_last_pkt_time":1120469590256418,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469637833975,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2716,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -163,7 +163,7 @@
01015{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469664171980,"flow_src_last_pkt_time":1120469664171980,"flow_dst_last_pkt_time":1120469664171980,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469664171980,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2722,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_src_last_pkt_time":1120469666174774,"flow_dst_last_pkt_time":1120469664171980,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120469666174774,"pkt":"ADBUADRWAODtAW69CABFAABIacoAAIARpYfAqAECwKgBAQqiADUANFpNvdUBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_src_last_pkt_time":1120469668178014,"flow_dst_last_pkt_time":1120469664171980,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120469668178014,"pkt":"ADBUADRWAODtAW69CABFAABIacsAAIARTYbAqAECwKgBAQqiADUANGxNvdUBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhADA="}
00219{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":104,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_usec":1120469672183692}
00319{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120469672183692,"packet_id":104,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_usec":1120469672183692}
00402{"packet_event_id":1,"packet_event_name":"packet","packet_id":104,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_usec":1120469668178014,"pkt":"ADBUADRWAODtAW7bCABFABFIacwAAIARTYXAqAECwKgBAQqiADUANGxNvdUBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00768{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":105,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469552651694,"flow_src_last_pkt_time":1120469552651694,"flow_dst_last_pkt_time":1120469552651694,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469668178014,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.37.115.0","src_port":2712,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00916{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":105,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1120469540839312,"flow_src_last_pkt_time":1120469637833975,"flow_dst_last_pkt_time":1120469540839312,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469668178014,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
@@ -211,7 +211,7 @@
00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":120,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469697468124,"flow_src_last_pkt_time":1120469697468124,"flow_dst_last_pkt_time":1120469697468124,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469697468124,"l3_proto":"ip4","src_ip":"192.168.1.46","dst_ip":"192.168.1.2","src_port":53,"dst_port":2726,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_src_last_pkt_time":1120469697468124,"flow_dst_last_pkt_time":1120469697468124,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1120469697468124,"pkt":"AODtAW69ADBUADRWCABFAABOAABAAEARt0vAqAEuwKgBAgA1CqYAOqrT7deBAAABAAEAAAAAA3NpcAljeWJlcmNpdHkCZGsAAAEAAcAMAAEAAQAAJxAABNTyISM="}
01011{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":120,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469697468124,"flow_src_last_pkt_time":1120469697468124,"flow_dst_last_pkt_time":1120469697468124,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469697468124,"l3_proto":"ip4","src_ip":"192.168.1.46","dst_ip":"192.168.1.2","src_port":53,"dst_port":2726,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"sip.cybercity.dk","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":1,"rsp_addr":"212.242.33.35"}}}
00220{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":122,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":499,"global_ts_usec":1120469697621120}
00320{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120469697621120,"packet_id":122,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":499,"global_ts_usec":1120469697621120}
01000{"packet_event_id":1,"packet_event_name":"packet","packet_id":122,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":533,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":533,"pkt_l4_len":0,"thread_ts_usec":1120469697469146,"pkt":"AODtAW69ADBUADRWCABFAAIHAAD6ADcRiibU8iEjwKgBAhPEE8QB877qU0lQLzIuMCA0MDEgbm9uY2UgaGFzIGNoYW5nZWQNCkNhbGwtSUQ6IDU3ODIyMjcyOS00NjY1ZDc3NUA1NzgyMjI3MzItNDY2NWQ3NzINCkNTZXE6IDcxIFJFR0lTVEVSDQpGcm9tOiA8c2lwNXZvaTE4MDYzQHNpcC5jeWJlcmNpdHkuZGs+O3RhZz04fTVhMDBkDQpUbzIgPHNpcDp2b2kxODA2M0BzaXAuY3liZXJjaXR5LmRrPjt0YWc9MDAtMDQwODktMTcwMWIwNjctMzIwYWQyZGEzDQpWaWE6IFNJUC8yLjAvVURQIDE5Mi4xNjguMS4yO3JlY2VpdmVkPTgwLjIzMC4yMTluNzA7cnBvZnQ9NTA2MDticmFuY2g9ejloRzRiS25wMTM4qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00766{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":128,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469552651694,"flow_src_last_pkt_time":1120469552651694,"flow_dst_last_pkt_time":1120469552651694,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469733221155,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.37.115.0","src_port":2712,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00897{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":128,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469542336890,"flow_src_last_pkt_time":1120469542336890,"flow_dst_last_pkt_time":1120469542336890,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469733221155,"l3_proto":"ip4","src_ip":"217.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"NetBIOS","proto_id":"10","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":""}}
@@ -270,12 +270,12 @@
00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":133,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469828958825,"flow_src_last_pkt_time":1120469828958825,"flow_dst_last_pkt_time":1120469828958825,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469828958825,"l3_proto":"ip4","src_ip":"192.168.1.202","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_src_last_pkt_time":1120469828958825,"flow_dst_last_pkt_time":1120469828958825,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1120469828958825,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABOah8AAIARTC7AqAHKwKgB\/wCJAIkAOluchP8BEAABAAAAAAAAIEVGRURFSkZQRUVFUEVOa0JFSkVPQ0FDQUNBQ0FDQUJNAAAgAAE="}
00898{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":133,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469828958825,"flow_src_last_pkt_time":1120469828958825,"flow_dst_last_pkt_time":1120469828958825,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469828958825,"l3_proto":"ip4","src_ip":"192.168.1.202","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"eci_dom"}}
00219{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":136,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_usec":1120469830657803}
00319{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120469830657803,"packet_id":136,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_usec":1120469830657803}
00402{"packet_event_id":1,"packet_event_name":"packet","packet_id":136,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_usec":1120469828958825,"pkt":"ADBPADRWAODtAW69CABFAI1IaiAAAIARTTHAqAECwKgBAQqsADUANM1AXNgBAAABAAABgAAABF9zaXAEX3VkcANzMnAJY3liZXJjaXR5AmRrAAAhAAE="}
00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":137,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469831652887,"flow_src_last_pkt_time":1120469831652887,"flow_dst_last_pkt_time":1120469831652887,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469831652887,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2732,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_src_last_pkt_time":1120469831652887,"flow_dst_last_pkt_time":1120469831652887,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120469831652887,"pkt":"ADBUADRWAODtAXq9CABFAABISiEAAIARTTDAqAECwKgBAQqsADUANM1AXNgBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
01015{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":137,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469831652887,"flow_src_last_pkt_time":1120469831652887,"flow_dst_last_pkt_time":1120469831652887,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469831652887,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2732,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
00219{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":138,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_usec":1120469833655647}
00319{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120469833655647,"packet_id":138,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_usec":1120469833655647}
00403{"packet_event_id":1,"packet_event_name":"packet","packet_id":138,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_usec":1120469831652887,"pkt":"MDBUADRWAODtAW69CABFAABIaiIAE4ARTS\/AqAECwKgBAQqsADUANM1AXNgBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_src_last_pkt_time":1120469835658648,"flow_dst_last_pkt_time":1120469831652887,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120469835658648,"pkt":"ADBUADRWAODtAW69CABFAABIaiMAAIARTS7AqAECwKgBAQqsADUANM1AXNgBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
01032{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":140,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120469633828778,"flow_src_last_pkt_time":1120469633828778,"flow_dst_last_pkt_time":1120469634840520,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":126,"flow_src_tot_l4_payload_len":33,"flow_dst_tot_l4_payload_len":126,"midstream":0,"thread_ts_usec":1120469835658648,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2719,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
@@ -325,7 +325,7 @@
00908{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":156,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469680186878,"flow_src_last_pkt_time":1120469680186878,"flow_dst_last_pkt_time":1120469680186878,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469865145161,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2723,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00900{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":156,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469685131995,"flow_src_last_pkt_time":1120469685131995,"flow_dst_last_pkt_time":1120469685131995,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469865145161,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":25481,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"NetBIOS","proto_id":"10","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":""}}
00770{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":156,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469685131995,"flow_src_last_pkt_time":1120469685131995,"flow_dst_last_pkt_time":1120469685131995,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469865145161,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":25481,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00219{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":157,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":58,"global_ts_usec":1120469876437351}
00319{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120469876437351,"packet_id":157,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":58,"global_ts_usec":1120469876437351}
00419{"packet_event_id":1,"packet_event_name":"packet","packet_id":157,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":92,"pkt_l4_len":0,"thread_ts_usec":1120469875687550,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABPai8AAIARTB7AqAECwKgB\/wCJAIkAOluZhQIBEAABWQAAAAAAIEVGRURFSkZQRUVFUEVORUJFSkVPQ0FDQUNBQ0FDQWNNAAAgAAE="}
00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":158,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469877188186,"flow_src_last_pkt_time":1120469877188186,"flow_dst_last_pkt_time":1120469877188186,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469877188186,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":169,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_src_last_pkt_time":1120469877188186,"flow_dst_last_pkt_time":1120469877188186,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1120469877188186,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABOajAAAIARTB3AqAECwKgB\/wCJAKkAOluZhQIBEAABAAAAAAAAIEVGRURFSkZQRUVFUEVORUJFSkVPQ0FDQUNB10FDQUJNAAAgAAE="}
@@ -339,7 +339,7 @@
00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":160,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469922894014,"flow_src_last_pkt_time":1120469922894014,"flow_dst_last_pkt_time":1120469922894014,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469922894014,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2684,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":160,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_src_last_pkt_time":1120469922894014,"flow_dst_last_pkt_time":1120469922894014,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120469922894014,"pkt":"ADBUADRWAODtAW69CABFAABIJXMAAIARTRvAqAECwKgBAQp8ADUANK14fNwBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJRHliZXJjaXR5AmRrAAAhAAE="}
01015{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":160,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469922894014,"flow_src_last_pkt_time":1120469922894014,"flow_dst_last_pkt_time":1120469922894014,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469922894014,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2684,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.dybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
00202{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":163,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_usec":1120469924456160}
00302{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120469924456160,"packet_id":163,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_usec":1120469924456160}
00419{"packet_event_id":1,"packet_event_name":"packet","packet_id":163,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":92,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":92,"pkt_l4_len":0,"thread_ts_usec":1120469923705073,"pkt":"\/\/\/\/\/\/\/\/AODtAW69qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":164,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469924897763,"flow_src_last_pkt_time":1120469924897763,"flow_dst_last_pkt_time":1120469924897763,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469924897763,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.17","src_port":2736,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":164,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_src_last_pkt_time":1120469924897763,"flow_dst_last_pkt_time":1120469924897763,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120469924897763,"pkt":"ADBUADRWAODtAW69CABFAABIajoAAIARTRfAqAECwKgBEQqwADUANK04fNwBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
@@ -391,7 +391,7 @@
00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":2,"flow_src_last_pkt_time":1120469957944384,"flow_dst_last_pkt_time":1120469956945492,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120469957944384,"pkt":"ADBUADRWAODtAW69CABFAABIakkAAIARTQjAqAECwKgBAQq0ADUANP0xLN82AAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
01023{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":184,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120469956945492,"flow_src_last_pkt_time":1120469957944384,"flow_dst_last_pkt_time":1120469956945492,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469957944384,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2740,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":185,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":3,"flow_src_last_pkt_time":1120469959947225,"flow_dst_last_pkt_time":1120469956945492,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120469959947225,"pkt":"ADBUADRWAODtAW69CABFAABIakoAAIARTQfAqAECwKgBAQq0ADUANP0xLN8BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00201{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":186,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":2151,"global_ts_usec":1120469961950106}
00301{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120469961950106,"packet_id":186,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":2151,"global_ts_usec":1120469961950106}
00402{"packet_event_id":1,"packet_event_name":"packet","packet_id":186,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2151,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_usec":1120469959947225,"pkt":"ADBUADRWAODtAW69CGdFAABIaksAAIARTQbAqAECwKgBAQq0ADUAPP0xLN8BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
01144{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":187,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1120469956945492,"flow_src_last_pkt_time":1120469965955887,"flow_dst_last_pkt_time":1120469956945492,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469965955887,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2740,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":188,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469970215886,"flow_src_last_pkt_time":1120469970215886,"flow_dst_last_pkt_time":1120469970215886,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469970215886,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":8329,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -432,7 +432,7 @@
00768{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":199,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469864991331,"flow_src_last_pkt_time":1120469864991331,"flow_dst_last_pkt_time":1120469864991331,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469994988199,"l3_proto":"ip4","src_ip":"200.168.1.2","dst_ip":"192.168.1.1","src_port":2735,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00910{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":199,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469864992832,"flow_src_last_pkt_time":1120469864992832,"flow_dst_last_pkt_time":1120469864992832,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469994988199,"l3_proto":"ip4","src_ip":"253.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2735,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00745{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":199,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120469635127552,"flow_src_last_pkt_time":1120469697466627,"flow_dst_last_pkt_time":1120469635127552,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":72,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":114,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469994988199,"l3_proto":"ip4","src_ip":"170.170.170.170","dst_ip":"170.170.170.170","l4_proto":170,"flow_datalink":1,"flow_max_packets":3}
00201{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":199,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":2115,"global_ts_usec":1120470000407925}
00301{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470000407925,"packet_id":199,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":2115,"global_ts_usec":1120470000407925}
00622{"packet_event_id":1,"packet_event_name":"packet","packet_id":199,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":243,"pkt_type":2115,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":243,"pkt_l4_len":0,"thread_ts_usec":1120469994988199,"pkt":"\/\/\/\/\/\/\/\/AGCXD+5yCENFAADlXL4AAIARWNHAqAEpwKgB\/wCKAIoA0SAWEQKRS8CoASkAigC7AAAgRU1FQkVDREJEQkRCQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0EAIEbuRVBGQ0VMRUhGQ0VQRkZGQUNBQyVzAENBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAIQAAAAAAAAAAAOgDAAAAAAAAAAAhAFYAAwABAAAAAgAyAFxNQUlxU0xPVFxCUk9XU0UAAQCA\/AoATEFCMTExAAAAAA+y781oIgUBAxAAAA8BVaoA"}
00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":200,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470002989548,"flow_src_last_pkt_time":1120470002989548,"flow_dst_last_pkt_time":1120470002989548,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470002989548,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2743,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":200,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_src_last_pkt_time":1120470002989548,"flow_dst_last_pkt_time":1120470002989548,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1120470002989548,"pkt":"ADBUADRWAODtAW69CABFAABEalgAAIARTP3AqAECwKgBAQq3ADUAMKhFfMIAAAABAAAAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAQ=="}
@@ -526,7 +526,7 @@
00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":237,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470066201945,"flow_src_last_pkt_time":1120470066201945,"flow_dst_last_pkt_time":1120470066201945,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470066201945,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2733,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":237,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_src_last_pkt_time":1120470066201945,"flow_dst_last_pkt_time":1120470066201945,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_usec":1120470066201945,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1Cq0AR+y1GsiAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"}
01011{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":237,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470066201945,"flow_src_last_pkt_time":1120470066201945,"flow_dst_last_pkt_time":1120470066201945,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470066201945,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2733,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-addr.arpa","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":12,"rsp_addr":"0.0.0.0"}}}
00202{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":238,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":10240,"global_ts_usec":1120470066203124}
00302{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470066203124,"packet_id":238,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":10240,"global_ts_usec":1120470066203124}
00351{"packet_event_id":1,"packet_event_name":"packet","packet_id":238,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":47,"pkt_type":10240,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":47,"pkt_l4_len":0,"thread_ts_usec":1120470066201945,"pkt":"ADBUADRWAODtAW69KABFAAAhankAAIARGJPAqAEC1PIhIxPEE8QADcBLICAgICA="}
00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":239,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470066293853,"flow_src_last_pkt_time":1120470066293853,"flow_dst_last_pkt_time":1120470066293853,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470066293853,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2750,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":239,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_src_last_pkt_time":1120470066293853,"flow_dst_last_pkt_time":1120470066293853,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470066293853,"pkt":"ADBUADRWAODtAW69CABFAABIanoAAIARTNfAqAECwKgBAQq+ADUANBAIP8gBAAABAAAAAAAABF9zaXAEX3VkcAR2b2lwB2JydWp1bGEDbmV0AAAhAAE="}
@@ -597,7 +597,7 @@
00769{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":265,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1120470049190871,"flow_src_last_pkt_time":1120470058198554,"flow_dst_last_pkt_time":1120470049190871,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":220,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470102883325,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2748,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00916{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":265,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470049188993,"flow_src_last_pkt_time":1120470049188993,"flow_dst_last_pkt_time":1120470049188993,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":822,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":822,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":822,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470102883325,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":4932,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
00922{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":265,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":2,"flow_first_seen":1120470049696866,"flow_src_last_pkt_time":1120470094861859,"flow_dst_last_pkt_time":1120470085961798,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":375,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":822,"flow_dst_max_l4_payload_len":614,"flow_src_tot_l4_payload_len":3519,"flow_dst_tot_l4_payload_len":1209,"midstream":0,"thread_ts_usec":1120470102883325,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
00202{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":267,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_usec":1120470112342670}
00302{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470112342670,"packet_id":267,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_usec":1120470112342670}
00403{"packet_event_id":1,"packet_event_name":"packet","packet_id":267,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_usec":1120470110894601,"pkt":"ADBUAKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00763{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":269,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470113337845,"flow_src_last_pkt_time":1120470113337845,"flow_dst_last_pkt_time":1120470113337845,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":9,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":9,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":9,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470113337845,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2754,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":269,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_src_last_pkt_time":1120470113337845,"flow_dst_last_pkt_time":1120470113337845,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":17,"thread_ts_usec":1120470113337845,"pkt":"ADBUADRWAODtA269CABFAAAlcwAAAIARTLzAqAECwKgBAQrCADUAPKwzfc8BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
@@ -717,18 +717,18 @@
00910{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":303,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470002989548,"flow_src_last_pkt_time":1120470002989548,"flow_dst_last_pkt_time":1120470002991048,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470187658020,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2743,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00736{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":303,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470033172606,"flow_src_last_pkt_time":1120470033172606,"flow_dst_last_pkt_time":1120470033172606,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470187658020,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","l4_proto":240,"flow_datalink":1,"flow_max_packets":3}
00770{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":303,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1120470141614697,"flow_src_last_pkt_time":1120470150621463,"flow_dst_last_pkt_time":1120470141614697,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":220,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470187658020,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2756,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00219{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":303,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_usec":1120470199678387}
00319{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470199678387,"packet_id":303,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_usec":1120470199678387}
00402{"packet_event_id":1,"packet_event_name":"packet","packet_id":303,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_usec":1120470187658020,"pkt":"ADBUADRWAODtAW69CABBAABIarMAAIARTJ7xqAECwKgBAQrIADUANHAIufQBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":304,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470200673416,"flow_src_last_pkt_time":1120470200673416,"flow_dst_last_pkt_time":1120470200673416,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470200673416,"l3_proto":"ip4","src_ip":"192.22.1.2","dst_ip":"192.168.1.1","src_port":2760,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":304,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":1,"flow_src_last_pkt_time":1120470200673416,"flow_dst_last_pkt_time":1120470200673416,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470200673416,"pkt":"ADBUADRWAODtAW69CABFAABIaqsAAIARTJ3AFgECwKgBAQrIADUANHAIufQBALQBAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":305,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470202676324,"flow_src_last_pkt_time":1120470202676324,"flow_dst_last_pkt_time":1120470202676324,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470202676324,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2760,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":305,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":1,"flow_src_last_pkt_time":1120470202676324,"flow_dst_last_pkt_time":1120470202676324,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470202676324,"pkt":"ADBUADRWAODtAW69CABFAABIarUAAIARTJzAqAECwKgBAQrIADUANHAIufQBAAABAAAAAAAABF9zaXAEZXVkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
01016{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":305,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470202676324,"flow_src_last_pkt_time":1120470202676324,"flow_dst_last_pkt_time":1120470202676324,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470202676324,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2760,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip.eudp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
00202{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":306,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":47872,"global_ts_usec":1120470204679215}
00302{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470204679215,"packet_id":306,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":47872,"global_ts_usec":1120470204679215}
00403{"packet_event_id":1,"packet_event_name":"packet","packet_id":306,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":47872,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_usec":1120470202676324,"pkt":"ADBUADRWAODtAW69uwBFAABIarYAAIARTJvAqAECwKgBAQrIADUANHAIufQBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00219{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":307,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":58,"global_ts_usec":1120470207908384}
00319{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":3,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470207908384,"packet_id":307,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":58,"global_ts_usec":1120470207908384}
00417{"packet_event_id":1,"packet_event_name":"packet","packet_id":307,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":92,"pkt_l4_len":0,"thread_ts_usec":1120470202676324,"pkt":"\/zT\/\/\/\/\/AODVAW69CABFAFJOarcAAIARkZbAqAECwKgB\/wCJAIkAOlt+hR0BEAABAAAAAABFIEVGRURFSkZQRUVFUEVORUJFSkVPQ0FDQUNBQ0FDQUJNAAAgAAE="}
00201{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":308,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":9587,"global_ts_usec":1120470208654850}
00301{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":4,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470208654850,"packet_id":308,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":9587,"global_ts_usec":1120470208654850}
00419{"packet_event_id":1,"packet_event_name":"packet","packet_id":308,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":92,"pkt_type":9587,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":92,"pkt_l4_len":0,"thread_ts_usec":1120470202676324,"pkt":"\/\/\/\/\/\/\/\/AODtAW69JXMAAABOargAAIARS5XAqAECwKgB\/wCJAIkAOlt+hZ0BEAABAAAAAAAAIEVGRURFSkZQRUVFUEVOREJFSkVPQ0FDQUNBQ0GQQUJNAAAgAAE="}
00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":309,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":2,"flow_src_last_pkt_time":1120470208684923,"flow_dst_last_pkt_time":1120470202676324,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470208684923,"pkt":"ADBUADRWAODtAW69CABFAABIarkAAIARTJjAqAECwKgBAQrIADUANHAIufQBAAABAAAAADYABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
01024{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":309,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120470202676324,"flow_src_last_pkt_time":1120470208684923,"flow_dst_last_pkt_time":1120470202676324,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470208684923,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2760,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
@@ -769,9 +769,9 @@
01144{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":315,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120470216783289,"flow_src_last_pkt_time":1120470217778034,"flow_dst_last_pkt_time":1120470216783289,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470217778034,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2762,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":316,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":3,"flow_src_last_pkt_time":1120470219780912,"flow_dst_last_pkt_time":1120470216783289,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470219780912,"pkt":"ADBUADRWAODtAW69CABFAABIar8AAIARTJLAqAECwKgBAQrKADUANKsCfvgBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AnNrAAAhAAE="}
01145{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":316,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470216783289,"flow_src_last_pkt_time":1120470219780912,"flow_dst_last_pkt_time":1120470216783289,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470219780912,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2762,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.sk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
00202{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":317,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":29440,"global_ts_usec":1120470221783776}
00302{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470221783776,"packet_id":317,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":29440,"global_ts_usec":1120470221783776}
00403{"packet_event_id":1,"packet_event_name":"packet","packet_id":317,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":29440,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_usec":1120470219780912,"pkt":"ADBUADRWAODtAW4lcwBFAABIasAAAIARTJHAqAECwKglcwDKADUANKsCfvgBAAABAAAAAAgABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00199{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":1,"packet_id":318,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","protocol":2048,"global_ts_usec":1120470225789534}
00299{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470225789534,"packet_id":318,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","protocol":2048,"global_ts_usec":1120470225789534}
00402{"packet_event_id":1,"packet_event_name":"packet","packet_id":318,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_usec":1120470219780912,"pkt":"ADBUADRWAODtAW69CACbAABIasEEAIARTJDAqAECwKgBAQrKADUANKsCfvgBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00820{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":319,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470032081813,"flow_src_last_pkt_time":1120470032081813,"flow_dst_last_pkt_time":1120470032081813,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470219780912,"l3_proto":"ip4","src_ip":"192.168.1.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","encrypted":0,"breed":"Unrated"}}
00776{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":319,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470032081813,"flow_src_last_pkt_time":1120470032081813,"flow_dst_last_pkt_time":1120470032081813,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470219780912,"l3_proto":"ip4","src_ip":"192.168.1.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -780,17 +780,17 @@
00769{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":319,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470170646619,"flow_src_last_pkt_time":1120470170646619,"flow_dst_last_pkt_time":1120470170646619,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470219780912,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2640,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00772{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":319,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470173644568,"flow_src_last_pkt_time":1120470173644568,"flow_dst_last_pkt_time":1120470173644568,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470219780912,"l3_proto":"ip4","src_ip":"192.168.37.115","dst_ip":"128.168.1.1","src_port":2758,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00769{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":319,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470171641690,"flow_src_last_pkt_time":1120470171641690,"flow_dst_last_pkt_time":1120470171641690,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470219780912,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2785,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00202{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":319,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":29440,"global_ts_usec":1120470233791441}
00302{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":3,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470233791441,"packet_id":319,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":29440,"global_ts_usec":1120470233791441}
00400{"packet_event_id":1,"packet_event_name":"packet","packet_id":319,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":82,"pkt_type":29440,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":82,"pkt_l4_len":0,"thread_ts_usec":1120470219780912,"pkt":"ADBUADRWAODtSm4lcwBFAABEasIAAIARTJPAqAECwKgBAQrLADUAMHT6r\/kAAAABAAAAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAQ=="}
00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":320,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470233792936,"flow_src_last_pkt_time":1120470233792936,"flow_dst_last_pkt_time":1120470233792936,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470233792936,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2763,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00594{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":320,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":1,"flow_src_last_pkt_time":1120470233792936,"flow_dst_last_pkt_time":1120470233792936,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_usec":1120470233792936,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1CssAR1d2r\/mAAAAmcwEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAYAAJxAACwlsb2NhbGhvc3QA"}
01132{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":320,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470233792936,"flow_src_last_pkt_time":1120470233792936,"flow_dst_last_pkt_time":1120470233792936,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470233792936,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2763,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-addr.arpa","dns": {"num_queries":38,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
00201{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":321,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":2176,"global_ts_usec":1120470233794463}
00301{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":4,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470233794463,"packet_id":321,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":2176,"global_ts_usec":1120470233794463}
01444{"packet_event_id":1,"packet_event_name":"packet","packet_id":321,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":867,"pkt_type":2176,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":867,"pkt_l4_len":0,"thread_ts_usec":1120470233792936,"pkt":"ADBUADRWAODtAW69CIBFAANVaMMAAIARFRXAqAEC1PIhIxPEE8QDQYjhSU5WSVRFIHNpcDowMDk3MjM5Mjg3MDQ0QHNpcC5jeWJlcmNpdHkuZGsgU0lQL1MuMA0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjo1MDYwO2JyYW5jaD16OWhHNGJLbnA4NTIxMzY5NC00MzBhYTFkZTGqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":322,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470233796341,"flow_src_last_pkt_time":1120470233796341,"flow_dst_last_pkt_time":1120470233796341,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470233796341,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2764,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":322,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":1,"flow_src_last_pkt_time":1120470233796341,"flow_dst_last_pkt_time":1120470233796341,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470233796341,"pkt":"ADBUADRWAODtAW69CABFAABIasQAAIARTI3AqAECwKgBAQrMADUANEn93\/sBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
01016{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":322,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470233796341,"flow_src_last_pkt_time":1120470233796341,"flow_dst_last_pkt_time":1120470233796341,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470233796341,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2764,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
00202{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":323,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_usec":1120470234292134}
00302{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":5,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470234292134,"packet_id":323,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_usec":1120470234292134}
01445{"packet_event_id":1,"packet_event_name":"packet","packet_id":323,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":867,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":867,"pkt_l4_len":0,"thread_ts_usec":1120470233796341,"pkt":"ADBUADRWAOCqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":324,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":2,"flow_src_last_pkt_time":1120470234792505,"flow_dst_last_pkt_time":1120470233796341,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470234792505,"pkt":"ADBUADRWAODtAW69CABFAABIasYAAIARTIvAqAECwKgBAQrMADUANEn93\/sBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":328,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470236795395,"flow_src_last_pkt_time":1120470236795395,"flow_dst_last_pkt_time":1120470236795395,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470236795395,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -825,7 +825,7 @@
01016{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":337,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470251907970,"flow_src_last_pkt_time":1120470251907970,"flow_dst_last_pkt_time":1120470251907970,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470251907970,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2766,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":338,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":128,"flow_packet_id":2,"flow_src_last_pkt_time":1120470253909994,"flow_dst_last_pkt_time":1120470251907970,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470253909994,"pkt":"ADBUADRWAODtAW69CABFAABIatAAAIARTIHAqAECwKgBAQrOADUANK35e\/0BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZTBjaXR5AmRrAAAhAAE="}
01024{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":338,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120470251907970,"flow_src_last_pkt_time":1120470253909994,"flow_dst_last_pkt_time":1120470251907970,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470253909994,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2766,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybe0city.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
00202{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":339,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_usec":1120470255912874}
00302{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470255912874,"packet_id":339,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_usec":1120470255912874}
00403{"packet_event_id":1,"packet_event_name":"packet","packet_id":339,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_usec":1120470253909994,"pkt":"ADBUAKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":343,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470259918614,"flow_src_last_pkt_time":1120470259918614,"flow_dst_last_pkt_time":1120470259918614,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470259918614,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":14798,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":129,"flow_packet_id":1,"flow_src_last_pkt_time":1120470259918614,"flow_dst_last_pkt_time":1120470259918614,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470259918614,"pkt":"ADBUADRWAODtAW69CABFAABIatkAAIQRTHjAqAECwKgBATnOADUANK35e\/0BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhABE="}
@@ -856,7 +856,7 @@
00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":347,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470267925643,"flow_src_last_pkt_time":1120470267925643,"flow_dst_last_pkt_time":1120470267925643,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470267925643,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2768,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":1,"flow_src_last_pkt_time":1120470267925643,"flow_dst_last_pkt_time":1120470267925643,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470267925643,"pkt":"ADBUADRWAODtAW69CABFAABIatwAAIARTHXAqAECwKgBAQrQADUANDb28v4BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
01016{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":347,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470267925643,"flow_src_last_pkt_time":1120470267925643,"flow_dst_last_pkt_time":1120470267925643,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470267925643,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2768,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
00219{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":350,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_usec":1120470268921628}
00319{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470268921628,"packet_id":350,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_usec":1120470268921628}
00402{"packet_event_id":1,"packet_event_name":"packet","packet_id":350,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_usec":1120470268180956,"pkt":"ADBUADRWAODtAW69CABFAGhIat4AAIARTHPAqAECwKgBAQrQADUANDb28v4BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":351,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470270925077,"flow_src_last_pkt_time":1120470270925077,"flow_dst_last_pkt_time":1120470270925077,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470270925077,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":35536,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":351,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":132,"flow_packet_id":1,"flow_src_last_pkt_time":1120470270925077,"flow_dst_last_pkt_time":1120470270925077,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470270925077,"pkt":"ADBUADRWAODtAW69CABFAABIat8AAIARTHLAqAECwKgBAYrQADUANDb28v4BAAABwwAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
@@ -891,21 +891,21 @@
00777{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":357,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470236795395,"flow_src_last_pkt_time":1120470236795395,"flow_dst_last_pkt_time":1120470236795395,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470284937812,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01031{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":357,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470233792936,"flow_src_last_pkt_time":1120470233792936,"flow_dst_last_pkt_time":1120470233792936,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470284937812,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2763,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
01032{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":357,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1120470233796341,"flow_src_last_pkt_time":1120470242804255,"flow_dst_last_pkt_time":1120470233796341,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470284937812,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2764,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00202{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":357,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_usec":1120470298331768}
00302{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470298331768,"packet_id":357,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_usec":1120470298331768}
00403{"packet_event_id":1,"packet_event_name":"packet","packet_id":357,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_usec":1120470284937812,"pkt":"qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00201{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":358,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":9587,"global_ts_usec":1120470299325295}
00301{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470299325295,"packet_id":358,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":9587,"global_ts_usec":1120470299325295}
00404{"packet_event_id":1,"packet_event_name":"packet","packet_id":358,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":9587,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_usec":1120470284937812,"pkt":"ADBUADRWAODtAW69JXMAAABIauUAAIARTGzAqFwCwKgBAQrSADUANCnz\/\/8BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00734{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":359,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470301328331,"flow_src_last_pkt_time":1120470301328331,"flow_dst_last_pkt_time":1120470301328331,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470301328331,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","l4_proto":127,"flow_datalink":1,"flow_max_packets":3}
00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":136,"flow_packet_id":1,"flow_src_last_pkt_time":1120470301328331,"flow_dst_last_pkt_time":1120470301328331,"flow_idle_time":620000000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470301328331,"pkt":"ADBUADRWAODtAW69CABFAABIauYAAIB\/TGvAqAECwKgBAQrSADUANCnz\/\/8BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJYnliZXJjaXR5AmRrAAAhAAE="}
00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":360,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470303331030,"flow_src_last_pkt_time":1120470303331030,"flow_dst_last_pkt_time":1120470303331030,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470303331030,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2770,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":1,"flow_src_last_pkt_time":1120470303331030,"flow_dst_last_pkt_time":1120470303331030,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470303331030,"pkt":"ADBUADRWAODtAW69CABFBABIaucAAIARTGrAqAECwKgBAQrSADUANCnz\/\/8BAAABAAAAAACqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
01109{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":360,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470303331030,"flow_src_last_pkt_time":1120470303331030,"flow_dst_last_pkt_time":1120470303331030,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470303331030,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2770,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
00219{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":361,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":58,"global_ts_usec":1120470303562349}
00319{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":3,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470303562349,"packet_id":361,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":58,"global_ts_usec":1120470303562349}
00419{"packet_event_id":1,"packet_event_name":"packet","packet_id":361,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":92,"pkt_l4_len":0,"thread_ts_usec":1120470303331030,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAFhOaugAAIARS2XAqAECwKgB\/wCJAIkAOlt2hSUBEAABAAAAAAAAIEVGRURFSkZQRUVFUEVORUJFSkVPQ0FDQUNBQ0FDQUJNAAAgAAE="}
00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":362,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470304312412,"flow_src_last_pkt_time":1120470304312412,"flow_dst_last_pkt_time":1120470304312412,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470304312412,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"120.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":1,"flow_src_last_pkt_time":1120470304312412,"flow_dst_last_pkt_time":1120470304312412,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1120470304312412,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABO7ukAAIARS2TAqAECeKgB\/wCJAIkAOlt2hSUBEAABAAAAAAAAIEVGRURFSkZQRUVFUEVORUKqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00898{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":362,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470304312412,"flow_src_last_pkt_time":1120470304312412,"flow_dst_last_pkt_time":1120470304312412,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470304312412,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"120.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"eci_doma"}}
00202{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":363,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_usec":1120470305063494}
00302{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":4,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470305063494,"packet_id":363,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_usec":1120470305063494}
00415{"packet_event_id":1,"packet_event_name":"packet","packet_id":363,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":92,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":92,"pkt_l4_len":0,"thread_ts_usec":1120470304312412,"pkt":"\/\/\/\/qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":364,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":2,"flow_src_last_pkt_time":1120470307336934,"flow_dst_last_pkt_time":1120470303331030,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470307336934,"pkt":"AFNUADRWAEjtAW69CABFAABIausAAIARTGbAqAECwKgBAQrSADUANCnz\/\/8BAABGAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
01117{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":364,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120470303331030,"flow_src_last_pkt_time":1120470307336934,"flow_dst_last_pkt_time":1120470303331030,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470307336934,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2770,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
@@ -933,7 +933,7 @@
00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":366,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470315340201,"flow_src_last_pkt_time":1120470315340201,"flow_dst_last_pkt_time":1120470315340201,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470315340201,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2771,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00594{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":366,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":1,"flow_src_last_pkt_time":1120470315340201,"flow_dst_last_pkt_time":1120470315340201,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_usec":1120470315340201,"pkt":"AODtAW68ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1CtMARwmH\/eCAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQBhJxAACwlsb2NhbGhvc3QA"}
01012{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":366,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470315340201,"flow_src_last_pkt_time":1120470315340201,"flow_dst_last_pkt_time":1120470315340201,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470315340201,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2771,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-addr.arpa","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":12,"rsp_addr":"0.0.0.0"}}}
00219{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":367,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":13,"global_ts_usec":1120470315341351}
00319{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470315341351,"packet_id":367,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":13,"global_ts_usec":1120470315341351}
00350{"packet_event_id":1,"packet_event_name":"packet","packet_id":367,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":47,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":47,"pkt_l4_len":0,"thread_ts_usec":1120470315340201,"pkt":"ADBUADRWAODtAW69CABFAAAhau0AUoARGB8NqAEC1PIhIxPEE8QADcBLICAgNiA="}
00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":368,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470315653366,"flow_src_last_pkt_time":1120470315653366,"flow_dst_last_pkt_time":1120470315653366,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":201,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470315653366,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00788{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":368,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":1,"flow_src_last_pkt_time":1120470315653366,"flow_dst_last_pkt_time":1120470315653366,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"thread_ts_usec":1120470315653366,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAADlau4AAIARSsjAqAECwKgB\/wCKAIoA0VstEQ6FJ8CoAQIAigC7AAAgRUVEQURBRENERURHREZDtkNBQ0FDQUNBQ0FDQUNBQ0EAIEVGRURFSkZQRUVFOEVORUJFSkVPQ0FDQUNBQ0FDQUJOAP9TTUIlNgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIQAAAAAAAAAAAOgDAAAAAAAAAAAhBFYAAwABAAAAAgA2AFxNQUlMU0xPVFxCUk9XU0UAAQCA\/AoARDAwMjQ2NQAAAAAAAAAAAAUAA2EAAA8BVaoA"}
@@ -969,7 +969,7 @@
00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":376,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470344560828,"flow_src_last_pkt_time":1120470344560828,"flow_dst_last_pkt_time":1120470344560828,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470344560828,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2773,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":376,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":1,"flow_src_last_pkt_time":1120470344560828,"flow_dst_last_pkt_time":1120470344560828,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1120470344560828,"pkt":"ADBUADRWAODtAW69CABFAABEavQAAIARTEHAqAECwKgBAQrVADUAMLAHdOoEAAABAAAAAAAAATEBMAEwAzEyNwdpTC1hZGRyBGFycGEAAAwAAQ=="}
01012{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":376,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470344560828,"flow_src_last_pkt_time":1120470344560828,"flow_dst_last_pkt_time":1120470344560828,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470344560828,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2773,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.il-addr.arpa","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
00219{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":377,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":71,"global_ts_usec":1120470344562295}
00319{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470344562295,"packet_id":377,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":71,"global_ts_usec":1120470344562295}
00428{"packet_event_id":1,"packet_event_name":"packet","packet_id":377,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":105,"pkt_l4_len":0,"thread_ts_usec":1120470344560828,"pkt":"AODtAW69ADBUADRWCABFAABbAACGAEARtz7AqAEBwKgBAgA1CtUAR5KDdOKAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"}
00767{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470170646619,"flow_src_last_pkt_time":1120470170646619,"flow_dst_last_pkt_time":1120470170646619,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470352381647,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2640,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01031{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470158623642,"flow_src_last_pkt_time":1120470158623642,"flow_dst_last_pkt_time":1120470158625217,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470352381647,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2757,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
@@ -1020,7 +1020,7 @@
01016{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":390,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470385615843,"flow_src_last_pkt_time":1120470385615843,"flow_dst_last_pkt_time":1120470385615843,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470385615843,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2776,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":391,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":2,"flow_src_last_pkt_time":1120470386610998,"flow_dst_last_pkt_time":1120470385615843,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470386610998,"pkt":"ADBUADRWAODtAW69CABFAABIawUAAKARTEzAqAECwKgBAQrYADUANEcJLuMBAAABAAAAAAAABV9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
01118{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":391,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120470385615843,"flow_src_last_pkt_time":1120470386610998,"flow_dst_last_pkt_time":1120470385615843,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470386610998,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2776,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
00202{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":392,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_usec":1120470388613748}
00302{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470388613748,"packet_id":392,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_usec":1120470388613748}
00403{"packet_event_id":1,"packet_event_name":"packet","packet_id":392,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_usec":1120470386610998,"pkt":"ADBUADSqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":393,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":3,"flow_src_last_pkt_time":1120470390616811,"flow_dst_last_pkt_time":1120470385615843,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470390616811,"pkt":"ADBUADRWAODtAW69CABFAABIawsAAIARTEbAqAECwKgBAQrYADUANPsJLuMBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
01145{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":393,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470385615843,"flow_src_last_pkt_time":1120470390616811,"flow_dst_last_pkt_time":1120470385615843,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470390616811,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2776,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
@@ -1048,7 +1048,7 @@
01012{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":399,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470402625817,"flow_src_last_pkt_time":1120470402625817,"flow_dst_last_pkt_time":1120470402625817,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470402625817,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2782,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-addr.arpa","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":12,"rsp_addr":"0.0.0.0"}}}
00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":400,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470402627133,"flow_src_last_pkt_time":1120470402627133,"flow_dst_last_pkt_time":1120470402627133,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":5,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470402627133,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":400,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":1,"flow_src_last_pkt_time":1120470402627133,"flow_dst_last_pkt_time":1120470402627133,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":47,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":47,"pkt_l4_len":13,"thread_ts_usec":1120470402627133,"pkt":"ADBUADRWAODtAW69CABFAAAhaz4AAIARF87AqAEG1PIhIxPEE8QADcBLICAgICA="}
00201{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":401,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":2566,"global_ts_usec":1120470407625543}
00301{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470407625543,"packet_id":401,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":2566,"global_ts_usec":1120470407625543}
00367{"packet_event_id":1,"packet_event_name":"packet","packet_id":401,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":2566,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1120470402627133,"pkt":"AODtAW5nADBUADRWCgYAAQgABgQAAQAwVAA0VsCoAQEAAAAAAADAqAECiGQRAPY3AArAIQkOAAjPO\/nN"}
00908{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":403,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470216686822,"flow_src_last_pkt_time":1120470216686822,"flow_dst_last_pkt_time":1120470216688322,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":9,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":9,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":9,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470402627133,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2761,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00768{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":403,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470216783289,"flow_src_last_pkt_time":1120470219780912,"flow_dst_last_pkt_time":1120470216783289,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470402627133,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2762,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -1067,7 +1067,7 @@
01018{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":403,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470414647526,"flow_src_last_pkt_time":1120470414647526,"flow_dst_last_pkt_time":1120470414647526,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470414647526,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2783,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1057,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":404,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":2,"flow_src_last_pkt_time":1120470415643049,"flow_dst_last_pkt_time":1120470414647526,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470415643049,"pkt":"ADBUJXMAAODtAW69CABFAABIa0sAAIARTAbAqAECwKgBAQrfADUANOABSeQBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
01024{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":404,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120470414647526,"flow_src_last_pkt_time":1120470415643049,"flow_dst_last_pkt_time":1120470414647526,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470415643049,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2783,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
00202{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":405,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_usec":1120470417645446}
00302{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470417645446,"packet_id":405,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_usec":1120470417645446}
00403{"packet_event_id":1,"packet_event_name":"packet","packet_id":405,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_usec":1120470415643049,"pkt":"ADBUADRWAOCqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00764{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":406,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470419648352,"flow_src_last_pkt_time":1120470419648352,"flow_dst_last_pkt_time":1120470419648352,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470419648352,"l3_proto":"ip4","src_ip":"0.168.1.2","dst_ip":"192.168.1.1","src_port":2783,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":154,"flow_packet_id":1,"flow_src_last_pkt_time":1120470419648352,"flow_dst_last_pkt_time":1120470419648352,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470419648352,"pkt":"ADBUADRWAODtAW69CABFAABIa00AAIARJXMAqAECwKgBAQrfADUANOABSeQBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
@@ -1092,7 +1092,7 @@
00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":409,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470431657512,"flow_src_last_pkt_time":1120470431657512,"flow_dst_last_pkt_time":1120470431657512,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470431657512,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.5.2","src_port":53,"dst_port":2784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00593{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":409,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":1,"flow_src_last_pkt_time":1120470431657512,"flow_dst_last_pkt_time":1120470431657512,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_usec":1120470431657512,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgFAgA1CuAAR2l1neWAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFzcGEAAAwAAcAMAAwAAQAAJyVzAAlsb2NhbGhvc3QA"}
01012{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":409,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470431657512,"flow_src_last_pkt_time":1120470431657512,"flow_dst_last_pkt_time":1120470431657512,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470431657512,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.5.2","src_port":53,"dst_port":2784,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-addr.aspa","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":12,"rsp_addr":"0.0.0.0"}}}
00202{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":411,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":18688,"global_ts_usec":1120470439142760}
00302{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470439142760,"packet_id":411,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":18688,"global_ts_usec":1120470439142760}
00403{"packet_event_id":1,"packet_event_name":"packet","packet_id":411,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":18688,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_usec":1120470431658642,"pkt":"ADBUADRWAODtAW69SQBFAIBIa1EAAIARTADAqAECwKgBAQrhADUANAD+KOYBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":412,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":2,"flow_src_last_pkt_time":1120470187656855,"flow_dst_last_pkt_time":1120470440137922,"flow_idle_time":620000000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470440137922,"pkt":"ADBUADRWAODtAW69CABFAABIa1LfAEwlcwDAqAECwKgBAQrhADUANAD+KOYBAAABAAAAQAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00768{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":413,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470259918614,"flow_src_last_pkt_time":1120470259918614,"flow_dst_last_pkt_time":1120470259918614,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470440137922,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":14798,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -1132,7 +1132,7 @@
00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":419,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470456151196,"flow_src_last_pkt_time":1120470456151196,"flow_dst_last_pkt_time":1120470456151196,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470456151196,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.3","src_port":2786,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":419,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":1,"flow_src_last_pkt_time":1120470456151196,"flow_dst_last_pkt_time":1120470456151196,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1120470456151196,"pkt":"ADBUADRWAODtAW69CABFAABEa1kAAIARS\/zAqAECwKgBAwriADUAMED14+cAAAABAAAAAAAAATEBMAEwAzEyNwdpbi1hZKxyBGFycGEAAAwAAQ=="}
01012{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":419,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470456151196,"flow_src_last_pkt_time":1120470456151196,"flow_dst_last_pkt_time":1120470456151196,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470456151196,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.3","src_port":2786,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-ad?r.arpa","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
00219{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":420,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":71,"global_ts_usec":1120470456152669}
00319{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470456152669,"packet_id":420,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":71,"global_ts_usec":1120470456152669}
00428{"packet_event_id":1,"packet_event_name":"packet","packet_id":420,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":105,"pkt_l4_len":0,"thread_ts_usec":1120470456151196,"pkt":"AODtAW69ADBUADRWCABFAABbAABACEARtz7AqAEBwKgBAgA1CuIARyNx4+eAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"}
00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":422,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470456286438,"flow_src_last_pkt_time":1120470456286438,"flow_dst_last_pkt_time":1120470456286438,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":485,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":485,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":485,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470456286438,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":9587,"dst_port":196,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01158{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":422,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":162,"flow_packet_id":1,"flow_src_last_pkt_time":1120470456286438,"flow_dst_last_pkt_time":1120470456286438,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":527,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":527,"pkt_l4_len":493,"thread_ts_usec":1120470456286438,"pkt":"AODtAW69ADBUADRWCABFAAIBAABAADcRiizU8iEjwKgBAiVzAMQB7c3hU0lQJXMAMCA0MDEgVW5hdXRob3JpemVkDQpDYWxsLUlEOiA1NzgyMjI3MjktNDY2NWQ3NzVANTc4MjIyNzMyLTQ2NjVkNzcyDQpDU2VxOiA3NiBSRUdJU1RFUg0KRnJvbTogPHNpcDp2b2kxODA2MkBzaXAuY3liZXJjaXR5LmRrPjN0YWc9M2JmZmNjYw0KVG86IDxzaXA6dm9pMTgwNjJAc2lwLmN5+GVyY2l0cS5kaz47dGFnPTAwLTA0MDkwLTE3MDFiNjUxLTE1YzIzOGNlNg0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjtyZUNlaXNlZD04MC4yMzAuMjE5LjcwO3Jwb3J0PTUwNjA7YnJhbmNoPXo5aEc0YktucDYyOTEzNjY1LTQzMGFhMmRhMTkyLjE2OC4xLjINCldXVy0lcwBoZW50aWNhtWU6IERpZ2VzdFNyZWFsbT0ic2lwLmN5YmVyYyVzAEFkayIsbm9uY2VUIjE3MDFiNjM5MTQ4MDVjZDIxMzk1MzZjMDAzMjNkNTgiLG9wYXF1ZT0iMTcwMWExMzUxYjcwNzk1IixzdGFsZT1mYWxzZSxhbGdvcml0aCVzAEQ1DQpDb250ZW50LUxlbmd0aDogMA0KDQo="}
@@ -1163,9 +1163,9 @@
00732{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":429,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470473527682,"flow_src_last_pkt_time":1120470473527682,"flow_dst_last_pkt_time":1120470473527682,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":71,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":71,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":71,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470473527682,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","l4_proto":0,"flow_datalink":1,"flow_max_packets":3}
00593{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":429,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":1,"flow_src_last_pkt_time":1120470473527682,"flow_dst_last_pkt_time":1120470473527682,"flow_idle_time":620000000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_usec":1120470473527682,"pkt":"AODtAW69ADBUADRWCABFAABbAABAJXMAtz7AqAEBwKgBAgA1CuQAR5xtaumAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3Qw"}
02256{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":430,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":22,"flow_first_seen":1120469572981006,"flow_src_last_pkt_time":1120470268128176,"flow_dst_last_pkt_time":1120470473529233,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":306,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":593,"flow_dst_max_l4_payload_len":1076,"flow_src_tot_l4_payload_len":4595,"flow_dst_tot_l4_payload_len":6254,"midstream":0,"thread_ts_usec":1120470473529233,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":25935,"avg":51474044.0,"max":279041814,"stddev":59389388.0,"var":3527099352612864.0,"ent":4.2,"data": [17474795,107207461,89874891,17280679,167478647,167525220,17335822,73902652,91241081,17333170,25935,17724998,29031776,29092737,68237242,29272359,29031830,29031631,29031476,18604480,279041814,227102,15287489,17115049,32679444,257340,76383084,29031077,58063525,24495477,17375114]},"pktlen": {"min":33,"avg":367.0,"max":1104,"stddev":296.2,"var":87757.2,"ent":4.4,"data": [514,374,495,514,708,514,708,519,514,708,334,498,33,33,33,33,33,33,33,33,853,621,368,33,1104,473,363,33,33,33,466,701]},"bins": {"c_to_s": [0,0,0,0,0,0,0,0,0,1,1,0,0,1,1,5,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [12,0,0,0,0,0,0,0,0,0,2,0,0,1,1,0,0,0,0,0,0,4,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,0,1,0,1,0,0,1,0,0,1,1,1,1,1,1,1,1,1,0,1,1,1,0,1,1,1,1,1,1],"entropies": [5.828991890,5.782027245,5.782989502,5.772095203,5.761000156,1.504078388,3.362369776,2.947608709,5.765282631,4.114200115,5.769235611,3.191431999,4.098355293,4.098355293,4.098355293,4.098355293,4.098355293,4.098355293,4.098355293,4.098355293,5.808829308,5.790666103,5.744666100,4.098355293,1.549071550,5.804477692,4.601107121,4.098355293,4.037749290,4.098355293,3.348246098,2.334293365]},"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
00201{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":431,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":2157,"global_ts_usec":1120470473631455}
00301{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470473631455,"packet_id":431,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":2157,"global_ts_usec":1120470473631455}
00403{"packet_event_id":1,"packet_event_name":"packet","packet_id":431,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2157,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_usec":1120470473529233,"pkt":"ADBUADRWACVzVG69CG1FAABIa2IAAIARS+\/AqAECwKgBAQrlADUANLH1d+oBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00220{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":432,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":498,"global_ts_usec":1120470473676412}
00320{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470473676412,"packet_id":432,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":498,"global_ts_usec":1120470473676412}
01000{"packet_event_id":1,"packet_event_name":"packet","packet_id":432,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":532,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":532,"pkt_l4_len":0,"thread_ts_usec":1120470473529233,"pkt":"AODtCW69ADBUADRWCABFACVzAABAADcRiifU8iEjwKgBAhPEE8QB8jJ0U0lQLzIuMCA0MDEgbm9uY2UgaGFzIGNoYW5nZWQNCkNhbGwtSUQ6IDU3ODIyMjcyOS00NjY1ZDc3NUA1NzgyMjI3MzItNDY2NWQ3NzINCkNTZXE6IDc3IFJFR0lTVEVSDQpGcm9tOiA8c2lwOnZvaTE4MDYyQHNpcC5jeWJlcmNpdHkuZGs+O3RhZz0zYTU4MTQxDQpUbzogPHNpcDp2b2kxODA2MkBzaXAuY3liZXJjaXR5LmRrPjt0YWc9MDAtMDQwODktMTcwMWI2ODMtMThlYzGqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":433,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470474627370,"flow_src_last_pkt_time":1120470474627370,"flow_dst_last_pkt_time":1120470474627370,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470474627370,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2789,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":433,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":1,"flow_src_last_pkt_time":1120470474627370,"flow_dst_last_pkt_time":1120470474627370,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470474627370,"pkt":"ADBUADRWAODtAW69CABFAABIa2MAAIARS+7AqAECwKgBAQrlADUANLH1d+oBgAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
@@ -1186,7 +1186,7 @@
00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":439,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470490640835,"flow_src_last_pkt_time":1120470490640835,"flow_dst_last_pkt_time":1120470490640835,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470490640835,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2790,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":439,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":168,"flow_packet_id":1,"flow_src_last_pkt_time":1120470490640835,"flow_dst_last_pkt_time":1120470490640835,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1120470490640835,"pkt":"ADBUADRWAODlAW69CABFAABEa2cAAIARS+7AqAECwKgBAQrmADUAMMHtYusAAAABAAAA6QAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAQ=="}
01012{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":439,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470490640835,"flow_src_last_pkt_time":1120470490640835,"flow_dst_last_pkt_time":1120470490640835,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470490640835,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2790,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-addr.arpa","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
00219{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":440,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":71,"global_ts_usec":1120470490642320}
00319{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470490642320,"packet_id":440,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":71,"global_ts_usec":1120470490642320}
00428{"packet_event_id":1,"packet_event_name":"packet","packet_id":440,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":105,"pkt_l4_len":0,"thread_ts_usec":1120470490640835,"pkt":"AJLtAW69ADBUADRWCABFAABbAABADUARtz7AqAEBwKgBAgA1CuYAR6QBYuuAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"}
00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":442,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470490782704,"flow_src_last_pkt_time":1120470490782704,"flow_dst_last_pkt_time":1120470490782704,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":485,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":485,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":485,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470490782704,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.37.115.0","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01158{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":442,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":169,"flow_packet_id":1,"flow_src_last_pkt_time":1120470490782704,"flow_dst_last_pkt_time":1120470490782704,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":527,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":527,"pkt_l4_len":493,"thread_ts_usec":1120470490782704,"pkt":"AODtAW69ADBUADRWCABFAAIBAABAADcRiizU8iEjwCVzABPEE8QB7RaaU0lQLzIuMCA0MDEgVW5hdXRob3JpemVkDQpDYWxsLUlEOiA1NzgyMjI3MjktNDY2NWQ3NzVANTc4MjIyNzMyLTQ2NjVkNzcyDQpDU2VxOiA3OCBSRUdJU1RFUg0KRnJvbTogPHNpcDozNTEwNDcyM0BzaXAuY3liZXJjaXR5LmRrPjt0YWc9M2EyZDBkYw0KVG86IDxzaXA6MzUxMDQ3MjNAc2lwLmN5YmVyY2l0NC5kaz47dGFnPTAwLTk0JXMALTE3MDFiNmFiLTEzOTM1YzgzNA0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjtyYWNlaXZlZD04MC4yMzAuMjE5cjcwO3Jwb3J0PTUwNjA7YnJhbmNoPXo5SEc0YktucDYxMDAxODczLTQzYmViWWE1MTkyLjE2OC4xLjINCldXVy1BdXRoZW50aWNhdGU6IERpZ2VzdCByZWFsbT0ic2lwLmN5YmVyY2l0eS5kayIsbm9mY2U9IjE3MDFiNjliNDdiNTFjNmQ2NmM5ZTQ1MDNjNjc5YzIiLG9wYXF1ZT0iMTcwMWExMzUxZjcwNzk1IixzdGFsZT1mYWxzZSxhbGdvcml0aG30TUQ1DQpDb250ZW50Lf5lbmd0aDogMA0KDQo="}
@@ -1197,7 +1197,7 @@
00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":444,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470492042418,"flow_src_last_pkt_time":1120470492042418,"flow_dst_last_pkt_time":1120470492042418,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470492042418,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"192.168.1.1","src_port":2791,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":444,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":171,"flow_packet_id":1,"flow_src_last_pkt_time":1120470492042418,"flow_dst_last_pkt_time":1120470492042418,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470492042418,"pkt":"ADBUADRWAODtAW69CABFAABIa2oAAIARS+fAqAE1wKgBAQrnADUANKbygusBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
01017{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":444,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470492042418,"flow_src_last_pkt_time":1120470492042418,"flow_dst_last_pkt_time":1120470492042418,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470492042418,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"192.168.1.1","src_port":2791,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
00219{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":445,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_usec":1120470494045299}
00319{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470494045299,"packet_id":445,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_usec":1120470494045299}
00402{"packet_event_id":1,"packet_event_name":"packet","packet_id":445,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_usec":1120470492042418,"pkt":"ADBUADRWAODtAW69CABFAABIayVzAIARS+bAqAECwKgBAQrnADUANKbygusBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":446,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470494127462,"flow_src_last_pkt_time":1120470494127462,"flow_dst_last_pkt_time":1120470494127462,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470494127462,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.194.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":446,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":1,"flow_src_last_pkt_time":1120470494127462,"flow_dst_last_pkt_time":1120470494127462,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1120470494127462,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABOa2wAAIARSuHAqAECwMIB\/wCJAIkAOltkhTcBEAABAAAAAAAAIEVGRURFSkZQRUVFUEVORUJFSkVPQ0FDQUNBQ0FDQUJNAAAgAAE="}
@@ -1233,7 +1233,7 @@
00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":452,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470509449334,"flow_src_last_pkt_time":1120470509449334,"flow_dst_last_pkt_time":1120470509449334,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470509449334,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"240.168.1.2","src_port":53,"dst_port":2792,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00593{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":452,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":1,"flow_src_last_pkt_time":1120470509449334,"flow_dst_last_pkt_time":1120470509449334,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_usec":1120470509449334,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEB8KgBAgA1CugAR8ZmQOyAAABkAAEAAAAAATEBMAEwAzEyNwdpbi1hGmRyBGFycGEAAFcAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"}
01133{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":452,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470509449334,"flow_src_last_pkt_time":1120470509449334,"flow_dst_last_pkt_time":1120470509449334,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470509449334,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"240.168.1.2","src_port":53,"dst_port":2792,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-a?dr.arpa","dns": {"num_queries":100,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
00220{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":454,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":498,"global_ts_usec":1120470509599796}
00320{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470509599796,"packet_id":454,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":498,"global_ts_usec":1120470509599796}
01000{"packet_event_id":1,"packet_event_name":"packet","packet_id":454,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":532,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":532,"pkt_l4_len":0,"thread_ts_usec":1120470509450894,"pkt":"AODtAW69ADBUADRWCABFAEMGAABAADcRiifU8iEjwKgBAhPEE8QB8vKXU0lQLzIuMCA0MDEgbm9uY2UgaGFzIGNoYW5nZWQNCkNhbGwtSUQ6IDU3ODIyMjcyOS00NjY1ZDc3NUA1NzgyMjI3MzItNDY2NWQ3NzINCkNTZXE6IDc5IFJFR0lTVEVSDQpGcm9tOiA8c2lwOjM1MTA0NzIzQHNpcC5jeWJlcmNpdHkuZGs+O3RhZz0zNzBkOGU1DQpUbzogPHNpcDozNTEwNDcyM2pzaXAuY3liZSljaXR5LmRrPjt0YWc9MDAtMDQwODMtMTcwMWI2ZGQtMDUxZjVkYzMxDQpWaWE6IFNJUC8yLjAvVURQIDE5Mi4xNo4uMS4yO3JlY2VpdmVkPTgwLjIzMC4yMTUuNzA7cnBvcnQ9NTA2MDticmFuY2g9ejloRzRiS25wNTc3MjYxOTctNDg0MWM3Y2QxOTIuMTY4LjEuMvQKV1dXLUF1dGhlbnRpY2F0ZTogRGlnZXN0IHJlYWxtPSJzaXAuY3lzZXJjaXR5LmRrIixub25jZT0iMTcwMWI2Y2MxY2JjOTBkMzI4ZmUxZjFhMzFhMmM0ZSIsb3BhcXVlPSIxNzAxYTEzNTFmNzA3OTUiLHN0YWxlPWZhbHNlLGFsZ29yaXRobT1NRDUNCkNvbnRlbnQtTGVuZ3RoOiAwDQoNCg=="}
00738{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":455,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470187656855,"flow_src_last_pkt_time":1120470187656855,"flow_dst_last_pkt_time":1120470440137922,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":71,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":71,"flow_dst_max_l4_payload_len":52,"flow_src_tot_l4_payload_len":71,"flow_dst_tot_l4_payload_len":52,"midstream":0,"thread_ts_usec":1120470509450894,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","l4_proto":37,"flow_datalink":1,"flow_max_packets":3}
00775{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":455,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470456286438,"flow_src_last_pkt_time":1120470456286438,"flow_dst_last_pkt_time":1120470456286438,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":485,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":485,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":485,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470509450894,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":9587,"dst_port":196,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -1309,7 +1309,7 @@
01031{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":461,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470509449334,"flow_src_last_pkt_time":1120470509449334,"flow_dst_last_pkt_time":1120470509449334,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470590283652,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"240.168.1.2","src_port":53,"dst_port":2792,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00773{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":461,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470447197884,"flow_src_last_pkt_time":1120470447197884,"flow_dst_last_pkt_time":1120470447197884,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470590283652,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":35721,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00742{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":461,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470114910372,"flow_src_last_pkt_time":1120470114910372,"flow_dst_last_pkt_time":1120470114910372,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":383,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":383,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":383,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470590283652,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","l4_proto":118,"flow_datalink":1,"flow_max_packets":3}
00219{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":461,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":58,"global_ts_usec":1120470636050780}
00319{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470636050780,"packet_id":461,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":58,"global_ts_usec":1120470636050780}
00419{"packet_event_id":1,"packet_event_name":"packet","packet_id":461,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":92,"pkt_l4_len":0,"thread_ts_usec":1120470590283652,"pkt":"\/\/\/\/\/\/\/\/AODtAW5LCABFAJxOa4EAAIARSszAqAECwKgB\/wCJAIkAOltZhUIBEAABAAAAAAAAIEVGRURFSkZQRUVFUEVORUJFTkVPYkFDQUNBekFDQUJNAAAgAAE="}
00817{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":464,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470456286438,"flow_src_last_pkt_time":1120470456286438,"flow_dst_last_pkt_time":1120470456286438,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":485,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":485,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":485,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470637551625,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":9587,"dst_port":196,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","encrypted":0,"breed":"Unrated"}}
00773{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":464,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470456286438,"flow_src_last_pkt_time":1120470456286438,"flow_dst_last_pkt_time":1120470456286438,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":485,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":485,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":485,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470637551625,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":9587,"dst_port":196,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -1365,7 +1365,7 @@
00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":470,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":2,"flow_src_last_pkt_time":1120470662812917,"flow_dst_last_pkt_time":1120470658556995,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1120470662812917,"pkt":"\/\/\/\/\/\/\/\/AGCXD+5yCABFAABOXMUAAIARWWHAqAEpwKgB\/wCJAIkAOGggkVIBEAABAAAAAAAAIEZIRVBGQ0VMRUhGQ0VQRkZGQUM1Q0FDQUNBQ0FDQUJMAAAgAAE="}
00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":471,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":3,"flow_src_last_pkt_time":1120470663563918,"flow_dst_last_pkt_time":1120470658556995,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1120470663563918,"pkt":"\/\/\/\/\/\/\/\/AGCXD+5yCABFAABOXMYAAIARWWDAqAEpwKgB\/wCJAIkAOmggkVIBEAABAAAAAAAAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJMAAAgAAE="}
00751{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":472,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":180,"flow_packet_id":3,"flow_src_last_pkt_time":1120470666317940,"flow_dst_last_pkt_time":1120470657808784,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_usec":1120470666317940,"pkt":"\/\/\/\/\/\/\/\/AGCXD+5yCABFAADKXMcAAIARWOPAqAEpwKgB\/wCKAIoAtl+rEQKRU8CoASkAigCgAAAgRU1FQkVDREJEQkRCQ0FDQUNBQ0FDQUNBQ0FDQUNBQUEQIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAABMAAAAAAAAAAAAEQAABgAAQAAAAAAAAOgDAAAAAAAAAAAGAFYAAwABAAEAAgAXAFxNQUlMU0xPVFxCUk9XU0UACQTYAM8A"}
00219{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":474,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":58,"global_ts_usec":1120470667069086}
00319{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470667069086,"packet_id":474,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":58,"global_ts_usec":1120470667069086}
00419{"packet_event_id":1,"packet_event_name":"packet","packet_id":474,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":92,"pkt_l4_len":0,"thread_ts_usec":1120470666318071,"pkt":"\/\/\/\/\/\/\/\/AGCXD+5yCABFAFJOXMkAAIARWV3A6AEpwKgB\/wCJAIkAOmgdkVUBEAABAAAAAAAAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJMAAAgAAE="}
00768{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":475,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1120470457512769,"flow_src_last_pkt_time":1120470465524315,"flow_dst_last_pkt_time":1120470457512769,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470666318071,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2787,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00767{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":475,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470473526171,"flow_src_last_pkt_time":1120470473526171,"flow_dst_last_pkt_time":1120470473526171,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470666318071,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2788,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -1422,7 +1422,7 @@
01005{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":490,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470764674629,"flow_src_last_pkt_time":1120470764674629,"flow_dst_last_pkt_time":1120470764674629,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470764674629,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2793,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"re-.sippstar.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":491,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":2,"flow_src_last_pkt_time":1120470765675908,"flow_dst_last_pkt_time":1120470764674629,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1120470765675908,"pkt":"AEtUADRWAODtAW69CABFAAA+a5AAAIARS8vAqAECwKgBAQrpADUAKoUz6OwBAAABAAAAAAAAA3JlZwhzaXC6c3RhcgNjb20AAAEAAQ=="}
01013{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":491,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120470764674629,"flow_src_last_pkt_time":1120470765675908,"flow_dst_last_pkt_time":1120470764674629,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470765675908,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2793,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"reg.sip?star.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
00219{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":492,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":42,"global_ts_usec":1120470767678785}
00319{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470767678785,"packet_id":492,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":42,"global_ts_usec":1120470767678785}
00390{"packet_event_id":1,"packet_event_name":"packet","packet_id":492,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":76,"pkt_l4_len":0,"thread_ts_usec":1120470765675908,"pkt":"ADBUADRWAODtAW69CABFAAA+a5EABGQRS8rAqAECwKgBAQrpADUAKoUz6OwBAAABAAAAAAAAA3JlZwhzaXBwc3RhcgNjb20AAAEAAQ=="}
00682{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":493,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":3,"flow_src_last_pkt_time":1120470765675908,"flow_dst_last_pkt_time":1120470768028248,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":169,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":169,"pkt_l4_len":135,"thread_ts_usec":1120470768028248,"pkt":"AODtAW69ADBUADRWCABFAACbAABAAGcRtv7AqAEBwKgBAgA1CukAh65F6OyBgAABAAEAAgACA3JlZwhzaXBwc3RhcgNjb20AAAEAAcAMAAEAAQAAAlgABFJi0SfAEAACAAEAAAJYAA8CbnMGaHNwZWVkA25ldADAEAACAAEAAAJYAAYDbnMzwEHAPgABAAEAAAUPAAQ+XcA7wFkAAQABAAAFDwAE1d1SAg=="}
01022{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":493,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1120470764674629,"flow_src_last_pkt_time":1120470765675908,"flow_dst_last_pkt_time":1120470768028248,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":127,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":127,"midstream":0,"thread_ts_usec":1120470768028248,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2793,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"reg.sippstar.com","dns": {"num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"82.98.209.39"}}}
@@ -1449,7 +1449,7 @@
00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":499,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":2,"flow_src_last_pkt_time":1120470776050861,"flow_dst_last_pkt_time":1120470775049884,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1120470776050861,"pkt":"ADBUADRWAODtAW69CABFAAA+a20AAIARS8bAqAECwKgBAQrrADUAKvLQ4u8BAAABAAAAAAAAA3NpcAljeWJlcmNpdHkCZGsAAAEAAQ=="}
00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":500,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":2,"flow_src_last_pkt_time":1120470777132420,"flow_dst_last_pkt_time":1120470775129513,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1120470777132420,"pkt":"ADBUADRWAODtAW69CABFAAA+a5YAAIARS8XAqAECwKgBAQrqADUAKnjTXO4BAAABAAAAAAAQA3NpcAljeWJlcmNpdHkCZGsAAAEAAQ=="}
00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":501,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":3,"flow_src_last_pkt_time":1120470778053706,"flow_dst_last_pkt_time":1120470775049884,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1120470778053706,"pkt":"ADBUADRWAODtAW69CABFAAA+a5cAAIARS8TAqAECwKgBAQrrADUAKvLQ4m8BAAABAAAAAAAAA3NpcAljeWJlcmNpdHkCZGsAAAEAAQ=="}
00219{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":502,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":42,"global_ts_usec":1120470779135266}
00319{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470779135266,"packet_id":502,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":42,"global_ts_usec":1120470779135266}
00390{"packet_event_id":1,"packet_event_name":"packet","packet_id":502,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":76,"pkt_l4_len":0,"thread_ts_usec":1120470778053706,"pkt":"ADBUADRWAODtAW69CABFAAA+ayVzAIARS8PAqAECwKgBAQrqADUAKnjTXO4BAAABAAAABAAAA3NpcAljeWJlcmNpdHkCZGsAAAEAAQ=="}
01022{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":503,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1120470775049884,"flow_src_last_pkt_time":1120470778053706,"flow_dst_last_pkt_time":1120470779408031,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":86,"flow_src_tot_l4_payload_len":102,"flow_dst_tot_l4_payload_len":86,"midstream":0,"thread_ts_usec":1120470779408031,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2795,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"sip.cybercity.dk","dns": {"num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"212.242.33.35"}}}
00625{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":504,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":3,"flow_src_last_pkt_time":1120470777132420,"flow_dst_last_pkt_time":1120470779409951,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"thread_ts_usec":1120470779409951,"pkt":"ACjtAW69ADBUADRWCABFAAByAABAAEARtyfAqAEBwKgBAgA1CuoAXlCmXO6BgAABAAEAAgAAA3NpcAljeWJlcmNpdHkCZGsAAAECAcAMAAEAAQAAASwABNTyISPAEAACAAEAAAEsAAYDbnMywBDAEAACAAEAAAEsAAYDbnMxwBA="}
@@ -1463,7 +1463,7 @@
00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":508,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":1,"flow_src_last_pkt_time":1120470781608802,"flow_dst_last_pkt_time":1120470781608802,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1120470781608802,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABOa5wAAIARSrHAqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":510,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":3,"flow_src_last_pkt_time":1120470782692043,"flow_dst_last_pkt_time":1120470779487018,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470782692043,"pkt":"ADBUADRWAODtAW69CABFAABIa54AAIARS7PAqAECwKgBAQrsADUANNbHUxEBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
01145{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":510,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470779487018,"flow_src_last_pkt_time":1120470782692043,"flow_dst_last_pkt_time":1120470779487018,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470782692043,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2796,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
00219{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":511,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_usec":1120470784796360}
00319{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470784796360,"packet_id":511,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_usec":1120470784796360}
00402{"packet_event_id":1,"packet_event_name":"packet","packet_id":511,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_usec":1120470782692043,"pkt":"ADBUADRWAODtAW69CABFAAB6a58AAIARS7LAqAECwKgBAQrsADUANNbHUxEBAAABAAAAAAAAJF9zaXAEX3VkcANzaXAJeXliZXJjaXR5AmRrAAAhAAE="}
00918{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":512,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":57,"flow_dst_packets_processed":0,"flow_first_seen":1120469540839312,"flow_src_last_pkt_time":1120470782359884,"flow_dst_last_pkt_time":1120469540839312,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2842,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470782692043,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
00917{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":512,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470685610738,"flow_src_last_pkt_time":1120470685610738,"flow_dst_last_pkt_time":1120470685610738,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470782692043,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
@@ -1479,7 +1479,7 @@
00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":516,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470796941095,"flow_src_last_pkt_time":1120470796941095,"flow_dst_last_pkt_time":1120470796941095,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":482,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":482,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":482,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470796941095,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01155{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":516,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":198,"flow_packet_id":1,"flow_src_last_pkt_time":1120470796941095,"flow_dst_last_pkt_time":1120470796941095,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":524,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":524,"pkt_l4_len":490,"thread_ts_usec":1120470796941095,"pkt":"AODtAW69ADBUADRWCABFAAH+AABAADcRii\/U8iEjwKgBAhPEE8QB6uoyU0lQLzIuMCA0MDEgVW5hdXRob3JpemVkDQpDYWxsLUlEOiAyOTg1ODE0Ny00NjViMDc1MkAyOTg1ODA1MS00NjViMDdiMg0KQ1NlcTogMSBSRUdJU1RFUg0KRnJvbTogPHNpcDozNTEwNDcyM0BzaXAuY3liZXJjaXR5LmRrPjt0YWc9MWI4OWJjZA0KVG86IDxzaXA6MzUxMDQ3MjNAc2lwLmN5YmVyY2l0eS5kaz47dGFnPTAwLTA0MDcyLTE3MDFiOTQxLTc3OTk0NTg0Mw0iVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjtyZWNlaXZlZD04MC4yMzAuMjE5LjcwO3Jwb3J0PTUwNjA7YnJhbmPYPWM5aEc0YktucCVzADc0Njg2LTQ1NWRiYmQ5MTkyLjE2OC4xLjINCldXYy1BdXRoZW50aWNhdGU6IERpZ2VzdCByZWFsbT0ic2lwLmN5YmVyY2l0eS5kayIsbm9uY2U9IjE3MDFiOTMzM2U4NzEzMmUxZjc0N2M1MDcyNjNkOTMiLG9wYXF1ZT0iMTcwMWExMzUxZjcwNzk1IixzdGFsZT1mYWxzZSxhbGdvcml0aG09TUQ1DQpDb250ZW50LUxlbmd0aDogMA0KDQo="}
00876{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":516,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470796941095,"flow_src_last_pkt_time":1120470796941095,"flow_dst_last_pkt_time":1120470796941095,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":482,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":482,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":482,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470796941095,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
00219{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":517,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_usec":1120470797172479}
00319{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470797172479,"packet_id":517,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_usec":1120470797172479}
00402{"packet_event_id":1,"packet_event_name":"packet","packet_id":517,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_usec":1120470796941095,"pkt":"ADBUADRWAODtAW69CABFAACBa6MAAIARSyVzAAECwKgBAQruADUANPLDNxMBAAABAAAAAAAABF9zaXAEX3VkcANzaXB0Y3liZXJjaXR5AmRrAAAhAAE="}
00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":518,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470798172728,"flow_src_last_pkt_time":1120470798172728,"flow_dst_last_pkt_time":1120470798172728,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470798172728,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2798,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":518,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":199,"flow_packet_id":1,"flow_src_last_pkt_time":1120470798172728,"flow_dst_last_pkt_time":1120470798172728,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470798172728,"pkt":"ADBUABRUAODtAW69CABFAABIa6QAAIARS63AqAECwKgBAQruADUANPLDNxMBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
@@ -1489,7 +1489,7 @@
00737{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":519,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470301328331,"flow_src_last_pkt_time":1120470301328331,"flow_dst_last_pkt_time":1120470301328331,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470798172728,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","l4_proto":127,"flow_datalink":1,"flow_max_packets":3}
00746{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":519,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1120469635127552,"flow_src_last_pkt_time":1120470796804243,"flow_dst_last_pkt_time":1120469635127552,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":13,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":474,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":601,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470798172728,"l3_proto":"ip4","src_ip":"170.170.170.170","dst_ip":"170.170.170.170","l4_proto":170,"flow_datalink":1,"flow_max_packets":3}
00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":519,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":199,"flow_packet_id":2,"flow_src_last_pkt_time":1120470800175618,"flow_dst_last_pkt_time":1120470798172728,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470800175618,"pkt":"ADBUADRWAODtAW69CABFAABIa6UAAIARS6zAqAECwKgBAQruADUANPLDNxMBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00201{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":520,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":2167,"global_ts_usec":1120470802178510}
00301{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470802178510,"packet_id":520,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":2167,"global_ts_usec":1120470802178510}
00402{"packet_event_id":1,"packet_event_name":"packet","packet_id":520,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2167,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_usec":1120470800175618,"pkt":"ADBUADRWAODtAW69CHdFAABIa6YAAIARS6vAqAECwKgBAQruADUANPLDNxMBAAABAAAAAAAABF9zaXAEXyVzAANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":521,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":199,"flow_packet_id":3,"flow_src_last_pkt_time":1120470806184239,"flow_dst_last_pkt_time":1120470798172728,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470806184239,"pkt":"ADBUADRWAODtAW69CABFAABIa6cAAIARS6rAqAECwKgBAQruADUANPLDNxMBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":522,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470814186350,"flow_src_last_pkt_time":1120470814186350,"flow_dst_last_pkt_time":1120470814186350,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470814186350,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2799,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -1508,7 +1508,7 @@
00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":529,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":3,"flow_src_last_pkt_time":1120470817390327,"flow_dst_last_pkt_time":1120470814334275,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470817390327,"pkt":"ADBUADRWAODtAW69CABFAABIa6wAAIARS6XAqAECwKgBAQrwADUANDG\/+BUBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00763{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":530,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470819393226,"flow_src_last_pkt_time":1120470819393226,"flow_dst_last_pkt_time":1120470819393226,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":9,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":9,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":9,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470819393226,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2800,"dst_port":21,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":530,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":203,"flow_packet_id":1,"flow_src_last_pkt_time":1120470819393226,"flow_dst_last_pkt_time":1120470819393226,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":17,"thread_ts_usec":1120470819393226,"pkt":"ADBUADRWAODtAW69CABFAAAlcwAAAIARS6TAqAECwKgBAQrwABUANDG\/+BUBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3libXJjaXR5AmRrAAAhAAE="}
00201{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":531,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":9587,"global_ts_usec":1120470823399176}
00301{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470823399176,"packet_id":531,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":9587,"global_ts_usec":1120470823399176}
00403{"packet_event_id":1,"packet_event_name":"packet","packet_id":531,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":9587,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_usec":1120470819393226,"pkt":"ADBUADRWAODtAW69JXMAAABIa64AAIARS6PAqAECwKgBAQrwADUANDG\/+BUBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00738{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":532,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470187656855,"flow_src_last_pkt_time":1120470187656855,"flow_dst_last_pkt_time":1120470440137922,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":71,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":71,"flow_dst_max_l4_payload_len":52,"flow_src_tot_l4_payload_len":71,"flow_dst_tot_l4_payload_len":52,"midstream":0,"thread_ts_usec":1120470819393226,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","l4_proto":37,"flow_datalink":1,"flow_max_packets":3}
00918{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":532,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470717078746,"flow_src_last_pkt_time":1120470717078746,"flow_dst_last_pkt_time":1120470717080389,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":548,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":548,"midstream":0,"thread_ts_usec":1120470819393226,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
@@ -1555,7 +1555,7 @@
00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":549,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470848643645,"flow_src_last_pkt_time":1120470848643645,"flow_dst_last_pkt_time":1120470848643645,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470848643645,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2804,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":549,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":210,"flow_packet_id":1,"flow_src_last_pkt_time":1120470848643645,"flow_dst_last_pkt_time":1120470848643645,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470848643645,"pkt":"ADBUADRWAODtAW69CABFAABIW7sAAIARS5bAqAECwKgBAQr0ADUANOq3PxkBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
01016{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":549,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470848643645,"flow_src_last_pkt_time":1120470848643645,"flow_dst_last_pkt_time":1120470848643645,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470848643645,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2804,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
00199{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":1,"packet_id":551,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","protocol":2048,"global_ts_usec":1120470848686860}
00299{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470848686860,"packet_id":551,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","protocol":2048,"global_ts_usec":1120470848686860}
00801{"packet_event_id":1,"packet_event_name":"packet","packet_id":551,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":382,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":382,"pkt_l4_len":0,"thread_ts_usec":1120470848682926,"pkt":"ADBUADRWAODtAW69CAA\/AAFwa7wAAIARFgHAeQEC1PIhIxPEE8QBXMMEQUNLIHNpcDowMDk3MjM5Mjg3MDQ0QHNpcC5jeWJlcmNpdHkuZGsgU0lQLzIuMA0KRnJvbTogImFyaWsiIDxzaXA6MzUxMDQ3MjNAc2lwLmN5YmVyY2l0eS5kaz47dGFnPTE3NWExZGQNbENhbGwtSUQ6IDI0NDg3MzkxLTQ0OWJmMmEwQDE5Mi4xNjguMS4yDQpWaWE6IFNJUC8yLjAvVURQIDE5Mi4xNjguMS4yOjUwNjA7YnJhbmNoPXo5aEc0YktucDI0NDY2NDAyLTQ1ZGM2MWQ1MTkyLjE2OC4xLjI7cnBvcnQNClRvOiA8c2lwOjAwOTcyMzkyODcwNDRAc2lwLmN5YmVyY2l0eS5kaz47dGFnPTBMLTA0JXMALTE3MDFiOWEwLTEzYzkyYTY3Mg0KQ1NlcTogMSBBQ0sNCkNvbnRlbnQtTGVuZ3RoOiAwDQoNCg=="}
00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":552,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":210,"flow_packet_id":2,"flow_src_last_pkt_time":1120470849636660,"flow_dst_last_pkt_time":1120470848643645,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470849636660,"pkt":"ADBUADRWAODtAW69CABFAABIa70AAIARS5TAqAECwKgBAQr0ADUANOq3JXMAAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJj6XR5AmRrAAAhAAE="}
01024{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":552,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120470848643645,"flow_src_last_pkt_time":1120470849636660,"flow_dst_last_pkt_time":1120470848643645,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470849636660,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2804,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cyberc?ty.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
@@ -1568,9 +1568,9 @@
00770{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":553,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470798172728,"flow_src_last_pkt_time":1120470806184239,"flow_dst_last_pkt_time":1120470798172728,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470849636660,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2798,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":553,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":210,"flow_packet_id":3,"flow_src_last_pkt_time":1120470851639615,"flow_dst_last_pkt_time":1120470848643645,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470851639615,"pkt":"ADBUADRWAODtAW69CABFAABIa74AAIARS5PAqAECwKgBAQr0ADUANOq3PxkBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
01025{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":553,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470848643645,"flow_src_last_pkt_time":1120470851639615,"flow_dst_last_pkt_time":1120470848643645,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470851639615,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2804,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
00201{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":554,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":2136,"global_ts_usec":1120470853642421}
00301{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470853642421,"packet_id":554,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":2136,"global_ts_usec":1120470853642421}
00402{"packet_event_id":1,"packet_event_name":"packet","packet_id":554,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2136,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_usec":1120470851639615,"pkt":"ADBUADRWAODtAW69CFhFAABIa78AAIARS5LAqAECwKgBAQr0ADUANOq3PxkBAAABAAAAAAAABF9zaXAET3VkcANzaXAJY3liZXJjaXR5AuRrAFchAAE="}
00219{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":555,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_usec":1120470857648279}
00319{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":3,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470857648279,"packet_id":555,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_usec":1120470857648279}
00402{"packet_event_id":1,"packet_event_name":"packet","packet_id":555,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_usec":1120470851639615,"pkt":"ADBUADRWAODtAW69CABFAABJa8QAAIARS43AqAECwKgBAQr0ADUANOq3PxkBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00917{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":556,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470670573723,"flow_src_last_pkt_time":1120470670573723,"flow_dst_last_pkt_time":1120470670573723,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470851639615,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.37.115","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":556,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470865650089,"flow_src_last_pkt_time":1120470865650089,"flow_dst_last_pkt_time":1120470865650089,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470865650089,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2805,"dst_port":51,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -1599,7 +1599,7 @@
00769{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":565,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470814186350,"flow_src_last_pkt_time":1120470814186350,"flow_dst_last_pkt_time":1120470814186350,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470874723383,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2799,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00913{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":565,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470814187906,"flow_src_last_pkt_time":1120470814187906,"flow_dst_last_pkt_time":1120470814187906,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470874723383,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.119.2","src_port":53,"dst_port":2799,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00770{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":565,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470814334275,"flow_src_last_pkt_time":1120470817390327,"flow_dst_last_pkt_time":1120470814334275,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470874723383,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2800,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00201{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":568,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":2056,"global_ts_usec":1120470882724943}
00301{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470882724943,"packet_id":568,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":2056,"global_ts_usec":1120470882724943}
00398{"packet_event_id":1,"packet_event_name":"packet","packet_id":568,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":82,"pkt_type":2056,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":82,"pkt_l4_len":0,"thread_ts_usec":1120470877496686,"pkt":"ADBUADRWAODtAW69CAhFAABEa88AAIARS4bCqAECwKgBAQr3ADUAMHGrsxwAAAABAAAAqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":569,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470882726443,"flow_src_last_pkt_time":1120470882726443,"flow_dst_last_pkt_time":1120470882726443,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470882726443,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2807,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00593{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":569,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":214,"flow_packet_id":1,"flow_src_last_pkt_time":1120470882726443,"flow_dst_last_pkt_time":1120470882726443,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_usec":1120470882726443,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1CvcAR1QnsxyAAAABAAEAAAAAASVzAAEwAzEyNwdpbi1hZGRyBGF2cGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"}
@@ -1621,7 +1621,7 @@
00771{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":574,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470788806482,"flow_src_last_pkt_time":1120470788806482,"flow_dst_last_pkt_time":1120470788806482,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470885848866,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.129","src_port":2796,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01033{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":574,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470831400867,"flow_src_last_pkt_time":1120470831400867,"flow_dst_last_pkt_time":1120470831402371,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470885848866,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2801,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00770{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":574,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470832512194,"flow_src_last_pkt_time":1120470840523569,"flow_dst_last_pkt_time":1120470832512194,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470885848866,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2802,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00202{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":574,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43392,"global_ts_usec":1120470887851669}
00302{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470887851669,"packet_id":574,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43392,"global_ts_usec":1120470887851669}
00404{"packet_event_id":1,"packet_event_name":"packet","packet_id":574,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":43392,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_usec":1120470885848866,"pkt":"ADBUADRWAODtAW69qYBFAABI\/dQAAIARS33AqAECwKgBAXP4ADUAND6u6x4BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaWJ5AmRrAAAhAAE="}
00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":575,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470891857378,"flow_src_last_pkt_time":1120470891857378,"flow_dst_last_pkt_time":1120470891857378,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470891857378,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":19192,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":575,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":217,"flow_packet_id":1,"flow_src_last_pkt_time":1120470891857378,"flow_dst_last_pkt_time":1120470891857378,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470891857378,"pkt":"ADBUADRWAODtAW69CABFAABIa1YAAIARS3zAqAECwKgBAUr4ADUAND6u6x4BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
@@ -1661,9 +1661,9 @@
00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":590,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470916875212,"flow_src_last_pkt_time":1120470916875212,"flow_dst_last_pkt_time":1120470916875212,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470916875212,"l3_proto":"ip4","src_ip":"192.168.233.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2811,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00593{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":590,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":224,"flow_packet_id":1,"flow_src_last_pkt_time":1120470916875212,"flow_dst_last_pkt_time":1120470916875212,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_usec":1120470916875212,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqOkBwKgBAgA1CvsAR689eAKAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
01013{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":590,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470916875212,"flow_src_last_pkt_time":1120470916875212,"flow_dst_last_pkt_time":1120470916875212,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470916875212,"l3_proto":"ip4","src_ip":"192.168.233.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2811,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-addr.arpa","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
00202{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":591,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_usec":1120470916876463}
00302{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470916876463,"packet_id":591,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_usec":1120470916876463}
00351{"packet_event_id":1,"packet_event_name":"packet","packet_id":591,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":47,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":47,"pkt_l4_len":0,"thread_ts_usec":1120470916875212,"pkt":"ADBUADRWAODtAaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00201{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":592,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":3072,"global_ts_usec":1120470923515411}
00301{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470923515411,"packet_id":592,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":3072,"global_ts_usec":1120470923515411}
00419{"packet_event_id":1,"packet_event_name":"packet","packet_id":592,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":92,"pkt_type":3072,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":92,"pkt_l4_len":0,"thread_ts_usec":1120470916875212,"pkt":"\/\/\/\/\/\/\/\/AODtAW4zDABFAABOa+AAAIARSm3AqAECwKgB\/wCJAIkAOltBhVoBEAABAAAAAAAAIEVGRURFSkZQRUVFUEVORUJFSkVPQ0FDQUNBQ0FDQUJNAAAgAAE="}
00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":593,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470924263958,"flow_src_last_pkt_time":1120470924263958,"flow_dst_last_pkt_time":1120470924263958,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470924263958,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":905,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":593,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":225,"flow_packet_id":1,"flow_src_last_pkt_time":1120470924263958,"flow_dst_last_pkt_time":1120470924263958,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1120470924263958,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABOa+EAAIARSmzAqAECwKgB\/wCJA4kAOltBhVoBEAABAAAAAAAAIEVGRURFSkZQRUVFUEVORUJFSkVIQ0FDQUNBQ0FDQUJNAAAgAAE="}
@@ -1683,7 +1683,7 @@
00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":596,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":2,"flow_src_last_pkt_time":1120470950421611,"flow_dst_last_pkt_time":1120470949427890,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470950421611,"pkt":"ADBUADRWAODtAW49CABFAABIa+QAAIARS23AqAECwKgBAQr8ADUANNjGUZgBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
01024{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":596,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120470949427890,"flow_src_last_pkt_time":1120470950421611,"flow_dst_last_pkt_time":1120470949427890,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470950421611,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2812,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":597,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":3,"flow_src_last_pkt_time":1120470952424495,"flow_dst_last_pkt_time":1120470949427890,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470952424495,"pkt":"ADBUADRWAODtAW69CABFAABIa+UAAIARS2zAqAECwKgBAQr8ADUANNjGUQIBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00219{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":598,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_usec":1120470954427379}
00319{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470954427379,"packet_id":598,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_usec":1120470954427379}
00402{"packet_event_id":1,"packet_event_name":"packet","packet_id":598,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_usec":1120470952424495,"pkt":"ADBUADRWAODtAW69CABFAABIa+YAEIARS6qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00913{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":600,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1120470764674629,"flow_src_last_pkt_time":1120470765675908,"flow_dst_last_pkt_time":1120470768028248,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":127,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":127,"midstream":0,"thread_ts_usec":1120470958433169,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2793,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00769{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":600,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470774132541,"flow_src_last_pkt_time":1120470774132541,"flow_dst_last_pkt_time":1120470774132541,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470958433169,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.108.1","src_port":2794,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -1717,23 +1717,23 @@
00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":600,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470966440815,"flow_src_last_pkt_time":1120470966440815,"flow_dst_last_pkt_time":1120470966440815,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470966440815,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2813,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":600,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":1,"flow_src_last_pkt_time":1120470966440815,"flow_dst_last_pkt_time":1120470966440815,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1120470966440815,"pkt":"ADBUADRWAODtAW69CABFAABEa+gAAIARS23AqAECwKgBAQr9ADUAMIS+oAMAAAABAAAAAAAAATEBMAEwEzEyNwdpbi1hZGByBGFycGEAAAwAAQ=="}
01135{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":600,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470966440815,"flow_src_last_pkt_time":1120470966440815,"flow_dst_last_pkt_time":1120470966440815,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470966440815,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2813,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127?in-ad_r?arpa???","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
00219{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":601,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":71,"global_ts_usec":1120470966442326}
00319{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470966442326,"packet_id":601,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":71,"global_ts_usec":1120470966442326}
00428{"packet_event_id":1,"packet_event_name":"packet","packet_id":601,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":105,"pkt_l4_len":0,"thread_ts_usec":1120470966440815,"pkt":"AJrtBW69ADBUADRWCABFAJFbeQBAAEARtz7AqAEBwKgBAgA1Cv0AR2c6oAOAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGTyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"}
00220{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":602,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":822,"global_ts_usec":1120470966443914}
00320{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470966443914,"packet_id":602,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":822,"global_ts_usec":1120470966443914}
01433{"packet_event_id":1,"packet_event_name":"packet","packet_id":602,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":856,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":856,"pkt_l4_len":0,"thread_ts_usec":1120470966440815,"pkt":"ADBUADRWAODtAW69CABFAGtKa+kAAIARE\/rAqAEC1PIhIxPEE8QDNtslSU5WSVRFIHNpcDozNTEwNDcyNEBzaXAuY3liZXJraXR5LmRrIFNJUC8yLjANClZpYbcgU0lQLzIuMC9VRFAgMY4yLjE2OC4xLjI6NTA2MDticmFuY2g9ejloRzRiS25wMTE4ODgyOTgtNDQ4ZTM3NzcxOaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":605,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470966852771,"flow_src_last_pkt_time":1120470966852771,"flow_dst_last_pkt_time":1120470966852771,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470966852771,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2814,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":605,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":228,"flow_packet_id":1,"flow_src_last_pkt_time":1120470966852771,"flow_dst_last_pkt_time":1120470966852771,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470966852771,"pkt":"ADBUADR2AODtAW69CABFAABIa+sAAIARS2bAqAECwKgBAQr+ADUANOrBPwUBAAABAAAAAAAABF9zaXAEX3VkcAJzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
01110{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":605,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470966852771,"flow_src_last_pkt_time":1120470966852771,"flow_dst_last_pkt_time":1120470966852771,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470966852771,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2814,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
00219{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":606,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_usec":1120470967846650}
00319{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":3,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470967846650,"packet_id":606,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_usec":1120470967846650}
00402{"packet_event_id":1,"packet_event_name":"packet","packet_id":606,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_usec":1120470966852771,"pkt":"ADBUADRWAODtAW69CABFAABIa+yjAIARS2XAqAECwKgBAQr+ADUANOrBPwUBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":607,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":0,"global_ts_usec":1120470969849552}
00298{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":4,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470969849552,"packet_id":607,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":0,"global_ts_usec":1120470969849552}
00399{"packet_event_id":1,"packet_event_name":"packet","packet_id":607,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":0,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_usec":1120470966852771,"pkt":"ADBUADRWAODtASVzAABFAABIa+0AAIARS2TAqAECwKgBAQr+ADUANOrBPwUBAAABAAAAAAAABGRzaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":608,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":0,"global_ts_usec":1120470971072344}
00298{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":5,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470971072344,"packet_id":608,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":0,"global_ts_usec":1120470971072344}
00417{"packet_event_id":1,"packet_event_name":"packet","packet_id":608,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":92,"pkt_type":0,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":92,"pkt_l4_len":0,"thread_ts_usec":1120470966852771,"pkt":"\/\/\/\/\/\/\/\/AODtAW69AABFAABOa+4AAIARSl\/AqAECwKgB\/wCJAIkAOlt8hV8BEAABAAAAAAAAIEVGRW9FSkZQRUVFUEVORUJFSkVPQ0FDQUNBQ0FDQTVNAAAgAAE="}
00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":611,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470971822331,"flow_src_last_pkt_time":1120470971822331,"flow_dst_last_pkt_time":1120470971822331,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470971822331,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.37","src_port":29440,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":611,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":1,"flow_src_last_pkt_time":1120470971822331,"flow_dst_last_pkt_time":1120470971822331,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1120470971822331,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABOa+8AAIARSl7AqAECwKgBJXMAAIkAOls8hV8BEAABAAAAAAAAIUVGRURFSkZQRUVFUEVORUJFSkVPQ0FDQUNBQ0FDQUJNAAAgAAE="}
00891{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":611,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470971822331,"flow_src_last_pkt_time":1120470971822331,"flow_dst_last_pkt_time":1120470971822331,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470971822331,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.37","src_port":29440,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":""}}
00219{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":612,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_usec":1120470971852414}
00319{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":6,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470971852414,"packet_id":612,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_usec":1120470971852414}
00403{"packet_event_id":1,"packet_event_name":"packet","packet_id":612,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_usec":1120470971822331,"pkt":"ADBUADRWAODtAW69CABFAGVIa\/AAAIARS2HAqAECwKgBAQr+ADUANOrBPwUBAAABAAAACAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":614,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":228,"flow_packet_id":2,"flow_src_last_pkt_time":1120470975858171,"flow_dst_last_pkt_time":1120470966852771,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470975858171,"pkt":"ADBUADRWAODtAW69CABFAABIa\/IAAIARS1\/AqAECwKgBAQr+ADUANOrBPwUBAAABAAAAAAAABF9zaWIEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
01144{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":614,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120470966852771,"flow_src_last_pkt_time":1120470975858171,"flow_dst_last_pkt_time":1120470966852771,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470975858171,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2814,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sib._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
@@ -1757,7 +1757,7 @@
00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":615,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470983860327,"flow_src_last_pkt_time":1120470983860327,"flow_dst_last_pkt_time":1120470983860327,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470983860327,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2815,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":615,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":230,"flow_packet_id":1,"flow_src_last_pkt_time":1120470983860327,"flow_dst_last_pkt_time":1120470983860327,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1120470983860327,"pkt":"ADBUADRWAODtAW69CABFAABEa\/cAAIARS17AqAECwKgBAQr\/ADUAMJu6iQWqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
01114{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":615,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470983860327,"flow_src_last_pkt_time":1120470983860327,"flow_dst_last_pkt_time":1120470983860327,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470983860327,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2815,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":170,"num_answers":254,"reply_code":10,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
00219{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":616,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":71,"global_ts_usec":1120470983861836}
00319{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470983861836,"packet_id":616,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":71,"global_ts_usec":1120470983861836}
00428{"packet_event_id":1,"packet_event_name":"packet","packet_id":616,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":105,"pkt_l4_len":0,"thread_ts_usec":1120470983860327,"pkt":"AODtam69ADBUADRWCABFAABLAABcAEARtz7AqAEBhagBAgA1Cv8AR342iQWAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"}
00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":618,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470983999111,"flow_src_last_pkt_time":1120470983999111,"flow_dst_last_pkt_time":1120470983999111,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470983999111,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2816,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":618,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":1,"flow_src_last_pkt_time":1120470983999111,"flow_dst_last_pkt_time":1120470983999111,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470983999111,"pkt":"ADBUADRWAODtAW69CABFAABIa\/kAAIARS1jAqAECwKgBAQsAADUANFW+1AYBAAABAAAAAAAABOxzaXAEX3VkcANzaHAJY3liZXJjaXR5AmRrAAAhAAE="}
@@ -1784,11 +1784,11 @@
00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":632,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470985511036,"flow_src_last_pkt_time":1120470985511036,"flow_dst_last_pkt_time":1120470985511036,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470985511036,"l3_proto":"ip4","src_ip":"81.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00746{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":632,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":237,"flow_packet_id":1,"flow_src_last_pkt_time":1120470985511036,"flow_dst_last_pkt_time":1120470985511036,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1120470985511036,"pkt":"ADBUADRWAODtAb+9CABFAADIbAQAAIARFm9RqAEC1PIhJHUwncgAtIfqgAhvtgAACdg3lstxlpDplp2cmZ6fkpaRle3n9PTy\/CVzAJKehIeEmJGRl52QlJaX6OOU6JaRlp2cn4WEhZ2RkJeV6WOQnZ6EhJOFh4WFmYWYk7+dkpCQ6u\/qkZ2fmYSYnZ6Rk5OU7OD6+Pbh4PTl+OTo6unl9eXi7f7c1VT\/+uiX6JSUkJCV7uXm\/Obu7pWWkZeW7OPpk5Ofm5+Yk5WV7untlJeSkpeV7+qWkA=="}
00876{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":632,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470985511036,"flow_src_last_pkt_time":1120470985511036,"flow_dst_last_pkt_time":1120470985511036,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470985511036,"l3_proto":"ip4","src_ip":"81.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}}
00202{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":633,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":20992,"global_ts_usec":1120470986363611}
00302{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470986363611,"packet_id":633,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":20992,"global_ts_usec":1120470986363611}
00485{"packet_event_id":1,"packet_event_name":"packet","packet_id":633,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":146,"pkt_type":20992,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":146,"pkt_l4_len":0,"thread_ts_usec":1120470985511036,"pkt":"ADBUADRWAODtAW69UgBFAACEbAVoAIARFqPAqAEC9PIhJHUxnckAcCyBgMgABjeWy3FCyQfKXvrGAwAAJMMAAAAJAAAGDIHKAAs3lstxAR0xMTg5NDI5Ny00NDMyYTlmOEAxOTIuMTY4LjEuMgYFU0lQUFMAAIHLAAY3lstxEHNlc3Npb24gc2h1dGRvd24AAAE="}
00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":634,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":3,"flow_src_last_pkt_time":1120470987237142,"flow_dst_last_pkt_time":1120470983999111,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470987237142,"pkt":"ADBUADRWAODtAW69CABFAABIbAYAAIARS0vAqAECwKgBAQsAADUANFW+1AYBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaVR5AmRrAAAhAAE="}
01025{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":634,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470983999111,"flow_src_last_pkt_time":1120470987237142,"flow_dst_last_pkt_time":1120470983999111,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470987237142,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2816,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
00219{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":635,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_usec":1120470989238019}
00319{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":3,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470989238019,"packet_id":635,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_usec":1120470989238019}
00402{"packet_event_id":1,"packet_event_name":"packet","packet_id":635,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_usec":1120470987237142,"pkt":"ADBUADRWAODtAW69CABFAABIbAdtAIARS07AqAECwKgBAQsAADUANFW+1AYBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaVN5AmRrAAAhAAE="}
00911{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470796801135,"flow_src_last_pkt_time":1120470796801135,"flow_dst_last_pkt_time":1120470796802602,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470993243427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2797,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00768{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470798172728,"flow_src_last_pkt_time":1120470806184239,"flow_dst_last_pkt_time":1120470798172728,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470993243427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2798,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -1799,13 +1799,13 @@
00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":639,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120471001263229,"flow_src_last_pkt_time":1120471001263229,"flow_dst_last_pkt_time":1120471001263229,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":464,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":464,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":464,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471001263229,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.234.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01131{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":639,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":1,"flow_src_last_pkt_time":1120471001263229,"flow_dst_last_pkt_time":1120471001263229,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":506,"pkt_l4_len":472,"thread_ts_usec":1120471001263229,"pkt":"ADBUADRWAODtAW69CABFAAHsbDsAAIARFQbAqAEC1OohIxPEE8QB2K3LUkVHSVNURVIgc2lwOnNpcC5jeWJlcmNpdHkuZGsgU0lQLzIuMA0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjticmFuY2g9ejloRzRiS25wODg4NjAxNi00NGIxNGZlMzE5Mi4xNjguMS4yO3Jwb3J0DQpGcm9tOiA8c2lwOjM1MTA0NzIzQHNpcC5jeWJlcmNpdHkuZGs+O3RhZz04Nzk3MWENClRvOiA8c2lwOjM1MTA0NzIzQHNpcC5jeWJlcmNpdHkuZGs+DQpDYWxsLUlEOiAyOTg1ODFHNy00NjViMDc1MkAyOTg1ODA1MS00NjViMDdiMnMKQ29udGFjdDogcGVsIDxzaXA6MzUxMDQ3MjNAMTkyLjE2OC4xLjI6NTA2MDtsaW5lPTdkMzY1NThmMzEzNjcwNTE+O2V4cGlyZXM9MTIwMDtxBDAuNTAwDQpFeHBpcmVzOiAxMjAwDQpDU2VxOiA1IFJFR0lTVEVSDQpD\/G50ZW50LUxlbmd0aDogMA0KTWF4LUZvcndhYmRzOiA3MA0KVXNlci1BZ2VudDoiTmVybyBTSVBQUyBJUCBQaG9uZSBWZXJzaW9uIDIuOC41MS4xNg0KDQo="}
00876{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":639,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120471001263229,"flow_src_last_pkt_time":1120471001263229,"flow_dst_last_pkt_time":1120471001263229,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":464,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":464,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":464,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471001263229,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.234.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
00220{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":640,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":488,"global_ts_usec":1120471001405003}
00320{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120471001405003,"packet_id":640,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":488,"global_ts_usec":1120471001405003}
00984{"packet_event_id":1,"packet_event_name":"packet","packet_id":640,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":522,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":522,"pkt_l4_len":0,"thread_ts_usec":1120471001263229,"pkt":"AODtAW69ADBUADRWCABFAEH8AABAADcRijHU8iEjwKgBAhPEE8QB6DHXU0lQLzIuMCA0MDEgVW5hdXRob3JpemVkDQpDYWxsLUlEOiAyOTg1ODE0N4M0NjViMDc1MkAyMTg1ODA1MS00NjViMDdiMg0KQ1MxcTogNSBSRUdJU1RFXw0KRnJvbTogWnNpcDozNTEwNDcyM0BzaXAuY3liZXJjaXR5LmRrPjt0YWc9ODc5NzFhDQpUbzpqPHNpcDozNTEwNDcyM0BzaXAuY3liZXJjaXR5LmRrPjt0YWc9MDAtMDQwNzQtMTcwMWJhYzktMWRhYTBiNGM1DQpWaWE6IFNJJXMALjAvVURQIDE5Mi4xNjguMS4yO3JlY2VpdmVkPTgwLjIzMC4yMTkuNzA7cnBvcnQ9NTA2MDticmFuY2g9ejloRzRiS25wODg4NjAxNi00NGIxNGZlMzE5Mi4xNjguMS4yDQpXV1ctQXV0aGVudGljYXRlOiBEaWdlc3QgcmVhbG09InNpcC5jeWJlcmNpdHkuZGsiLG5vbmNlPSIxNzAxYmFiZDJhZDY3JXMANWU2ZDZiZjE1NDQyYSVzACxvcGFxdWU9IjE3MDFhMTM1MWY3MDc5NSIsc3RhbGU9ZmFsc2UsYWxnb3JpdGhtPU1ENQ0KQ29udGVuLy1MZW5ndGg6IDANCg0K"}
00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":641,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120471001714162,"flow_src_last_pkt_time":1120471001714162,"flow_dst_last_pkt_time":1120471001714162,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471001714162,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2823,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":641,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":240,"flow_packet_id":1,"flow_src_last_pkt_time":1120471001714162,"flow_dst_last_pkt_time":1120471001714162,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120471001714162,"pkt":"ADBUADRWAODtAW69CABFAABIbDwAAIARSxXAqAECwKgBAQsHADUANKe0ggkBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
01016{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":641,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120471001714162,"flow_src_last_pkt_time":1120471001714162,"flow_dst_last_pkt_time":1120471001714162,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471001714162,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2823,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":642,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":240,"flow_packet_id":2,"flow_src_last_pkt_time":1120471002706801,"flow_dst_last_pkt_time":1120471001714162,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120471002706801,"pkt":"ADBUADRWAODtAW69CABFAABIbD8gAIARSxTAqAECwKgBAQsHADUANKe0gjgBAAABAAAAAAAABF9zaXAEXXVkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00219{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":643,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_usec":1120471004709848}
00319{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120471004709848,"packet_id":643,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_usec":1120471004709848}
00402{"packet_event_id":1,"packet_event_name":"packet","packet_id":643,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_usec":1120471002706801,"pkt":"ALlUADRWAODtAW69CABFAABIbD4Au4ARSxNYqAECwKgBAQsHADUANKe0ggkBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":644,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":240,"flow_packet_id":3,"flow_src_last_pkt_time":1120471006712546,"flow_dst_last_pkt_time":1120471001714162,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120471006712546,"pkt":"ADBUADRWAODtAW69CABFAABIbEcAAIARSwrAqAECwKgBAQsHADUANKe0ggkBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAApAAE="}
01025{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":644,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120471001714162,"flow_src_last_pkt_time":1120471006712546,"flow_dst_last_pkt_time":1120471001714162,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471006712546,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2823,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":41,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
@@ -1840,7 +1840,7 @@
01012{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":646,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120471018720186,"flow_src_last_pkt_time":1120471018720186,"flow_dst_last_pkt_time":1120471018720186,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471018720186,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2824,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-addr.arpa","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
00593{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":647,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":241,"flow_packet_id":2,"flow_src_last_pkt_time":1120471018720186,"flow_dst_last_pkt_time":1120471018721702,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_usec":1120471018721702,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1CwgAR8InDQuAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAgQAAJxAACwlsb2NhbGhvc3QA"}
01023{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":647,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120471018720186,"flow_src_last_pkt_time":1120471018720186,"flow_dst_last_pkt_time":1120471018721702,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120471018721702,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2824,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-addr.arpa","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}}}
00220{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":649,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":308,"global_ts_usec":1120471018870717}
00320{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120471018870717,"packet_id":649,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":308,"global_ts_usec":1120471018870717}
00744{"packet_event_id":1,"packet_event_name":"packet","packet_id":649,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":342,"pkt_l4_len":0,"thread_ts_usec":1120471018723316,"pkt":"AODtAW69ADBUADRWCABFAAFIAABACDcRiuXU8iEjwKgBAhPEE8QBNCHFU0lQLzIuMCAxMDAgVHJ5aW5nDQpDYWxsLUlEOiAyOTg1ODE0qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":652,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120471019307986,"flow_src_last_pkt_time":1120471019307986,"flow_dst_last_pkt_time":1120471019307986,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471019307986,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2825,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":652,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":1,"flow_src_last_pkt_time":1120471019307986,"flow_dst_last_pkt_time":1120471019307986,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120471019307986,"pkt":"ADBUADRWAODtAW69CABFAABIbEwAAIARSwXAqAECwKgBAQsJADUANMyuXQ0BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
@@ -1886,12 +1886,12 @@
00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":666,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120471049334155,"flow_src_last_pkt_time":1120471049334155,"flow_dst_last_pkt_time":1120471049334155,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471049334155,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2827,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":666,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":246,"flow_packet_id":1,"flow_src_last_pkt_time":1120471049334155,"flow_dst_last_pkt_time":1120471049334155,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120471049334155,"pkt":"ADBUADRWAODtAW69CABFAABIbFcAAIARSvrAqAECwKgBAQsLADUANESJ5TABAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaU15Alb4AAAhAAE="}
01016{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":666,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120471049334155,"flow_src_last_pkt_time":1120471049334155,"flow_dst_last_pkt_time":1120471049334155,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471049334155,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2827,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercimy.v?","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
00202{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":667,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":18432,"global_ts_usec":1120471051336804}
00302{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120471051336804,"packet_id":667,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":18432,"global_ts_usec":1120471051336804}
00403{"packet_event_id":1,"packet_event_name":"packet","packet_id":667,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":18432,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_usec":1120471049334155,"pkt":"ADBUADRWAODtAW69SABFAABIbFgAAIARQvnAqAECwKgBAQsLADUANESJ5TABAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":668,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120471053339683,"flow_src_last_pkt_time":1120471053339683,"flow_dst_last_pkt_time":1120471053339683,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471053339683,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.170.1.1","src_port":2827,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":668,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":247,"flow_packet_id":1,"flow_src_last_pkt_time":1120471053339683,"flow_dst_last_pkt_time":1120471053339683,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120471053339683,"pkt":"ADBUADRWAODtAW69CABFAABIbFkAAIARSvjAqAECwKoBAQsLADUANESJ5TABAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJj8XR5AmRrAAAhAAE="}
01016{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":668,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120471053339683,"flow_src_last_pkt_time":1120471053339683,"flow_dst_last_pkt_time":1120471053339683,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471053339683,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.170.1.1","src_port":2827,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cyberc?ty.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
00199{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":1,"packet_id":669,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","protocol":2048,"global_ts_usec":1120471057345430}
00299{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120471057345430,"packet_id":669,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","protocol":2048,"global_ts_usec":1120471057345430}
00402{"packet_event_id":1,"packet_event_name":"packet","packet_id":669,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_usec":1120471053339683,"pkt":"ADBcADRHAODtAW69CABgAABIbFoAAIARSvfAqAECwKgBAQsLADUANESJ5TABAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liRXdjaXR5AmRrAAAhgAE="}
00778{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":670,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470442140675,"flow_src_last_pkt_time":1120470442140675,"flow_dst_last_pkt_time":1120470442140675,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471053339683,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","l4_proto":19,"ndpi": {"proto":"Unknown","proto_id":"0","encrypted":0,"breed":"Unrated"}}
00734{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":670,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470442140675,"flow_src_last_pkt_time":1120470442140675,"flow_dst_last_pkt_time":1120470442140675,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471053339683,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","l4_proto":19,"flow_datalink":1,"flow_max_packets":3}
@@ -1935,7 +1935,7 @@
00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":676,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":252,"flow_packet_id":1,"flow_src_last_pkt_time":1120471077370875,"flow_dst_last_pkt_time":1120471077370875,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120471077370875,"pkt":"ADBUADRWAODtAW69CABFAABIbGAAAIARSvHAqAECwKgBAQsNADUANFmE0DMBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
01016{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":676,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":252,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120471077370875,"flow_src_last_pkt_time":1120471077370875,"flow_dst_last_pkt_time":1120471077370875,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471077370875,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2829,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":677,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":252,"flow_packet_id":2,"flow_src_last_pkt_time":1120471078365594,"flow_dst_last_pkt_time":1120471077370875,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120471078365594,"pkt":"ADBUADRWAODtAW69CABFAABIbGEAAIARSvDAqAECwKgBAQsNADUANFmE0DMBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00219{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":678,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_usec":1120471080368465}
00319{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120471080368465,"packet_id":678,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_usec":1120471080368465}
00403{"packet_event_id":1,"packet_event_name":"packet","packet_id":678,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_usec":1120471078365594,"pkt":"ADBUADRWAODtAW69CABFAABjbGIAAIARSu\/AqAECwKgBAQsNADUANFmE0DMBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3muZXJjaXR5AmRrAAAhAAE="}
00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":679,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120471082371572,"flow_src_last_pkt_time":1120471082371572,"flow_dst_last_pkt_time":1120471082371572,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471082371572,"l3_proto":"ip4","src_ip":"192.168.54.2","dst_ip":"192.168.1.1","src_port":2829,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":679,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":253,"flow_packet_id":1,"flow_src_last_pkt_time":1120471082371572,"flow_dst_last_pkt_time":1120471082371572,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120471082371572,"pkt":"ADBUADRWAODtAW69CABFAABIbGMAAIARSu7AqDYCwKgBAQsNADUANFmE0DMBAAABAAAAAAAABF9zaXAEX3VkcCVzAHAJY2liZXJjaXR5AmRrAAAhAAE="}
@@ -1983,7 +1983,7 @@
00767{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":690,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470908872202,"flow_src_last_pkt_time":1120470908872202,"flow_dst_last_pkt_time":1120470908872202,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471094413365,"l3_proto":"ip4","src_ip":"128.168.1.2","dst_ip":"192.168.1.1","src_port":2810,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00771{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":690,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120471048339111,"flow_src_last_pkt_time":1120471048339111,"flow_dst_last_pkt_time":1120471048339111,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471094413365,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.114","src_port":2827,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00769{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":690,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120471049334155,"flow_src_last_pkt_time":1120471049334155,"flow_dst_last_pkt_time":1120471049334155,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471094413365,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2827,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00219{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":690,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_usec":1120471106433431}
00319{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120471106433431,"packet_id":690,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_usec":1120471106433431}
00402{"packet_event_id":1,"packet_event_name":"packet","packet_id":690,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_usec":1120471094413365,"pkt":"ADBUADRWAODtAW69CABFAABIbG4A3oARSuPAqAECwKgBAQsQJXMANDd+8jYBAFEBAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120471107427770,"flow_src_last_pkt_time":1120471107427770,"flow_dst_last_pkt_time":1120471107427770,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471107427770,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2832,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":257,"flow_packet_id":1,"flow_src_last_pkt_time":1120471107427770,"flow_dst_last_pkt_time":1120471107427770,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120471107427770,"pkt":"ADBUADRWAODtAW69CABFAABIbJIAAIARSuLAqAECwKgBAQsQADUANDd+8jYBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
@@ -2085,6 +2085,6 @@
~~ total memory freed........: 6533958 bytes
~~ total allocations/frees...: 124910/124910
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 203 chars
~~ json string min len.......: 303 chars
~~ json string max len.......: 2261 chars
~~ json string avg len.......: 1232 chars
~~ json string avg len.......: 1282 chars

20
test/results/fuzz-2006-09-29-28586.pcap.out
View File

@@ -1,12 +1,12 @@
00501{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":3265032704,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
00564{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1031854484481540}
00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","layer_type":2304,"global_ts_usec":1031854484481540}
00300{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1031854484481540,"packet_id":1,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","layer_type":2304,"global_ts_usec":1031854484481540}
00366{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":2304,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1031854484481540,"pkt":"CAAgsl17AFCLk5N8CQBFAAAo8EpAAIAGrEqsFAMFrBQDDQooAFDkFf3+yWv\/bVARIal6iQAABIGD1GDD"}
00760{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1031854484481558,"flow_src_last_pkt_time":1031854484481558,"flow_dst_last_pkt_time":1031854484481558,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1031854484481558,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2600,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1031854484481558,"flow_dst_last_pkt_time":1031854484481558,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1031854484481558,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxKVAAEAGF\/CsFAMNrBQDBQBQCijJa\/9t5BX9\/1AQgywZBgAA"}
00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1031854484481933,"flow_dst_last_pkt_time":1031854484481558,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1031854484481933,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxKZAAEAGF++sFAMNrBQDBQBQCijJa\/9t5BX9\/1ARgywZBQAA"}
00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1031854484481933,"flow_dst_last_pkt_time":1031854484482142,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1031854484482142,"pkt":"CAAgsl17AFCLk5N8CABFAAAo8UpAAIAGq0qsFAMFrBQDDQooAFDkFf3\/yWv\/blAQIal6iAAABIGD1GDD"}
00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":5,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","layer_type":2246,"global_ts_usec":1031854488666650}
00300{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1031854488666650,"packet_id":5,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","layer_type":2246,"global_ts_usec":1031854488666650}
00365{"packet_event_id":1,"packet_event_name":"packet","packet_id":5,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":2246,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1031854484482142,"pkt":"CAAgsl17AFCLk5J8CMZFAAAs9EpAAIAGqEasFAMFrBQDDQopAFDkS6qJAAAAACUCMACAnQAAuAQFtGBh"}
00760{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1031854488666676,"flow_src_last_pkt_time":1031854488666676,"flow_dst_last_pkt_time":1031854488666676,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1031854488666676,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2601,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1031854488666676,"flow_dst_last_pkt_time":1031854488666676,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":1031854488666676,"pkt":"AFCLk5N8CAAgsl17CABFAAAsxKdAAEAGF+qsFAMNrBQDBQBQCinJpw1U5EuqimASgyxGZAAAAgQFtA=="}
@@ -17,7 +17,7 @@
00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1031854488668075,"flow_dst_last_pkt_time":1031854488668075,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1031854488668075,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxKhAAEAGF+2sFAMNrBQDBQBRCinJpw1V5EuwPlAQgyxYbQAA"}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1031854488668094,"flow_src_last_pkt_time":1031854488668094,"flow_dst_last_pkt_time":1031854488668094,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1031854488668094,"l3_proto":"ip4","src_ip":"0.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2601,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1031854488668094,"flow_dst_last_pkt_time":1031854488668094,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1031854488668094,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxKlAAEAGJXMAFAMNrBQDBQBQCinJpw1V5Eu18lAQgyxSuQAA"}
00202{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":15,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","layer_type":21760,"global_ts_usec":1031854488923980}
00302{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":3,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1031854488923980,"packet_id":15,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","layer_type":21760,"global_ts_usec":1031854488923980}
00614{"packet_event_id":1,"packet_event_name":"packet","packet_id":15,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":243,"pkt_type":21760,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":243,"pkt_l4_len":0,"thread_ts_usec":1031854488771624,"pkt":"AFCLk5N8CAAgsl17VQBFAADlxKtAAEAGFy2sFAMNrBQDBQBQCinLpw1V5EvBTVAYgyzwBgAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXL+IFJlc2luLzIuMMsxDQpDb2509m50LVR5cGU6IGFwcGxpY2F0aW9uL3ZuZC53YXAubW1zLW1lc3NhZ2UNCkNvbnRlbnQtTGVuZ3RoOiA0NQ0KRGF0ZTogVGh1LCAxMiBTZXAgMjAwMiAxODoxNDo0OCBHTVQNCg0KjIGYMS05YmEwAI2QkoCLMTg5MzAwQGdl\/WTHMi5tb2JpbGl0eWxhYi5uZXQA"}
00762{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1031854489004849,"flow_src_last_pkt_time":1031854489004849,"flow_dst_last_pkt_time":1031854489004849,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1031854489004849,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":53132,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1031854489004849,"flow_dst_last_pkt_time":1031854489004849,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1031854489004849,"pkt":"AFCLk5N8CAAgsl17CABFAAAwxKxAAEAGF+GsFAMNrBQDBc+MAFDJtOyOAAAAAHACgywbmAAAAQEEiQIEBbQ="}
@@ -32,7 +32,7 @@
01098{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1031854489131959,"flow_dst_last_pkt_time":1031854489131959,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":481,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":481,"pkt_l4_len":447,"thread_ts_usec":1031854489131959,"pkt":"CAAgsl17AFCLk5N8CABFAAHT\/0pAAIAGm5+sBgMFrBQDDQBQz4zkTZr1ybTxE1AYHbTqTgAAPD94bWwgdmVyc2lvbj0iMS4wIj8+CjwhRE9DVFlQRSBwYXAgUFVCTElDICItLy9XQVBGT1JVTS8vRFREIFBBUCAxLjAvL0VOIgogICAgICAgICAgImh0dHA6Ly93d3cud2FwZm9ydW0ub3JnL0RURC9wYXBfMS4wLmR0ZCI+CjxwYXA+CiAgPHB1c2gtcmVzcG9uc2UgcnVzaC1pZD0iMTg5MzAxXzEwMzE4NTQ0ODg5OTdfMTAzOEBnZWNkczIubW9iaWxpdHlsYWIubmV0IiBzZW5kZXKtYWRkcmVzcz0iaHR0cDovL2xtY21vbGYud2FwbWF0aWMuZGUiIHNlbmRlcuRuYW1lPSJ3Z3A0IiByZXBseS2qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00761{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1031854495447092,"flow_src_last_pkt_time":1031854495447092,"flow_dst_last_pkt_time":1031854495447092,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1031854495447092,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.21.3.13","src_port":2602,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1031854495447092,"flow_dst_last_pkt_time":1031854495447092,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1031854495447092,"pkt":"CAAgsl17AFCLk5N8CABFAAAsB0tAAIAGlUasFAMFrBUDDQoqAFDkZMdqAADsAGACIABjogAAAgQFtFQI"}
00201{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":34,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","layer_type":2177,"global_ts_usec":1031854495447119}
00301{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":4,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1031854495447119,"packet_id":34,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","layer_type":2177,"global_ts_usec":1031854495447119}
00366{"packet_event_id":1,"packet_event_name":"packet","packet_id":34,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":58,"pkt_type":2177,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":58,"pkt_l4_len":0,"thread_ts_usec":1031854495447092,"pkt":"AFCLk5N8CAAgsl17CIFFAAAsxLVAAEAGF9ysFAMNTBQDBQBQCirJ0lLg5GTHa2ASgywbsgAAAgQFtA=="}
00741{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":35,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1031854495447303,"flow_src_last_pkt_time":1031854495447303,"flow_dst_last_pkt_time":1031854495447303,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1031854495447303,"l3_proto":"ip4","src_ip":"170.170.170.170","dst_ip":"170.170.170.170","l4_proto":170,"flow_datalink":1,"flow_max_packets":3}
00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1031854495447303,"flow_dst_last_pkt_time":1031854495447303,"flow_idle_time":620000000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1031854495447303,"pkt":"CAAgskZ7AFCLk5N8CABFAAAoCKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
@@ -61,7 +61,7 @@
00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_src_last_pkt_time":1031854532142258,"flow_dst_last_pkt_time":1031854532142303,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":1031854532142303,"pkt":"AFCLk5N8CAAgsl17CABFAAAsxMFAAEAGF9CsFAMNrBQDBQBQCizKXurZ5OatpWASgyxkbgAAAgQFtA=="}
00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_src_last_pkt_time":1031854532142486,"flow_dst_last_pkt_time":1031854532142303,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1031854532142486,"pkt":"CAAgsl17AFCLk5N8CABFAAAoH0tAAIAGfUqsFAMFrBQDDQosAFDk5q2lyl7q2lAQIjjdHwAAAgQFtGDD"}
01147{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1031854532142258,"flow_src_last_pkt_time":1031854532143032,"flow_dst_last_pkt_time":1031854532142303,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1460,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1031854532143032,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2604,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"172.20.3.13","http": {"url":"172.20.3.13\/servlets\/mms?message-id=189001","code":0,"content_type":"","user_agent":"SonyEricssonT68\/R201A"}}}
00202{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":64,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","layer_type":59136,"global_ts_usec":1031854532143059}
00302{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1031854532143059,"packet_id":64,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","layer_type":59136,"global_ts_usec":1031854532143059}
00841{"packet_event_id":1,"packet_event_name":"packet","packet_id":64,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":413,"pkt_type":59136,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":413,"pkt_l4_len":0,"thread_ts_usec":1031854532143032,"pkt":"CAAgsl17AFCLk5N85wA1AAGPIUtAAIAGeeOsFAMFrBQDDQosAFDk5rNZyl7q2lAYIjgNigAAWXVTdz09IiwiMi1gZ0NURVFFMW8ydmVOM0ZCeW8xLzVnPT0iLCIzLXpJdGdzSXlLQnBCem01c2xPb2RISEE9PSINCkNvb2t6ZTogVXNlci1JZGVudGl0eS1Gb3J3YXJkLXBwcC11c2VybmFtZT02QzZENjM2RDZGNkM2Ng0KQ29va2llOiBVc2VyLUlkZW50aXR5LUZvcgRhcmQtbXNpc2RuPTO0MzkzMTM3MzIzNjMxMzAzMTMwMzAzNA0KQ29va2llOiBVc2VyLQlkZW50aXR5LUF1dGhlbnRpY2F0aW9uPUJlYXJlcg0KQ29va2llOiBJcC1BZGRyZXNzPTE5Mi4xNjguMi4yNg0KQ29va2llOiBCZWFyZXItVHlwZT1VRFBdCldBUC1Db25uZWN0aW9uOiBTdGFjay1UeXBlPUNPDQpDb29raWU6IHd0bHMtc2VjdXJpdHktbGV2ZWw9bm9uZVQKDQo="}
00763{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1031854532143761,"flow_src_last_pkt_time":1031854532143761,"flow_dst_last_pkt_time":1031854532143761,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1031854532143761,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.68.5","src_port":80,"dst_port":2604,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1031854532143761,"flow_dst_last_pkt_time":1031854532143761,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1031854532143761,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxMJAAEAGF9OsFAMNrBREBQBQCizKXura5OazWVAlcwB2dwAA"}
@@ -77,7 +77,7 @@
00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1031854535090106,"flow_src_last_pkt_time":1031854535090106,"flow_dst_last_pkt_time":1031854535090106,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":143,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":143,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":143,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1031854535090106,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"44.20.3.5","src_port":80,"dst_port":2605,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00718{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_src_last_pkt_time":1031854535090106,"flow_dst_last_pkt_time":1031854535090106,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":197,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":197,"pkt_l4_len":163,"thread_ts_usec":1031854535090106,"pkt":"AFCLk5N8CAAgsl17CABFAAC3xMdAAEAGFz+sFAMNLBQDBQBQCi3KbXHM5PFjO1AYgyyWzgAASFRUUC8xLjEgMjIwIE9LDQpTZXJ2ZXI6IEJlc2luLzIuMC4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3Zuay53YXAubW1zLW1lc3NhZ2UNCkNvbnRlbnQtTGVuZ3RoOiAwDQpEYXRlOiBUaHUsIDEyIFNlcCAyMDAyIDE4OjFKOjM1IEdNVA0KDQo="}
00892{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":75,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1031854535090106,"flow_src_last_pkt_time":1031854535090106,"flow_dst_last_pkt_time":1031854535090106,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":143,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":143,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":143,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1031854535090106,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"44.20.3.5","src_port":80,"dst_port":2605,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
00199{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":1,"packet_id":76,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","protocol":2048,"global_ts_usec":1031854535294275}
00299{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1031854535294275,"packet_id":76,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","protocol":2048,"global_ts_usec":1031854535294275}
00366{"packet_event_id":1,"packet_event_name":"packet","packet_id":76,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1031854535090106,"pkt":"CAAgsl17AFCLk5N8CAAQAAAoKUtAAIAGc0qsFAMFrBQDDQotAFDk8WM7ym1yW1AQIamgfQAAYXRpb24v"}
00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_src_last_pkt_time":1031854543322142,"flow_dst_last_pkt_time":1031854495447303,"flow_idle_time":620000000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1031854543322142,"pkt":"AFCLk5N8CAAgsl17CABFAACqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":80,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1031854543322384,"flow_src_last_pkt_time":1031854543322384,"flow_dst_last_pkt_time":1031854543322384,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1031854543322384,"l3_proto":"ip4","src_ip":"170.170.170.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -91,7 +91,7 @@
00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_src_last_pkt_time":1031854557802049,"flow_dst_last_pkt_time":1031854557802085,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":1031854557802085,"pkt":"AFCLk5N8CAAgsl17CABFAAAsxMxAAEAGF8WsFAMNrBQDBQBQCi7KxfhE5UFs9mASgyyW7gAAAgQFtA=="}
00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_src_last_pkt_time":1031854557802273,"flow_dst_last_pkt_time":1031854557802085,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1031854557802273,"pkt":"CAAgsl17AFCLk5N8CABFAAAoNktAAIAGZkqsFAMFrBQDDQouAFDlQWz2ysX4RVAQIjgPoAAAAgQFtAAA"}
01125{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1031854557802049,"flow_src_last_pkt_time":1031854557802805,"flow_dst_last_pkt_time":1031854557802085,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1460,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1031854557802805,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2606,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"172.20.3.13","http": {"url":"172.20.3.13\/servlets\/mms?message-id=189301","code":0,"content_type":"","user_agent":""}}}
00199{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":1,"packet_id":91,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","protocol":2048,"global_ts_usec":1031854557899872}
00299{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1031854557899872,"packet_id":91,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","protocol":2048,"global_ts_usec":1031854557899872}
00358{"packet_event_id":1,"packet_event_name":"packet","packet_id":91,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":54,"pkt_l4_len":0,"thread_ts_usec":1031854557803574,"pkt":"AFCLk5N8kgAgsl2cCAAlcwAoxM5AAEAGF8esFAMNrBQDBQB+Ci7KxfhF5UF0EVAQgyynkAAA"}
00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":92,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1031854557975651,"flow_src_last_pkt_time":1031854557975651,"flow_dst_last_pkt_time":1031854557975651,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":1460,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1460,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1031854557975651,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.72.5","src_port":80,"dst_port":2606,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
02480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_src_last_pkt_time":1031854557975651,"flow_dst_last_pkt_time":1031854557975651,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1031854557975651,"pkt":"AFCLk5N8CAAgsl17CABFAAXcxM9AAEAGEhKsFAMNrBRIBQBQCi7KxfhF5UF0EVAQg2xUTwAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2Zds6IFJlc2luLzIuMC4xDQpDb250ZW50LVR5cGU6IGFwcJVpY2F0aU9uL3ZuZC53YXAubW1zLW1lQnNhZ2UNCkNvbnRlbnQtTGVuZ3RoOiA0MDAzDQpEYXRlOiBEaHUsIDEyI1NlcCAyMDAyIDE4OjEzOjU3IEdNVA0KDQqMhJgxODkzMDEAjZCLMTg5MzAwQGdlY2RzMi5tb2JpbGl0eWxhYi5uZXQAhQQ9gOeoiRmAKzQ5MTcyNjEwMTAwNC9UWVBFPVBMTU4Alys0OTE3MjYxMDEwMDQvVFlQRT1QTE1OAJZSRTogAIqAj4GGgJCAhBuziWFwcGxpY2F0aW9uL3NtaWwAijxBQUHJPgACF5sIFmF1ZGlvL89tcgCFTWVtb18yLmFtcgAjIUFNUgoEAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAEAAAAAAAAIAAAAAAABAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAEYMHXD3zV\/8IgwWAMBAJCE3zKTS6yvWim2AQAaW9MjVBAFq9g49AEG3NPa5xSPjJCwdiuBGBzXCVzANBaejQlAgQt3KzJjOxe+tzME8YEwHMjOLJPC9RhIk1GBGcB9hyMVB+ymov9JgQcc+TIiquQD7ex2a4EwPA8+J0C0fnQHsHIBAJrIB2IKQBtWLyT3gRGCgMIhBG3oPgxOIIEYApux4qh3leJmGFmBAPwbXU1e9R22GaS9AQACnMDejLvmEUFMqwEnXCQ+IVVpDVVYOcgBAMm+YOVuf\/qr8C7EASdBxxFjGX+HDtZYUwEHBnMGjW5n+PI4knwBBsK4SmqTS8eSRtrYAQiJjP5kk8lcwBI1AgEHAoP2II8axveMUxCBBwKU3dDqfCKT69HlgQcGbBpzQqeNOKNF6oEwAEga4ImSmqwxRZQBFAp8rg96cDaFckq\/gRlAdboXdDfSI5Fhs4Eygrc660OMDBW5HaEBBsHdhiinThEsf5noAQbGQJaMx0Ha8dBdkAEbgqMCaJz67tCjYyGBFYKElgduY8Vu4Zy7gQiCozpdU1ad0ULON4ERAcMeDUZFTuMPjUeBCQG2xs90aDTRIjGIgQiCgWIMmeabddj5oQEHBPho51DgcHKVONABDMmMbh6HE7Qii8JIgQxKT03NTDED6MOAHwEACa6M6Mfl1xY4Ih2BG4p2Zgatr88WCLapAQAJndLPeWwjkERZqQEHCkMM4JXinkRKYxyBCMyCApUNjcVUeFBtAQpCgn4gisK1K1VbUYEGQr9sTV75X6826qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
@@ -120,7 +120,7 @@
00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_src_last_pkt_time":1031854562489825,"flow_dst_last_pkt_time":1031854562490275,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1031854562490275,"pkt":"CAAgsl17AFCLk5N8CABFAAAoREtAAIAGWEqsFAMFrBQDDQBQz5DlW6AhyuQuqFAQHdzk2gAAAgQFtG4v"}
00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":114,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1031854562690442,"flow_src_last_pkt_time":1031854562690442,"flow_dst_last_pkt_time":1031854562690442,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1031854562690442,"l3_proto":"ip4","src_ip":"172.20.67.13","dst_ip":"172.20.3.5","src_port":53136,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_src_last_pkt_time":1031854562690442,"flow_dst_last_pkt_time":1031854562690442,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1031854562690442,"pkt":"AFCLk5N8CAAgsl17CABFAAAobNpAAEAGF7usFEMNrBQDBc+QAFDK5C6o5VOhNFAQgyx+pAAA"}
00202{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":117,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","layer_type":3072,"global_ts_usec":1031854565447882}
00302{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1031854565447882,"packet_id":117,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","layer_type":3072,"global_ts_usec":1031854565447882}
00367{"packet_event_id":1,"packet_event_name":"packet","packet_id":117,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":3072,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1031854562790415,"pkt":"CAAgsl17AFCLk5N8DABFJXMATUtAAIAGT0asFAMFrBQDDQowAFDlXnSjAABhAGACIAC1aQAAAgQFtCiq"}
00763{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":118,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1031854565447923,"flow_src_last_pkt_time":1031854565447923,"flow_dst_last_pkt_time":1031854565447923,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1031854565447923,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2608,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_src_last_pkt_time":1031854565447923,"flow_dst_last_pkt_time":1031854565447923,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":1031854565447923,"pkt":"AFCLk5N8CAAgsl17CABFAAAsxNxAAEQGF7WsFAMNrBQDBQBQCjDK9pOA5V50pGASgyzztQAAAgQFtA=="}
@@ -210,6 +210,6 @@
~~ total memory freed........: 6118931 bytes
~~ total allocations/frees...: 122054/122054
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 204 chars
~~ json string min len.......: 304 chars
~~ json string max len.......: 2485 chars
~~ json string avg len.......: 1344 chars
~~ json string avg len.......: 1394 chars

134
test/results/fuzz-2020-02-16-11740.pcap.out
View File

@@ -10,7 +10,7 @@
01383{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1528996068129675,"flow_dst_last_pkt_time":1528996068129675,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":697,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":697,"pkt_l4_len":663,"thread_ts_usec":1528996068129675,"pkt":"AAAMB6xAABRP+4rqCABFAAKrIMdAAP8RAAAKDEAexuIZNXIQBxQClwAAAQsCj4S+BLJeRUI2j+crsJkatvQaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUiUAGgkAADghDQM2NwZbIqDkATUwMzExNDgwMjcxNTE2NDgwQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZmMtZGItYjMtMDgtZmYtMTQeJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwYjFkMWEwMjI1YiwgNWIyMmEwZDEvZmM6ZGI6YjM6MDg6ZmY6MTQvMjA1BAasFAEQIA5WWldDMlRlc3RsYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TwoCAgAIFwwAABoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARMVBoQAAAlAAoKU3RhbmQ5cmQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwMxGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJGhcAAFfIHRFWWlcgQzIgVGVzdCBMYWIaCwAAV8glBVZ6VxoNAAA4IQ4HMDcwNzEaDAAAOCERBgAAAAAaFQAAGCESD0ludmFsQmQgVmFsdWUaHQAAOCETFzQwLjgwNDg4JQAtNzQuMTAyODNVVxoMAAA4IRQGAAABAhoMAAA4IRUGAAAAAhoVAAA4IRYPU3RhZGl1bURpcmVjdBoMAAAFgwcGwFBKmVAS3TFDXZx6RcHx5Q8nnMq0Ng=="}
00880{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528996068129675,"flow_src_last_pkt_time":1528996068129675,"flow_dst_last_pkt_time":1528996068129675,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":655,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":655,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":655,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528996068129675,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","proto_id":"146","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00796{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1528996068129675,"flow_dst_last_pkt_time":1528996068284843,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":257,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":257,"pkt_l4_len":223,"thread_ts_usec":1528996068284843,"pkt":"ABRP+4rqcNuYVcUnCABFAADz7eFAAPwRZdbG4hk1CgxAHgcUchAA39JxAwsA1+U\/DuIEVKatp1a5Vz8iUQkBNTAzMTE0ODAyNzE1MTY0ODBAd2xhbi5tbmM0ODAubaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00201{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":5,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_usec":1528996520702154}
00301{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1528996520702154,"packet_id":5,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_usec":1528996520702154}
01284{"packet_event_id":1,"packet_event_name":"packet","packet_id":5,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"thread_ts_usec":1528996068284843,"pkt":"AAAMqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00773{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1528996068129675,"flow_dst_last_pkt_time":1528996520912583,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_usec":1528996520912583,"pkt":"AFFP+4rqcNuYVcUnCABFAADh9PZAAPwRXtPG4hk1CgxAHgcUchAAzf\/ACwwAxUX8kZJ5SD1GIY9b3TLnaCUBNTAzMTEjODAwNzM2MzgwNzJAd2xhbi5tbmM0MDAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmEwZmQvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjA2T0oBAgBIFwEAAAEFAACzfR5W9eh2OghNxDwVbojaAgEAABPTIXEVtgAALhLyMDDdAueLAQACCwUAJQD\/wh144KSIGN1E2YBCoTFQEji6recwpo2EGDX0tsWSQ1s="}
00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528996521324807,"flow_src_last_pkt_time":1528996521324807,"flow_dst_last_pkt_time":1528996521324807,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":683,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":683,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":683,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528996521324807,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1796,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -21,19 +21,19 @@
00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528996603395872,"flow_src_last_pkt_time":1528996603395872,"flow_dst_last_pkt_time":1528996603395872,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":703,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":703,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":703,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528996603395872,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1813,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1528996603395872,"flow_dst_last_pkt_time":1528996603395872,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"thread_ts_usec":1528996603395872,"pkt":"AAAMB6xAABRP+4rqCABFAALbIMpAAP8RAAAKDEAexuIZNXIQBxUCxwAABA4Cv7R7V6BSrXIqRSnri9UTMJ0aCnIAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGQVTUEMaCQAAOCENAzABNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0MDAubWNjMzExLjNncHBuZXR3b3JrLm9yZ34IMWNpc2NvBQYAAAAIBAasFAEQCAasFAEWYRQAQP6AAAAAAAAAAAAAAAAAAAAgDlZaV0MyVGVzdExhYhoMAAA3YwEGAAAAAiwgNWIyMmEwZmQvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjA2PQYAAAATGjEAAAAJASthdWRpdC1zZXNzaW9uLWlk3TEwZmYxMGFjMDAwMDAwYjJmZWEwMjI1Yi0GAAAAAUAGAAAADUEGAAAABlEENTY3BlsiovsaFAAAV8gHDlZaV0MyVGVzdExhYhoKAABXyAgERVQaEAAAV8gKClN0YW5kYXJkGhAAAFfICwpUZXN0IExhYhoJAABXyA8DMRoKAABXyBAETkoaEQAAV8gRC0x5bmRodXJzdBoMAABXSBIGAAAAyRoXAABXyB0RVlpXIEMyIFRlc3QgTGFiGgsAAFfIJQVWelcaDQAAOCEOBzA3MDcxGgwAADghEQYAAAAAGhUAADghEg9JbnZhbGlkIFZhcnVlGh0AADghExc0MC44MDQ4ODJOLTc0LjEwMjgzOVcaDAAAOCEUBgAAAQIaDAAAOCEVBgAAAAIaFQAAOCEWD1N0YWRpdW1EaXJlY3QoBgAAAAIqBgFYQ8k0BgAAAAArBpKpaYo1BgAAAAAvBgAD8PkwBgAY5WwxBgAAAAYuBgAAAewpBgAAAAAfE2YwLTc5LTYwLWQxLTdkLTM3HiUwMC1hNy00Mi1kMC1lMC0wMDpWZXJpem9uV2lGaUFjY2RzcxoMAAAFgwcGwFBKmQ=="}
00880{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528996603395872,"flow_src_last_pkt_time":1528996603395872,"flow_dst_last_pkt_time":1528996603395872,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":703,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":703,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":703,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528996603395872,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1813,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","proto_id":"146","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00202{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":10,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_usec":1528996603490040}
00302{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1528996603490040,"packet_id":10,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_usec":1528996603490040}
00485{"packet_event_id":1,"packet_event_name":"packet","packet_id":10,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":147,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":147,"pkt_l4_len":0,"thread_ts_usec":1528996603395872,"pkt":"ABRP+4qfcNuYqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
01620{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1528996609526996,"flow_dst_last_pkt_time":1528996603395872,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":876,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":876,"pkt_l4_len":842,"thread_ts_usec":1528996609526996,"pkt":"AAAMB6xAABRP+4rqCABFAANeIMtAAP8RAAAKDEAexuIZNXIQBxUDSgAABA8DQohFBlHb2YvdG6PaZMpxlt8aCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQMwATUwMzExFDgwMjUwODY0NjI4QHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmd+CDFjYXNjbwUGAAAACAQGrBQBEAgGrBQBFWEUAED+gAAAAAAAAAAAAAAAAAAAGYhTQlIyQ0zl2aywoICAgICAEYBzAYAUgZ6M7PeDwdzlup3t95Os3O+5mefgAoA7gZiM5pOJ0PCwmaemg8HY6LaZjoiHu7HC7pebreaZ0PCwl5ustpnM4rGXjOz3g8Hc5bqd7feTrNzvuZngEoAOgeXZrLCi7MWgzYCAgICgFZAGgIzA6rWCjCAOVlpXQzJUZXN0TGFiGgwAADdjAQYAAAACLCI1YjIyYTBmZS8wMDo1NjpjZDo2ZDo0Mjo1OS8yMDc9BgAAABMaMQAAAAkBK2F1ZGl0LXNlc3Npb24taWQ9MTBmZjEwYWMwMDAwMDBiM2ZlYTAyMjViLQYAAAABQAYAAAANQQYAAAAGUQQ1Njeqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
00648{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1528996609526996,"flow_dst_last_pkt_time":1528996609592806,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":147,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":147,"pkt_l4_len":113,"thread_ts_usec":1528996609592806,"pkt":"ABRP+4rqcNuYVcUnCABFAACFyc1AAPwRiljG4hk1CgxAHgcVchAAcZmUBQ8AaTuYG1n4ee1Aq0+zAcDNdlwBNTAzMTE0ODAyNTA4NjQ2MjhAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3Jrqm9yZywgNWIyMmEwZmUvMDA6NTY6Y2Q6NmQ6NDI6NTkvMjA3"}
00926{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":13,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":3,"flow_first_seen":1528996068129675,"flow_src_last_pkt_time":1528996068129675,"flow_dst_last_pkt_time":1528996521508032,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":655,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":655,"flow_dst_max_l4_payload_len":276,"flow_src_tot_l4_payload_len":655,"flow_dst_tot_l4_payload_len":688,"midstream":0,"thread_ts_usec":1528996609592806,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","proto_id":"146","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00775{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":13,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528996521324807,"flow_src_last_pkt_time":1528996521324807,"flow_dst_last_pkt_time":1528996521324807,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":683,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":683,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":683,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528996609592806,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1796,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00202{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":13,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":34816,"global_ts_usec":1528996636106908}
00302{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1528996636106908,"packet_id":13,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":34816,"global_ts_usec":1528996636106908}
01286{"packet_event_id":1,"packet_event_name":"packet","packet_id":13,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":34816,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"thread_ts_usec":1528996609592806,"pkt":"AAAMB6xAABRP+4rqiABFAALbIMxAAP8RAAAKDEAexuIZNXIQBxQCxwAAARACv7qQ3oRQOi6G4UsAlSEouDAaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQMzNwdbIqIcATUwMzExNDgwMDczNjM4MDcyQXdsYW4ubW5jNDgwLm1jYzMxMS4zZ3FwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtM7ceJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDA4YjYxY2EzMjI1YiwgNWIyMmEzMWM\/ZjA6Nzk6NjA6ZDE6N2Q6MzcvMjExBAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TzoCAQA4ATAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZxoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhcmQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwMxGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJGhcAAMzIHRFWWlcgQzIgVGVzdCBMYWIaCwAAV8glBVZ6VxoNAAA4IQ4HMDcwNzEaDAAAOCERBgAAAAAaFSUAOCESD0ludmFsaWQgVmFsdWUaHQAAOCETFzQwLjgwNHY4Mk4tNzQuMTAyODM5VxoMAAA4IRQGAAABAhoMAAA4IRUGAAAAAhoVAAA4IRYPU3RhZGl1bURpcmVjYRoMAAAFgwcGwFBKmVASAmScZx+R57CcOV54IGggHQ=="}
00220{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":15,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":691,"global_ts_usec":1528996636664502}
00320{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1528996636664502,"packet_id":15,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":691,"global_ts_usec":1528996636664502}
01257{"packet_event_id":1,"packet_event_name":"packet","packet_id":15,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":725,"pkt_l4_len":0,"thread_ts_usec":1528996636345360,"pkt":"ACAMB6wAABRP+4rqCABFAALHIM1AEP8RAAAKDEA+xuIZNXIQBxQCswAAARECq74dUyV3bJoqzJ\/QFk2VsKcaCiUAV8gOBFVTGgwAAFfIDQZsaWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQMzNwZbIqMcATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubX5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpRC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwYjYxY2EzMjI1YiwgNWIyMmEzMWNRZjA6Nzk6NjA6ZDE6N2Q6MzcvMjExBAasFAEQIA5WWldDMlRlc3RMaWIaDAAAN2MBBgAAAAIGBgAAAAIMBgBLBRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TyYCAgAkFwEAAAsFAAB6T051twDphk5XQeM2DLlzAwIAIGU7n6gaFAAAV8gHDlZaV0MyVGVzdExhYhoKAABXyAgERVQaEAAAV8gKClN2YW5kYetkGhAAAFfICwpUZXN0IExhYhoJAABXyA8DMRoKAABXyBAETkoaEQAAV8gRC0x5bmRodXJzdBoMAABXyBIGAAAAyRoXAABXyB0RVlpXIEMyIFRlc3QgTGFiGgsAAFfIJQVWelcaDQAAOCEOBzA3MDcxGgwAADghEQYAAAAAGhUAADghEg9JbnZhbGlkIFZhbHVlGh0AADghExc0oC44MDQ4ODJOLTc0LjEwMjgzOVcaDAAAOCEUBgAAAQIaDAAAOCEVBgAAAAIaFQAAOCEWD1N0YWRpdW1EaXJlY3QaDAAABYMHBsBQSplQEuAAmGnGPS3bgZlyWIVRxyA="}
00220{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":16,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":284,"global_ts_usec":1528996636868007}
00320{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":3,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1528996636868007,"packet_id":16,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":284,"global_ts_usec":1528996636868007}
00714{"packet_event_id":1,"packet_event_name":"packet","packet_id":16,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":318,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"thread_ts_usec":1528996636345360,"pkt":"gBRP+4rqcNuYVcUnCABFAAEw9zBNAPwRXErG4hk1CgxAHgcUchABHM4XAhEBFIZVJWGtUrjkjYJ31AMheaoaCwAAV8gbBVNQQxpuAAABNxA0kHJPpbx8ay85DeRD\/YfvMwI+ldBikhmaYO0o9\/xxLxLcmQJWjN7B7B+dfQVGF8gDCMcRNLOAK5rezWH47eySAtmcrdIo8yMjeGx8MCZsAtT7L4lJowMPwZmfH007sNXtvljXq+BWATUwMzExNGUwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d2+qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
00199{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":1,"packet_id":17,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","protocol":2048,"global_ts_usec":1528996641474539}
00299{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":1,"threshold_n":4,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1528996641474539,"packet_id":17,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","protocol":2048,"global_ts_usec":1528996641474539}
01184{"packet_event_id":1,"packet_event_name":"packet","packet_id":17,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":671,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":671,"pkt_l4_len":0,"thread_ts_usec":1528996636345360,"pkt":"AAAMB6xAABRP+4rqCABaAAKRIM5AAP8RAAAKDEAexuIZNXIQBxUCfQAABBICdf5uAQnl4Bm8CC3G2Muz0doaCgAAV8gOBFVVGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGQVTUEMaCQAAOCENAzQBNTAzMTElADAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNnHnBuZXR3b3JrLm9yZ34IMWNpc2NvBQYAAAAIBAasFAEQCAasFAEWIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIsIDViMjJhMzFjL2YwOjc5OjYwOmQxOjdkOjM3LzIxMT0GdgAAExoxAAAACQErYXVkaXQtc2Vzc2kvbi1pZD0xMGZmMTBhYzAwMDAwMGI2MWNhMzIyNWItBgAAAAFABgAAAH5BBgAAAAZRBDU2NwJbIqMhGhQAAFfIBw5WWldDMlRlc3RMYWIa1CoAV8gIBEVUGhAAAFfICwpTdGFuZGFyZBoQAABXyAsKVGVzdCBMYWIaCQAAV8gPAzEaCgAAV8gQBE5KGhEAAFfIEQtMeW5kaHVyc3QaDAAAV8gSBgAAAMkaFwAAV8gdEVZaVyBDMiBUZXN0IExhYhoLAABXyCUFVnpXGg0AADghDgcwNzA3MRoMAAA4IREGAAAAABoVAAA4IRIPSW52YWxpdCBWYWx9ZRodAAA4IRMXNDAuODA0RDgyTi03NC4xMDI4MzlXGgwAADghFAYAAAECGgwAADghFQYAAAACGhUAADghFg9TdGFkaXVtRGlyZWN0KAYAAAABHxNmMC03OS02MC1kMS03ZC0zNx4lMIAtYTctNDItZDAtZTAtMDA6VmVyaXpvbldpRmlBY2Nlc3MaDAAABYMHBsBQSpk="}
00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528996641548676,"flow_src_last_pkt_time":1528996641548676,"flow_dst_last_pkt_time":1528996641548676,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":89,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":89,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":89,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528996641548676,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":30764,"dst_port":12344,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00648{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1528996641548676,"flow_dst_last_pkt_time":1528996641548676,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":147,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":50,"pkt_len":147,"pkt_l4_len":97,"thread_ts_usec":1528996641548676,"pkt":"ABRP+4rqcNuYVcUnCABJAACFyrZAAPsRim\/G4hk1CgxAHgcVchAAcXfuBRIAaavjNmx4LDA40fVoWG4z4qoBNTAzMTE0ODAwNjM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBsZXR3b3JrLm9yZywgNWIyMmEzMWMvZjA6Nzk6NjA6ZDE6N2RZMzcvMjEx"}
@@ -46,7 +46,7 @@
00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528996689402348,"flow_src_last_pkt_time":1528996689402348,"flow_dst_last_pkt_time":1528996689402348,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528996689402348,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29270,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1528996689402348,"flow_dst_last_pkt_time":1528996689402348,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_usec":1528996689402348,"pkt":"ABRP+4rqcNuYVcUnCABFAAClbuVAAPwRXCDG4hk1CgxAHgcUclYAkWdmCxcAiQrIitkB1LgR0s5zEPVzzzIBNTAzMTE0dzAyNzg1MDEwMDlAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmEzNDgvNjQ6YjA6YTY6MGU6YTQ6ZWMvMjEyTw4BAAAMFwwAAHYBf\/xQEjLibctMfYgZSgHqxKHsV1U="}
00881{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528996689402348,"flow_src_last_pkt_time":1528996689402348,"flow_dst_last_pkt_time":1528996689402348,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528996689402348,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29270,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","proto_id":"146","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00220{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":30,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":172,"global_ts_usec":1528996689587626}
00320{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1528996689587626,"packet_id":30,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":172,"global_ts_usec":1528996689587626}
00564{"packet_event_id":1,"packet_event_name":"packet","packet_id":30,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":206,"pkt_l4_len":0,"thread_ts_usec":1528996689524138,"pkt":"ABRP+4rqcNuYVcUnCABFAADA9+klAPwRXAHG4hk1CgxAHgcUchAArPtqAxgApNkk5fehx32PqouJEXUDfwgBNTAzMTE0ODAyNzg1MDEwMDlAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmEzNDkvNjQ6YjA6YU06uGU6YTQ6ZWMvMjEyeCIzMjc2NCBTdWJzY3JpYmVyIG5vdCBwcm92aXNpb25lZE8lAAEABwBQEslNLvLV5rc9WbdNXraRxZQ="}
00928{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":31,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":7,"flow_first_seen":1528996068129675,"flow_src_last_pkt_time":1528996689524138,"flow_dst_last_pkt_time":1528996684855270,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":655,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":703,"flow_dst_max_l4_payload_len":276,"flow_src_tot_l4_payload_len":4026,"flow_dst_tot_l4_payload_len":1323,"midstream":0,"thread_ts_usec":1528996689524138,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","proto_id":"146","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00927{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":31,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1528996603395872,"flow_src_last_pkt_time":1528996609526996,"flow_dst_last_pkt_time":1528996609592806,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":703,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":834,"flow_dst_max_l4_payload_len":105,"flow_src_tot_l4_payload_len":1537,"flow_dst_tot_l4_payload_len":105,"midstream":0,"thread_ts_usec":1528996689524138,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1813,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","proto_id":"146","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
@@ -54,9 +54,9 @@
00775{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":31,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528996521324807,"flow_src_last_pkt_time":1528996521324807,"flow_dst_last_pkt_time":1528996521324807,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":683,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":683,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":683,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528996689524138,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1796,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528996733156301,"flow_src_last_pkt_time":1528996733156301,"flow_dst_last_pkt_time":1528996733156301,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":109,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":109,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":109,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528996733156301,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":309,"dst_port":12339,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00696{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1528996733156301,"flow_dst_last_pkt_time":1528996733156301,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":179,"pkt_l4_len":117,"thread_ts_usec":1528996733156301,"pkt":"ABRP+4rqcNuYVcUnCABMBACl+GRAAPwRW6HG4hk1CgxAHgcUchAAkfvBCxkAidYnQnH6\/q3z6sD9\/UzPvYgBNTAzMTE0ODAwNzEzOTQzMDRAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmEzN2MvYjA6OWY6YmE6NGE6MGU6N2UvMjEzTw4BAAAxFwwAAAwBf\/xQEj4NW9JYKjnp+Qug4VR6j6U="}
00201{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":35,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":2050,"global_ts_usec":1528996736535113}
00301{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1528996736535113,"packet_id":35,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":2050,"global_ts_usec":1528996736535113}
01284{"packet_event_id":1,"packet_event_name":"packet","packet_id":35,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":2050,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"thread_ts_usec":1528996733357374,"pkt":"AAAMB6xAABRP+4rqCAJFAALbINdAAP8RAAAKDEAexuIZNXIQBxQCxwAAARsCv2gdiE+D2K4zEaVWxj6b5vAaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQMzNwZbIqOAATUwMzExNDgwMDcxMzk0MzA0QHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TYjAtOWYtYmEtNGEtMGUtN2UeJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml4b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpVi1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwYjg3ZGEzMjI1Yiw0NWIyMmEzN2MvYjA6OWY6YmE6NGE6MGU6N2UvMjEzBAasFAEQIA5WWldDMlRlc3QBYWIaDAAAN2MBBgAAAAIGJQAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TzoCAQBCATAzMTE0ODAwNzEzOTQzMDRAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZxoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhcmQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwMxGm0AAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJGhcAAFfIHRFWWlcgQzIgVGXGdCBMYWIaCwAAV8glBVZ6Vxp3AAA4IQ4HMDcwNzEaDAAAOCERBgAAAAAaFQAAOCESD0ludmFsaWQgVmFsdWUaHQAAOCETFzQwLjgwNDg4Mk4tNzQuMTAyODM5eBoMAAA4IRQGAAABAhoMAAA4IRUGAAAAAhoVAAA4IRYPU3RhZGl1bURpcmVjdBoMAAAFgwcGwFBKmVASdNdxL4DyCHN8UpXdyQsAbg=="}
00220{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":38,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":172,"global_ts_usec":1528996736804095}
00320{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1528996736804095,"packet_id":38,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":172,"global_ts_usec":1528996736804095}
00565{"packet_event_id":1,"packet_event_name":"packet","packet_id":38,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":206,"pkt_l4_len":0,"thread_ts_usec":1528996736731564,"pkt":"ABRP+4rqcNuYVcUnCABFAADA+HNBAPwRW3fG4hk1CgxAHgcUchAArIw9AxwApBZ8i1l5y5I6R7UN7fbGLQ0BNTAzMTE0ODAwNzEzOTQzMDRAd2xhbi5tbmM0ODAubWNjMzExLhNncHBuZXR3b3JrLm9yZywgNWIyMmEzN2PpYjA6OWY6YmE6NGE6MGU6N2UvMjEzEiIzMjc2NCBTdWJzY3JpYmVyJWlvdCBwcm92aXNpb25lZE8HBAEABwBQEhu6bMXdvKMo\/pphwZK5oRM="}
00817{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":43,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528996521324807,"flow_src_last_pkt_time":1528996521324807,"flow_dst_last_pkt_time":1528996521324807,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":683,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":683,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":683,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528996740339650,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1796,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","encrypted":0,"breed":"Unrated"}}
00773{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":43,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528996521324807,"flow_src_last_pkt_time":1528996521324807,"flow_dst_last_pkt_time":1528996521324807,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":683,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":683,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":683,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528996740339650,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1796,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -79,7 +79,7 @@
00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528996990648296,"flow_src_last_pkt_time":1528996990648296,"flow_dst_last_pkt_time":1528996990648296,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":105,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":105,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":105,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528996990648296,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1813,"dst_port":29264,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00649{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1528996990648296,"flow_dst_last_pkt_time":1528996990648296,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":147,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":147,"pkt_l4_len":113,"thread_ts_usec":1528996990648296,"pkt":"ABRP+4rqcNuYVcUnCABFAACFzqFAAPwRhYTG4hk1CgxAHgcVclAAcSboBSEAaT3FxpV5xYvpMtB7xhdyjsUBNTAzMTE0ODAwNzM2MzgwNzJAd2xhOS5tbmNwODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgJWIyMmEzMWMvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjEx"}
00882{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528996990648296,"flow_src_last_pkt_time":1528996990648296,"flow_dst_last_pkt_time":1528996990648296,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":105,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":105,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":105,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528996990648296,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1813,"dst_port":29264,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","proto_id":"146","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00201{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":50,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":9472,"global_ts_usec":1528996997052254}
00301{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1528996997052254,"packet_id":50,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":9472,"global_ts_usec":1528996997052254}
00712{"packet_event_id":1,"packet_event_name":"packet","packet_id":50,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":318,"pkt_type":9472,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"thread_ts_usec":1528996996859353,"pkt":"ABRP+4rqcNuYVcUnJQBFAAE4+6JAAPwRV9jG4hk1Cgyqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
00919{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":51,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528996684582288,"flow_src_last_pkt_time":1528996684582288,"flow_dst_last_pkt_time":1528996684582288,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":703,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":703,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":703,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528996996859353,"l3_proto":"ip4","src_ip":"10.4.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","proto_id":"146","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00817{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":51,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528996733156301,"flow_src_last_pkt_time":1528996733156301,"flow_dst_last_pkt_time":1528996733156301,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":109,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":109,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":109,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528996996859353,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":309,"dst_port":12339,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","encrypted":0,"breed":"Unrated"}}
@@ -89,17 +89,17 @@
00780{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":51,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528996680808327,"flow_src_last_pkt_time":1528996680808327,"flow_dst_last_pkt_time":1528996680808327,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":164,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":164,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":164,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528996996859353,"l3_proto":"ip4","src_ip":"198.226.170.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00930{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":51,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":12,"flow_first_seen":1528996068129675,"flow_src_last_pkt_time":1528996996859353,"flow_dst_last_pkt_time":1528996996503946,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":655,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":703,"flow_dst_max_l4_payload_len":276,"flow_src_tot_l4_payload_len":8783,"flow_dst_tot_l4_payload_len":2122,"midstream":0,"thread_ts_usec":1528996996859353,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","proto_id":"146","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00927{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":51,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1528996603395872,"flow_src_last_pkt_time":1528996832079336,"flow_dst_last_pkt_time":1528996609592806,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":209,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":834,"flow_dst_max_l4_payload_len":105,"flow_src_tot_l4_payload_len":2009,"flow_dst_tot_l4_payload_len":105,"midstream":0,"thread_ts_usec":1528996996859353,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1813,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","proto_id":"146","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00201{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":52,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":2050,"global_ts_usec":1528997003303171}
00301{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1528997003303171,"packet_id":52,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":2050,"global_ts_usec":1528997003303171}
00611{"packet_event_id":1,"packet_event_name":"packet","packet_id":52,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":239,"pkt_type":2050,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":239,"pkt_l4_len":0,"thread_ts_usec":1528997003122343,"pkt":"ABRP+4rqcNuYVcUnCAJFAADh+7RAAPwRWBXG4hk1CgxAHgcUchAAzbxOCyQAxZ9vEHep5UhYAk0ZSBfGW2ABNTAzMTE0ODAwcjM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE0ODQvZjA6Nzk6NjA6ZDE6N2Q6MjcvMjE1WEoBAgBIFwEAAAEFAAD\/dHhHt8FXBaLd\/Dz8eGsAAgUAALtgmvoL3QAA9ON0yrW1Z\/uLAQACCwUAACkdfnJp8UtH8QraekvpDSFQErTrf98odpcx7aFbGWQ5MZk="}
00220{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":58,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":284,"global_ts_usec":1528997012338586}
00320{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":3,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1528997012338586,"packet_id":58,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":284,"global_ts_usec":1528997012338586}
00714{"packet_event_id":1,"packet_event_name":"packet","packet_id":58,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":318,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"thread_ts_usec":1528997012137776,"pkt":"ABRP+4rqcNuYVcUnCABFAIEw++ZAAPwRV5TG4hk1CgxAHgcUchABHA0JAicBFBsdKAWbpXDSR2MuOEvDRI4aCwAAV8gbBVNQQxpuAAABNxA0owm4HCG6PU2XNAkv\/vzDOB0KCSSyhii6vunR59O76CIKGOYjAfl7PUhdXq\/+IyUA1AERNOgzhBq9cBFTORk8iq5zOGawlRK5SmrzC9CE14BmLSTx9+rzUr5gcK7nljeTYDH3Q7JtAU4wMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNCUALm12YzMxMS4zZ3BwbmV0d29yay5vcmcsIDViMjJhNDg0L2YwOjc5OjYwOmQxOjdkOjM3LzIxNVkMOTA4NDIxMzI5MhIJU3VjY2VzcxkFU1BDTwYDAgAEUBJln13lrCrLxGDT3fIxBMmg"}
00925{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1528996603395872,"flow_src_last_pkt_time":1528996832079336,"flow_dst_last_pkt_time":1528996609592806,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":209,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":834,"flow_dst_max_l4_payload_len":105,"flow_src_tot_l4_payload_len":2009,"flow_dst_tot_l4_payload_len":105,"midstream":0,"thread_ts_usec":1528997012137776,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1813,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","proto_id":"146","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
02250{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":59,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1528996068129675,"flow_src_last_pkt_time":1528997019398709,"flow_dst_last_pkt_time":1528997011828903,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":655,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":703,"flow_dst_max_l4_payload_len":276,"flow_src_tot_l4_payload_len":12258,"flow_dst_tot_l4_payload_len":2595,"midstream":0,"thread_ts_usec":1528997019398709,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":155168,"avg":61128012.0,"max":612411195,"stddev":140850256.0,"var":19838793242640384.0,"ent":2.7,"data": [155168,452627740,595449,114837328,612411195,44261470,205164,4046522,4037802,201918,4553249,187053,43562433,202627,48502104,3244519,3442366,3335821,3536360,209147,201397,255983176,256164296,599645,6262990,492548,7309633,8000538,8015324,522347,7260933]},"pktlen": {"min":165,"avg":492.2,"max":731,"stddev":248.2,"var":61618.1,"ent":4.8,"data": [683,243,225,304,225,731,165,683,165,683,192,731,683,731,683,192,165,683,731,165,683,192,731,225,711,731,711,304,731,225,711,731]},"bins": {"c_to_s": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,0,0,4,3,5,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,1,1,1,0,1,0,1,0,1,0,0,0,0,1,1,0,0,1,0,1,0,1,0,0,0,1,0,1,0,0],"entropies": [6.047428131,2.762376308,6.336006641,6.922207832,6.356189251,5.597228050,5.971614838,6.076896191,5.962701321,0.885235786,6.148619175,6.046576977,6.067515373,2.928206921,4.093657970,6.062733173,5.981721401,6.049886227,6.077444077,5.974218369,5.025151253,6.080809116,6.063514709,6.407587528,5.992080212,6.077442646,5.517450333,6.840845585,6.115455151,6.520883560,5.811926842,4.154052258]},"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","proto_id":"146","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00199{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":1,"packet_id":63,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","protocol":2048,"global_ts_usec":1528997023243075}
00299{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1528997023243075,"packet_id":63,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","protocol":2048,"global_ts_usec":1528997023243075}
01284{"packet_event_id":1,"packet_event_name":"packet","packet_id":63,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"thread_ts_usec":1528997020091114,"pkt":"AAAMB6xAABRP+4rqCAAHAALbIOZAAP8RAAAKDEAexuIZNXIQBxQC1gAAASoCn1lLG5tNeGgoWBAiZw18BtkaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICVZXSVNQUjEwGgkAADghDQMyNwZbIqSfATUwMzExNDgwMjgxNTAxNTg5QHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR+qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":66,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528997023501287,"flow_src_last_pkt_time":1528997023501287,"flow_dst_last_pkt_time":1528997023501287,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":164,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":164,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":164,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997023501287,"l3_proto":"ip4","src_ip":"198.162.25.53","dst_ip":"10.12.64.30","src_port":1810,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00730{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1528997023501287,"flow_dst_last_pkt_time":1528997023501287,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_usec":1528997023501287,"pkt":"ABRP+4rqcNuYVcUnCABFAADA\/A1AAPwRV93Gohk1CgxAHgcSchAArGNDAysApImnbffn85ODhNvEVYWJb4QBNTAzMTE0ODAyODE1MDE1ODlAd2xhbi5HbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE0OWYvZTA6NWY6NLU6ODA6MDk6NWYvMjE2EiIzMuQ2NCBTdWJzY3JpYmVyIG5vdCBw8m92aXNpb25lZE8HBAEABwBQEhVAqRdhR287TKPkS7q+CkU="}
00202{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":71,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":19456,"global_ts_usec":1528997037997389}
00302{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1528997037997389,"packet_id":71,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":19456,"global_ts_usec":1528997037997389}
01286{"packet_event_id":1,"packet_event_name":"packet","packet_id":71,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":19456,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"thread_ts_usec":1528997030088335,"pkt":"AAAMB6xAABRP+4rqTABFAALbIOpAAP8RAAC2DEAexuIZNXIQBxQCxwAAAS4Cv3+VaWYldnjLTxY8VfGmtUsaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQMzNwZbIqStATUwMzExNDh\/MjgxNTAxNTg5QHdsYW4ubW5jNDgwLm0jYzMxMS4zZ3Bwbm10d29yay5vcmdZAxB+CDVjaXNjb4MGAAAAAR8TZTAtNWYtNDUtOTAtMDktNWYeJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwYmE5ZmE0MjI1YiwgNWIyMmE0OWYvZTA6NWY6NDU6OTA6MDk6NWYvMjE2BAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TzoCAQA4ATAzMTE0ODBtODE1MDE1ODlAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZxoUAABXyAcOVlpXQzJUZXPTTGFiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhcmQaEAAAV8gLClRlc3QgTGFiGgkAAKLIDwMxGgoAAFfIEAROShoRAABXyBELTHluamh1cnN0GgwAAFfIEgYAAADJGhcAAFfIHRFWWlcgQzIgVGVzdCBMYWIaCwAAV8glBVZ6VxoNAAA4IQ4HMDcwNzEaDAAAOCERBgAAAAAaFQAAOCESD0ludmFsaWQgVmFsdWWqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00923{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":75,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528996990648296,"flow_src_last_pkt_time":1528996990648296,"flow_dst_last_pkt_time":1528996990648296,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":105,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":105,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":105,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997038253596,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1813,"dst_port":29264,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","proto_id":"146","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00783{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":75,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528996990566774,"flow_src_last_pkt_time":1528996990566774,"flow_dst_last_pkt_time":1528996990566774,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":703,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":703,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":703,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997038253596,"l3_proto":"ip4","src_ip":"170.170.170.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -114,18 +114,18 @@
00882{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528997050187902,"flow_src_last_pkt_time":1528997050187902,"flow_dst_last_pkt_time":1528997050187902,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":703,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":703,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":703,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997050187902,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.62","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","proto_id":"146","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00696{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_src_last_pkt_time":1528997050187902,"flow_dst_last_pkt_time":1528997050255179,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_usec":1528997050255179,"pkt":"ABRP+0\/qcNuYVcUnCABFAACl\/HNAAPwRV4nG4hk+CgxAHgcUchAIkVSXCzIAiQCjJQAe3VyUfsXAQgu9DVIBNTAzMTE0ODAyODE1MDE1ODlAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE0OWYvZTA6NWY6NDU6OTA6MDk6NWYvMjE2Tw4BAAAMFwwAAAwBf\/xQEnsk2TyvRrElAGPaQu1TGoc="}
01386{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_src_last_pkt_time":1528997050383244,"flow_dst_last_pkt_time":1528997050255179,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":697,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":697,"pkt_l4_len":663,"thread_ts_usec":1528997050383244,"pkt":"AAAMD6xAABRP+4rqCABFAAKrtOpAAP8RAAAKDEAexuIZPnIQBxQClwAAATMCj3XAts8pgtMIwokQgS0z6XQaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AJQBbCQlXSVNQUjEwGgkAADghDQM1NwZbIqS6ATUwMzExNDgwMjgxNTAxNTg5QHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjR4MGAAAAAR8TZTAtNWYtNDUtOTAtMDktNWYeJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJAStPdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwYmE5ZmE0MjI1YiwgNWIyMmE0OWYvZTA6NWY6NDU6OTA6MDk6NWYvMjFiBAasFAEQSg5WWldDMlBlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAElBBgAAAAZRBDU2TwoCAAAIFwwAABoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhcmQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwMxGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJGhcAAFfIGRFWWlcgQzIgVGVzdCBMYWIaCyAAV8glBVZ6VxoNAAA4IQ4HMDcwNzEaDKYAOCERBgAAAAAaFQAAOCESD0ludmFsaWQgVmFsdWUaHQAAOCETFzQwLjgwNDg4Mk4tNzQuMzAyODM5VxoMAAA4IRQGAAABAhpYAAA4IRUGAAAAAhoVAAA4IRYPU3RhZGl1bURpcmVjdBoMAAAFgwcGwFBKmVASp1PPp6fzyd7h983G\/yoSHA=="}
00220{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":82,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":172,"global_ts_usec":1528997050448221}
00320{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1528997050448221,"packet_id":82,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":172,"global_ts_usec":1528997050448221}
00566{"packet_event_id":1,"packet_event_name":"packet","packet_id":82,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":206,"pkt_l4_len":0,"thread_ts_usec":1528997050383244,"pkt":"ABRP+4rqcNuYVcUnCABFAADA\/Hc3APwRV2rG4hk+CgxAHgcUchAArOXvAzMApAK5\/vK2WJ8qPE8W1U8CkZoBNTAzMTE0ODAyODE1MDE1ODlAd2xhbg5tbmM0ODAu2WNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE0OWYvZSUANWY6NDU6OTA6MDk6tWYXMjE2EiIzMjc2NGFTdWJzY3JpYmVyIG5vdCBwcm92aXdpb25lZE8HwQEABwBQEvaqqqqqqqqqqqqqqqqqqqo="}
00931{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":83,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":22,"flow_first_seen":1528996068129675,"flow_src_last_pkt_time":1528997046595194,"flow_dst_last_pkt_time":1528997046860855,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":655,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":703,"flow_dst_max_l4_payload_len":276,"flow_src_tot_l4_payload_len":16312,"flow_dst_tot_l4_payload_len":3971,"midstream":0,"thread_ts_usec":1528997050383244,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","proto_id":"146","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00220{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":83,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":711,"global_ts_usec":1528997104586770}
00320{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1528997104586770,"packet_id":83,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":711,"global_ts_usec":1528997104586770}
01284{"packet_event_id":1,"packet_event_name":"packet","packet_id":83,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"thread_ts_usec":1528997050383244,"pkt":"AAAMB6xAABRP+4rqCABFAALbIO5WAP8RAAAKDEAexuYZNXIQBxQCJQAAATQCv+aa7vRvKm2pJNxjASYcFmMaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQMwNwZbIqTwATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQwLWUwLTAwXVZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdGZzZTNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwYmJmMGE0MjI1YiwgNTQyMmE0ZjAvZjA6Nzk6NjA6ZDFCN2Q6MzcvMjE4BAasFAEQIA5WWtdDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAHdBBgAAAAZRBDU2TzoCAQA4ATAzMRI0ODAwNzM2MzgQNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZxoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyAoKU3ThbmRhcmQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwMxGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgxrALTIEgYAAADJGhcAAFfIHRFWWlcgQzIgVGVzdCBMYWIaCwAAV8glBVZ6VyXmAAA4IQ4HMDcwNzEaDAAAOCERBgAAAAAaFQAAOCESD0ludmFsaWQgVmFsdWUaHQAAOCETFzQwLjgwNDg4Mk4tNzQuMTAyODM5VxoMAAA4IRQGAAABAhoMAAA4IRUGAAAAAhoVAAA4IRYPUnRhZGl1bURpcmVjdBoMAAAFgwcGwFBKmVASLJHJyWe9KDtsOLUZd3kW6Q=="}
00220{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":84,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":205,"global_ts_usec":1528997104799280}
00320{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1528997104799280,"packet_id":84,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":205,"global_ts_usec":1528997104799280}
00611{"packet_event_id":1,"packet_event_name":"packet","packet_id":84,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":239,"pkt_l4_len":0,"thread_ts_usec":1528997050383244,"pkt":"ABRP+4rqcNuYVcUnCABFAADh\/QZEAPwRVsPG4hk1CgxAHgcUchAAzQgPCzQAxXtSKpzAf8BNRiUAokr5DysBNTAzMTE0ODAwN542MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncEhuZXR3b3JrLm9yZyyJNWIyMmE0ZjAvZjA6Nzk6NjA6ZDE6N2Q6MzclADE4T0oBAgBIFwEAAAEFAACKcjsVwlSKKOJtGmnEM40WAgUAJQAILZ6MsQAAKZLBCeu2GRuLAQACCwUAAJ\/BcysACZ\/4FKr5Z9ZbwGpQEmbTcy3rfjC83itm2j6DCO4="}
00737{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":86,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528997105304205,"flow_src_last_pkt_time":1528997105304205,"flow_dst_last_pkt_time":1528997105304205,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":284,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":284,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":284,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997105304205,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","l4_proto":88,"flow_datalink":1,"flow_max_packets":3}
00882{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1528997105304205,"flow_dst_last_pkt_time":1528997105304205,"flow_idle_time":620000000,"pkt_oversize":false,"pkt_caplen":318,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":318,"pkt_l4_len":284,"thread_ts_usec":1528997105304205,"pkt":"ABRP+4rqcNuYVcUnCABFAAEw\/QtAAPxYVm\/G4hk1CgxAHgcUchABHIJZAjUBFIVrGSOS1oLndVnFKVWnbGoaCwAAV8gbBVNQQxpuAAABNxA068q45YUN\/fhrVdP8LBtW4SmALFtdsWb5hs7\/8\/9n5+eq0Df0PkMMbrFhe6mwiqYImFERNLWmv3lBPH8LOa+rokyY3FJkdnDDQhSYNRCrOtMioCo5aXrsAAJ6j7Kc6YNqYGU8UqSvASgwMzExNDgwMDczUjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmcsIDViMjJhNGYwL2YwOjc5OjYwOmQxOjdkOlk3LzIxOFkMOTA4NDIxMzI5MhIJU3VjY2VzcxkFU1BDTwYDAgAEUBJMzhShZ173Q9M6eXZ8hQzE"}
00738{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":89,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528997109583874,"flow_src_last_pkt_time":1528997109583874,"flow_dst_last_pkt_time":1528997109583874,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":691,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":691,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":691,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997109583874,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","l4_proto":254,"flow_datalink":1,"flow_max_packets":3}
01424{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1528997109583874,"flow_dst_last_pkt_time":1528997109583874,"flow_idle_time":620000000,"pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":725,"pkt_l4_len":691,"thread_ts_usec":1528997109583874,"pkt":"AAAMB6xAABRP+4rqCABFAALHIPFAAP\/+AAAKDEAexuIZNXIQBxQCswAAATcCq5VZOX5pbnkbLCYZ0nqbgzoaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQMwNwZbIqT1ATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZnBwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwY2JmMGE0MjI1YiwgNWIyMmE0ZjAvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjE4BAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TyYCAgAkFwEAAAsFcwD\/DNAuaveCVbGDkVIwd1IcAwIAIASFDyEaFAAAV8gHDlZaV0MyVGVzdExhYhoKAABXyAgERVQaEAAAV8gKClN0YW5kYXJkGhAAAFfICwpUZXN0IExhYhoJAABXyA8DMRoKAABXyBAETkoaEQAAV8gRC0x5bmRodXJzdBoMAABXiBIGAAAAyRoXAABXUR0RVlpXIEMyIFRlc3QgTGFiGgsAAFdrJQVWelcaDQAAOCEOBzA3MDcxGgwAADghEQYAAAAAGhUAADghEg9JbnZhbGlkIFZhbHVlGh0AADghExc0MC44MDQ4ODJOLTc0LjEwMjgzOVcaDAByOCEUBgAAAQIaDAAAOCEVBgAAAAIaFQAAOCEWD1N0YWRpdW1EaXJlJQAaDAAABYMHBsBQSplQElS\/ahHMEatmlfMLiyrCF7k="}
00220{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":92,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":205,"global_ts_usec":1528997113631938}
00320{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":3,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1528997113631938,"packet_id":92,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":205,"global_ts_usec":1528997113631938}
00611{"packet_event_id":1,"packet_event_name":"packet","packet_id":92,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":239,"pkt_l4_len":0,"thread_ts_usec":1528997113424937,"pkt":"ABRP+4rqcNuYVcUnCABFAAvh\/SZAAPwRVqNv4hk1CgxAHgcUchAAzU+kCzgAxaY+TEQIBvIbEM8gxwm8HiEBNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNSUAMmE0ZjBKZjA6Nzk6NjA6ZDE6N2Q6MzcvMjE4T0oBAgBIFwEAAAEFAADPr1+7vG3\/htCZ9485+1faAgUAAJ17h25JOQAAmA0tC\/t4G7mLAQACCwUAAM8TNgqzvAoBwPCLdirLFOVQEinOKpiYJ1ox0+WTuvuhy58="}
00776{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":95,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528997023501287,"flow_src_last_pkt_time":1528997023501287,"flow_dst_last_pkt_time":1528997023501287,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":164,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":164,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":164,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997114153492,"l3_proto":"ip4","src_ip":"198.162.25.53","dst_ip":"10.12.64.30","src_port":1810,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00931{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":95,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":25,"flow_first_seen":1528996068129675,"flow_src_last_pkt_time":1528997113934293,"flow_dst_last_pkt_time":1528997114153492,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":655,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":703,"flow_dst_max_l4_payload_len":276,"flow_src_tot_l4_payload_len":19084,"flow_dst_tot_l4_payload_len":4720,"midstream":0,"thread_ts_usec":1528997114153492,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","proto_id":"146","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
@@ -134,19 +134,19 @@
00923{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":95,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528997046661252,"flow_src_last_pkt_time":1528997046661252,"flow_dst_last_pkt_time":1528997046661252,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997114153492,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"74.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","proto_id":"146","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00923{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":95,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528996990648296,"flow_src_last_pkt_time":1528996990648296,"flow_dst_last_pkt_time":1528996990648296,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":105,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":105,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":105,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997114153492,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1813,"dst_port":29264,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","proto_id":"146","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00783{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":95,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528996990566774,"flow_src_last_pkt_time":1528996990566774,"flow_dst_last_pkt_time":1528996990566774,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":703,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":703,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":703,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997114153492,"l3_proto":"ip4","src_ip":"170.170.170.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00201{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":95,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":2100,"global_ts_usec":1528997133564942}
00301{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1528997133564942,"packet_id":95,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":2100,"global_ts_usec":1528997133564942}
01286{"packet_event_id":1,"packet_event_name":"packet","packet_id":95,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":2100,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"thread_ts_usec":1528997114153492,"pkt":"AAAMB6xAABRP+4rqCDRFAALbIPRAAP8RAAAKDEAexnIZNXIQBxQCxwAAAToCv+vfrufmnhCXLUg\/JVwSV1oaCkAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQMzNwZbIqUNATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQwLWUwLTA+OlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zEXNzaW9uLWlkPTEwZiUAMGFjMDAwMDAwYmJmMGE0MjI1YiwgNWIyMmE0ZjAvZjA6N7s6NjA6ZDE6N2Q6MzcvMjE4BAasNAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgEAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TzoCAQA4ATAzNTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjM14xLjNncHBuZXR3b3JrLm9yZxoUIABXyAcOVlpXQzJUZXMtTGFiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhcmQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwMxGgoAAFfIEAROShoBABBXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJGhcAAFfIHRFWWlcgQzIgVGVzdCBNYWIaCwAAV8glBVZ6VxoNAAA4IQ4HMDcwNzEaDAAAOCERBgAAAAAaFQEAOCESD0ludmFsaWQgVmFsdWUaHQAAOMQTFzQwLjgwNDg4Mk4tNzQuMTAyODM5VxoMAAA4IRQGAAABAhoMAAA4IRUGAAAAAhoVAAA4IRYPU3RhZGl1bURpcuVjdBoMAAAFgwcGwFBKmVASGDIZZLp6RfMCK\/1DfUENrQ=="}
00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":96,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528997134036207,"flow_src_last_pkt_time":1528997134036207,"flow_dst_last_pkt_time":1528997134036207,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":197,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":197,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":197,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997134036207,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.120.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00774{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1528997134036207,"flow_dst_last_pkt_time":1528997134036207,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_usec":1528997134036207,"pkt":"ABxP+4rqcNuYVcUnCABFAADh\/WZAAPsRV2PG4hk1Cgx4HgcUchAAzWYuCzpCxXGn0Uh9HQ+OyLOqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":99,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528997212627458,"flow_src_last_pkt_time":1528997212627458,"flow_dst_last_pkt_time":1528997212627458,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":703,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":703,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":703,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997212627458,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"206.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_src_last_pkt_time":1528997212627458,"flow_dst_last_pkt_time":1528997212627458,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"thread_ts_usec":1528997212627458,"pkt":"AAAMB6xAABRP+4p2CABFAALbIPZAAP8RAAAKDEAezuIZNXIQBxQCxwAAATwCvzm9iAIIk1e98ZWWJBeuNcEaCgAAV8gOBCUAGgwAAFfIDQZ3aWZpJQAAAFfICQlXSVNQUjEwGgkAADghDQMxNwZbIqVcATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQUNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwYmM0OWE1MjI1YiwgNWIyMmE1NDlOZjA6Nzk6NjA6ZDE6N2Q6MzcvMjE5BgasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAQwIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TzoCHAA4ATAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZxoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhcmQaEAAAV8gLClRlc3QgTGFiGglqAFfIDwMxGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJGhcAAFfIHRFWWlcgQzIgVGVzdCBMYWIaCwAAV8glBVZ6VxoNAAA4IQ4HMDcwNzEaDAAAOCERBgAAAAAaFQAAOCESD0ludmFsaWQgVmFsdWUaHQAAOCETFzQwLjgwNDg4Mk4tNzQuMTAyODM5VxoMAACqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00882{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":99,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528997212627458,"flow_src_last_pkt_time":1528997212627458,"flow_dst_last_pkt_time":1528997212627458,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":703,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":703,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":703,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997212627458,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"206.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","proto_id":"146","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00202{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":105,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":3072,"global_ts_usec":1528997217637103}
00302{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1528997217637103,"packet_id":105,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":3072,"global_ts_usec":1528997217637103}
01257{"packet_event_id":1,"packet_event_name":"packet","packet_id":105,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":725,"pkt_type":3072,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":725,"pkt_l4_len":0,"thread_ts_usec":1528997217103238,"pkt":"AAAMB6xAABRP+4rqDABFAALHIPlAAP8RAAAKDEAexuIZNXIQBxQCswAAAT8Cqw8xhdF672TCSWbkw5Hj930aCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQMxNwZbIqVhATUwMzFJNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3Bwbld0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LeoyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmZxMGFjMDAwMDAwYmM0OWE1MjI1YiwgNWIyMmE1NDkvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjE5BAasFAEQIA5WWldDMlRlc3RMYWIaWAAAN2MBBgAAAAIGBgAAAAIMBgAABUM9BgAAABNABgAAAA1BBgAAAAZRBDU2TyYCAnIkFwEAAAsFAADyEldFerwQeByQ1kXOElNqAwIAILdGopoaFAAAV8gHDlZaV0MyVGVzdExhYhoKAABXyGQERVQaEAAAV8gKClN0YW5kYXJkGhBmAFfICwpUZXN0IExhYhoJAABXyA8DMRoKAABXyBAETkoacAAAV8gRC0x5dGRodXJzdBoMAABXyBIGAAAAyRoXAABXyB0RVlpXIEMlAFRlc3QgTGFiGgsAAFfIJQVWelcaDQAAOCEOBzA3MDcxGgwAADghEQYAAAAAGhUAADghEg9JbnZhbGlkIFZhbHVlGh0AADghExc0MC44MDQ4ODJOLTc0LjEwMjgzOTQaDAAAOCEUBgAAAQIaDAAAOCEVBgAAAAIaFQAAOCEWD1N0YWRpdW1EaXJlY3QaDAAABYMHBsBQSplQEkID4rD4BVEKK4FucluzaU0="}
00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":108,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528997221594421,"flow_src_last_pkt_time":1528997221594421,"flow_dst_last_pkt_time":1528997221594421,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":197,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":197,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":197,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997221594421,"l3_proto":"ip4","src_ip":"198.157.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00776{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_src_last_pkt_time":1528997221594421,"flow_dst_last_pkt_time":1528997221594421,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_usec":1528997221594421,"pkt":"ABRP+4olANuYVcUnCABFAADh\/iUAAPwRVXHGnRk1CgxAHgcUchAAzbneC0AAxXHEG2jtNCK6Pim9jxODZEQBNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWYyMmE1NDkvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjE5T0oBAgBIFwEAAAEFAAC130tW1AOjyO4EWETLCns4AgUAADpBoI2KsgAA1NEalEdfz2mLAQACCwUAAKYxpY6FFiCOWOh\/rUxMKdLfEvgA+nuQ51DKsqmwU74i6PE="}
00883{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":108,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528997221594421,"flow_src_last_pkt_time":1528997221594421,"flow_dst_last_pkt_time":1528997221594421,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":197,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":197,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":197,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997221594421,"l3_proto":"ip4","src_ip":"198.157.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","proto_id":"146","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00221{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":109,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":691,"global_ts_usec":1528997221878096}
00321{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1528997221878096,"packet_id":109,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":691,"global_ts_usec":1528997221878096}
01257{"packet_event_id":1,"packet_event_name":"packet","packet_id":109,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":725,"pkt_l4_len":0,"thread_ts_usec":1528997221594421,"pkt":"AAAMB6xAABRP+4rqCABFAALHIPtuAP8RAAAKDEAexuIZNXIQB1QCswAAAUECqxyBDV4hA0zB94U9KheYsYAaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8Az1fICQlXSVNQUqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00819{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":111,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528997023501287,"flow_src_last_pkt_time":1528997023501287,"flow_dst_last_pkt_time":1528997023501287,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":164,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":164,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":164,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997222052019,"l3_proto":"ip4","src_ip":"198.162.25.53","dst_ip":"10.12.64.30","src_port":1810,"dst_port":29200,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","encrypted":0,"breed":"Unrated"}}
00775{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":111,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528997023501287,"flow_src_last_pkt_time":1528997023501287,"flow_dst_last_pkt_time":1528997023501287,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":164,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":164,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":164,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997222052019,"l3_proto":"ip4","src_ip":"198.162.25.53","dst_ip":"10.12.64.30","src_port":1810,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -166,7 +166,7 @@
00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":120,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528997261783701,"flow_src_last_pkt_time":1528997261783701,"flow_dst_last_pkt_time":1528997261783701,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":197,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":197,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":197,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997261783701,"l3_proto":"ip4","src_ip":"198.226.82.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00777{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_src_last_pkt_time":1528997261783701,"flow_dst_last_pkt_time":1528997261783701,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_usec":1528997261783701,"pkt":"dxRP+4rqcNuYVcUnCABFAADh\/sxAAPwRVP3G4lI1CgxAHgcUchAAzQ3qC0YAxVP5rh2w5Lj8PI2upF4y\/0IBNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXT3b3JrLm9yZywgNWIyMmE1ODkvZjA6N+g6NjA6ZDE6N2Q6MzcvMjIwT0oBAgBIFwEAAAEFAADvkK66gUfrDsISd3KA2Dq0AgUAAEGPAVxuDAAAtFagJxCAdoSLAQACCwUAAF3vTu1rfeBtyKrBBShZZHpQEiKq\/RQqlqya5NkwR6FJjV0="}
00883{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":120,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528997261783701,"flow_src_last_pkt_time":1528997261783701,"flow_dst_last_pkt_time":1528997261783701,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":197,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":197,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":197,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997261783701,"l3_proto":"ip4","src_ip":"198.226.82.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","proto_id":"146","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00221{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":121,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":691,"global_ts_usec":1528997262078629}
00321{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1528997262078629,"packet_id":121,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":691,"global_ts_usec":1528997262078629}
01261{"packet_event_id":1,"packet_event_name":"packet","packet_id":121,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":725,"pkt_l4_len":0,"thread_ts_usec":1528997261783701,"pkt":"AAAMB6xAABRP+4rqCABFAALHIP0lAP8RAAAKDEAexuIZNXIQBxQCswAAAUcCq0DUTgiBVRdCBPZhxwMy\/T4aCiUAV3EOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQM2NwZbIqWOATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yaS5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjODAwMDAwYmQ4OWE1MjI1YiwgNWIyMmE1ODkvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjIwBAasFAFKIA5WWldDMlQxc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TyYCAgAkVAEAAAsFAADE2f3MRJYt4jvAki9JKC\/7AwIAIHMK7AgaFAAAV8gHDlZaV0MyVGVzdExhYhoKAABXyAgERVQaEAB2V8gKClN0YW5kYXJkGhAAAFfICwpUZXN0IExhYhoJAABXyA8DMRoKAABXyBAETkoaEQAAZ8gRC0x5bmRodXJzdBoMABBXyBIGAAAAyRoXAABXyB0RVlpXIEMyIFRlc3QgTGFiGgsAAFfIJQVWelcaDQAAOCEOBzA3MDcxGgwAADghEQYAAAAAGhUAADghEg9JbnZhbGlkIFZhbHVkGh0AADghExc0MC44MG84ODJOLTc0LjEwMjgzOVcaDAAAOCEUBgAAAQIaDAAAOCEV\/QAAAAIaFQAAOCEWD1N0YWRpdW1EaXJlY3QaDAAABYMHBsBQSplQEsOMLEiMSdbl\/UWsrT5hVfA="}
00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":122,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528997262272854,"flow_src_last_pkt_time":1528997262272854,"flow_dst_last_pkt_time":1528997262272854,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":276,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":276,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":276,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997262272854,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1895,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00883{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_src_last_pkt_time":1528997262272854,"flow_dst_last_pkt_time":1528997262272854,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":318,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":318,"pkt_l4_len":284,"thread_ts_usec":1528997262272854,"pkt":"ABRP+4rqcNuYVcUlCABFAAEw\/tJAAPwRVKjG4hk1CgxAHgdnchABHO9uAkcBFNPCS391ou+9cV+4e8winsYaCwAAV8gbBVNQQxpuAAABNxA00HHPRTyBsiZ\/6IZyvYM7SEcCX4QDUPpLB\/Nfl+7+pUh0wsa+NLqA2uxWkFDu5HiEeuARNLVaDzSIzbsbfVqWHWeSG0JbhaHnOPPCnMTZqtKCAvxt6AWKG1d8LjPCNKE\/ymsqNvHxATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmcsIDViMjJhNTg5L2YwOjc5OjYwOmQxOjdkOjM3LzIyMFkMOTA4NDIxMzI5MhIJU3VjY2VzcxkFU1BDTwYDAgAEUBJTw+nZtWuGBh7\/qdpxMTkR"}
@@ -185,17 +185,17 @@
00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":128,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528997294408774,"flow_src_last_pkt_time":1528997294408774,"flow_dst_last_pkt_time":1528997294408774,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":197,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":197,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":197,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997294408774,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.28.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00777{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_src_last_pkt_time":1528997294408774,"flow_dst_last_pkt_time":1528997294408774,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_usec":1528997294408774,"pkt":"ABRP+4rqcNuYVcUnCABFAADh\/xpAAPsRVa\/G4hk1ChxAHgcUchAAzU8kC0oAxWEDMLFDKTYIfgbKyEyHMfIBNTAzMTE0ODAyNTA4NjQ2MjhAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE1YWUvMDA6NTY6Y2Q6NmQ6NDI6NTkvMjIxT0oBAjRIFwEAAAEFAACfFoRHbsDvI\/+46yBaysIsAgUAAJcLQv7ORgAASiNmmimRHNuLAQACCwUAAKEH8wkM8t7F6HlgkovXWwdQEo++iUihP9VHkRTh6mD7kgU="}
00883{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":128,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528997294408774,"flow_src_last_pkt_time":1528997294408774,"flow_dst_last_pkt_time":1528997294408774,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":197,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":197,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":197,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997294408774,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.28.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","proto_id":"146","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00203{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":129,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_usec":1528997294665856}
00303{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1528997294665856,"packet_id":129,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_usec":1528997294665856}
01258{"packet_event_id":1,"packet_event_name":"packet","packet_id":129,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":725,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":725,"pkt_l4_len":0,"thread_ts_usec":1528997294408774,"pkt":"AAAMB6xAqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00202{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":130,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":2296,"global_ts_usec":1528997294874819}
00302{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1528997294874819,"packet_id":130,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":2296,"global_ts_usec":1528997294874819}
00719{"packet_event_id":1,"packet_event_name":"packet","packet_id":130,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":318,"pkt_type":2296,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"thread_ts_usec":1528997294408774,"pkt":"ABRP+4rqcNuYVcUnCPhFAAEw\/yNAAPwRVFfG4hk1CgxAHgcUchABHADcAksBFFLEf\/kOKgAErzLPbpm7axIaCwAAV8gbBVNQQxpuAAABNxA040janeSai176IwGdu20qfHT6JdVX190nBVzQ8vbUeCsV1xduBdcl\/a+H+pp\/9\/XZ2p4RNITv9nAcFfSIQXySxypwJddtE1ldHXfDo7SxndAJGg66ub4EawJGyutGrkBcdNZ\/YktYATUwMzExNDgwMjUwODY0NjI4QHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmcsIDViqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
00203{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":131,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_usec":1528997299762525}
00303{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":3,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1528997299762525,"packet_id":131,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_usec":1528997299762525}
01286{"packet_event_id":1,"packet_event_name":"packet","packet_id":131,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"thread_ts_usec":1528997294408774,"pkt":"AKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00932{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":135,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":36,"flow_dst_packets_processed":34,"flow_first_seen":1528996068129675,"flow_src_last_pkt_time":1528997300248092,"flow_dst_last_pkt_time":1528997300431177,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":655,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":703,"flow_dst_max_l4_payload_len":276,"flow_src_tot_l4_payload_len":24628,"flow_dst_tot_l4_payload_len":6967,"midstream":0,"thread_ts_usec":1528997300431177,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","proto_id":"146","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00929{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":135,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":3,"flow_first_seen":1528997050187902,"flow_src_last_pkt_time":1528997259951210,"flow_dst_last_pkt_time":1528997259779653,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":618,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":703,"flow_dst_max_l4_payload_len":276,"flow_src_tot_l4_payload_len":4028,"flow_dst_tot_l4_payload_len":536,"midstream":0,"thread_ts_usec":1528997300431177,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.62","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","proto_id":"146","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00778{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":135,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528997134036207,"flow_src_last_pkt_time":1528997134036207,"flow_dst_last_pkt_time":1528997134036207,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":197,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":197,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":197,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997300431177,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.120.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00924{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":135,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528997221594421,"flow_src_last_pkt_time":1528997221594421,"flow_dst_last_pkt_time":1528997221594421,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":197,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":197,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":197,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997300431177,"l3_proto":"ip4","src_ip":"198.157.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","proto_id":"146","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00221{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":135,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":711,"global_ts_usec":1528997307038054}
00321{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":4,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1528997307038054,"packet_id":135,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":711,"global_ts_usec":1528997307038054}
01285{"packet_event_id":1,"packet_event_name":"packet","packet_id":135,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"thread_ts_usec":1528997300431177,"pkt":"AAAMB6xAABRP+4rqCABFAALbIQRLAP8RAAAKDEAexpYZNXIQBxQCxwAAAU4Cv5wdq9spC4sVMXMqpc65j64aCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQMwNwZbIqW6ATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BCblJ0d29yay5vcmdZAxB+CDFjaXNjL4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYyAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAPYmZiM2E1SjI1YiwgNWIyMmE1YjMvZjA6Nyk6NjA6ZDE6N2Q6MzcvMjJqBAasFAESIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABOqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":139,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528997311323632,"flow_src_last_pkt_time":1528997311323632,"flow_dst_last_pkt_time":1528997311323632,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":703,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":703,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":703,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997311323632,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.224.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_src_last_pkt_time":1528997311323632,"flow_dst_last_pkt_time":1528997311323632,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"thread_ts_usec":1528997311323632,"pkt":"AAAMB6xAABRP+4rqCABFAALbIQZAAP8RAAAKDEAexuAZNXIQBxQCxwAAAVACv44mJt0CcxbAbqYZaENsgGMaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfIdQlXSVNQUmMwGgkAADghDQMxNwZbIqW\/ATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLk1jYzMxMS4zZ3BwbmV0d29ydi5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwYmZiM2E1MjI1YiwgNXIyMmE1YjMvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjIyBAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TzoCAQA4ATAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZxoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhcmQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwNbGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJGhcAAFfIHRFWWlcgQzIgVGVzdCBMYWIaCwAAV8glBVZ6VxoNAAA4IQ4HMDcwNzEaDAAAOCERBgAAAAAaFQAAOCESD0ludmFsaWQgVmFsdWUaHQIAOCETFzQwLjgwNDg4Mk4tNzQuMTAyODM5VxoMAAA4IRQGAAABAhoMAAA4IRUGAAAAAhoVAAA4IRYPU3RhZGl1bURpcmVjdBoMAAAFgwcGxFBKmVASgNwWy5gYQ7uGHIUIDaTD8g=="}
@@ -206,12 +206,12 @@
00924{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":143,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528997257373354,"flow_src_last_pkt_time":1528997257373354,"flow_dst_last_pkt_time":1528997257373354,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":197,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":197,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":197,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997311984100,"l3_proto":"ip4","src_ip":"198.230.25.62","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","proto_id":"146","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00924{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":143,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528997265856181,"flow_src_last_pkt_time":1528997265856181,"flow_dst_last_pkt_time":1528997265856181,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":703,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":703,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":703,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997311984100,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":30224,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","proto_id":"146","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00923{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":143,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528997266054389,"flow_src_last_pkt_time":1528997266054389,"flow_dst_last_pkt_time":1528997266054389,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":197,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":197,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":197,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997311984100,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.56.64.30","src_port":1812,"dst_port":9472,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","proto_id":"146","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00203{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":145,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_usec":1528997395223381}
00303{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1528997395223381,"packet_id":145,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_usec":1528997395223381}
01258{"packet_event_id":1,"packet_event_name":"packet","packet_id":145,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":725,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":725,"pkt_l4_len":0,"thread_ts_usec":1528997394907427,"pkt":"AAAMqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":148,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528997399308771,"flow_src_last_pkt_time":1528997399308771,"flow_dst_last_pkt_time":1528997399308771,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":197,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":197,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":197,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997399308771,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.37.0","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00776{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":148,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_src_last_pkt_time":1528997399308771,"flow_dst_last_pkt_time":1528997399308771,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_usec":1528997399308771,"pkt":"ABRPJQDqcNuYVcUnCABFAADhALRAAPwRUxbG4hk1CgwlAAcUchAAzVpOC1QAxRxqj+ts\/zbuXZza\/XyA7U4BNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b1ZrLm9yZywgNWIyMiUAMTIvZjA6Nxk6NjA6ZDE6N2S6MzcvMjI0T0oBAgBIFwEAAAEFAAClYf4DzpLiqdyPyTgI99pYAgUAAG+BQKA0HAAAC9tSu9kUjAmLAQACCwUAANTPOn7BAwke3m06BT0FpdxQErKfyMWPNDJCfwFi2pzKF6M="}
00882{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":148,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528997399308771,"flow_src_last_pkt_time":1528997399308771,"flow_dst_last_pkt_time":1528997399308771,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":197,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":197,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":197,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997399308771,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.37.0","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","proto_id":"146","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00200{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":1,"packet_id":150,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","protocol":2048,"global_ts_usec":1528997399801176}
00300{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1528997399801176,"packet_id":150,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","protocol":2048,"global_ts_usec":1528997399801176}
00717{"packet_event_id":1,"packet_event_name":"packet","packet_id":150,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":318,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"thread_ts_usec":1528997399604843,"pkt":"ABRP+4pTcNuYVcUnCAAbAAEwAL1AAPwRUr7G4hk1CgxAHgcUchABHDwbAlUBFM63G2\/ABME95vC\/YtPM3\/caCwAAV8gbBVNQQxpuAAABNxA0xuSFjY5XIJgFQGu0Uv0OYONLFS6YzD8pAXH0KZXHpfwyK4L\/92l5H6gqAq8nL0kepb8RNLxJYMKQCK0eGlYCRiBKtSavfrre3EDS6oPiPCuIZCCfvU44Ccl11WwK9jFxTgAolMtFATUwMzFPNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1DYzMxMS4zZ3BwbmV0d29yay5vcmcsIDViMjJhNjEyL2YwOjc5OjYwOmQxOjdkOjM3LzIyNFkMOTA4NDIxMzI5MhIJU3VjY2VzcxkFU1BDTwYDAgAEUBL2pfBK3Ll7exMTohpXZCAH"}
00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":151,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528997403593616,"flow_src_last_pkt_time":1528997403593616,"flow_dst_last_pkt_time":1528997403593616,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":703,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":703,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":703,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997403593616,"l3_proto":"ip4","src_ip":"10.12.64.110","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":151,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_src_last_pkt_time":1528997403593616,"flow_dst_last_pkt_time":1528997403593616,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"thread_ts_usec":1528997403593616,"pkt":"AAAMB6xAABRP+4rqCABFAALbIQxAAP8RAAAKDEBuxuIZNXIQBxQCxwAAAVYCv+kKLAd5QTZEtH35XGAZbVIaCgAAV8gOBMFTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQMwNwZbIqYbATUwMzExNDgwMDczNmM4MDcyQHdkYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQgLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwYzExMmE2MjI1YiwgNWIyMmE2MTIvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjI0BAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAEBRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TzoCAQA4ATAzMTE0ZTAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZxoUqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
@@ -232,9 +232,9 @@
00924{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":155,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528997265856181,"flow_src_last_pkt_time":1528997265856181,"flow_dst_last_pkt_time":1528997265856181,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":703,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":703,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":703,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997404349931,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":30224,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","proto_id":"146","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00924{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":155,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528997311323632,"flow_src_last_pkt_time":1528997311323632,"flow_dst_last_pkt_time":1528997311323632,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":703,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":703,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":703,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997404349931,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.224.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","proto_id":"146","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00923{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":155,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528997266054389,"flow_src_last_pkt_time":1528997266054389,"flow_dst_last_pkt_time":1528997266054389,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":197,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":197,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":197,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997404349931,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.56.64.30","src_port":1812,"dst_port":9472,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","proto_id":"146","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00203{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":155,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_usec":1528997476267452}
00303{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1528997476267452,"packet_id":155,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_usec":1528997476267452}
01286{"packet_event_id":1,"packet_event_name":"packet","packet_id":155,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"thread_ts_usec":1528997404349931,"pkt":"AAAMB6xAABRPqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00203{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":156,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_usec":1528997476466897}
00303{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1528997476466897,"packet_id":156,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_usec":1528997476466897}
00610{"packet_event_id":1,"packet_event_name":"packet","packet_id":156,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":239,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":239,"pkt_l4_len":0,"thread_ts_usec":1528997404349931,"pkt":"ABRP+4rqcNuqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":157,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528997476761239,"flow_src_last_pkt_time":1528997476761239,"flow_dst_last_pkt_time":1528997476761239,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":683,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":683,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":683,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997476761239,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.37.0","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01422{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_src_last_pkt_time":1528997476761239,"flow_dst_last_pkt_time":1528997476761239,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":725,"pkt_l4_len":691,"thread_ts_usec":1528997476761239,"pkt":"AAAMB6xAABRP+4rqCABFAALHIQ9AAP8RAAAKDEAexuIlAHIQBxQCswAAAVkCqxzt3wAE2R1LMmmDUD0Gdm8aCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwJQAAADghDQM3N0xbIqZkATUwMzExNDgwMjUwODY0NjI4QHdsYW4uVm6qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
@@ -258,7 +258,7 @@
00739{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":161,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528997632285653,"flow_src_last_pkt_time":1528997632285653,"flow_dst_last_pkt_time":1528997632285653,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":691,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":691,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":691,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997632285653,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","l4_proto":112,"flow_datalink":1,"flow_max_packets":3}
01422{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":161,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_src_last_pkt_time":1528997632285653,"flow_dst_last_pkt_time":1528997632285653,"flow_idle_time":620000000,"pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":725,"pkt_l4_len":691,"thread_ts_usec":1528997632285653,"pkt":"AAAMu6xAABRP+4rqCABFAALHIRFAAP9wAAAKDEAexuIZNXIQBxQCswAAAVsCq00mnArJWXX+N3JhhZON0ToaCgBDV8gOBFVTGgwAAFfIDQZ3aWZpGg8ACFfICQlXSVNQUjEwGgkAADghDQMzNwZbIqcAATUwMzExNDgwMjUwODY0NjI4QHdsYW4ubW5jNDgwLm1jYzMxNS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TMDAtNTYtY2QtNmQtNDItNSkeJTZjLaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00845{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":161,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528997632285653,"flow_src_last_pkt_time":1528997632285653,"flow_dst_last_pkt_time":1528997632285653,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":691,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":691,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":691,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997632285653,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","l4_proto":112,"ndpi": {"confidence": {"6":"DPI"},"proto":"VRRP","proto_id":"73","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00203{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":162,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":17664,"global_ts_usec":1528997632478128}
00303{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1528997632478128,"packet_id":162,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":17664,"global_ts_usec":1528997632478128}
00718{"packet_event_id":1,"packet_event_name":"packet","packet_id":162,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":318,"pkt_type":17664,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"thread_ts_usec":1528997632285653,"pkt":"ABRP+4rqcNuYVcUnRQBFAAEwA2FAAPwRUBrG4hk1CgxAHgcUchABHGYCAlsBFPJGkwRL+pjdA5197qGahcwaCwAAV8gbBVNQQxpuAAABNxA06\/sNxTnxG6ukTqwhWbbA2iqJ9xUQWB4T5BwZI+vaxI+7bs\/vfw\/eMzQ3J3YR5Fh5RZWRNDm4c5zmNtk9aBmMKxf9+K7wySD8NYXouGgH0g5FMhfbrMBBWqKOxwRMjh\/pBwtArUnjATUwMzExNDgwMjUwODY0NjI4QHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmcsIDViMjJhNmZmLzAwOjU2OmNkOjZkOjQyOjU5LzIyNyUAMjAxMjU0NDIzNRIJU3Vj42VzcxkFU1BDTwYDAgAEUBLN9Y5G45qq3LYn60raic1U"}
00923{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":163,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528997403593616,"flow_src_last_pkt_time":1528997403593616,"flow_dst_last_pkt_time":1528997403593616,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":703,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":703,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":703,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997632285653,"l3_proto":"ip4","src_ip":"10.12.64.110","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","proto_id":"146","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00921{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":163,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528997399308771,"flow_src_last_pkt_time":1528997399308771,"flow_dst_last_pkt_time":1528997399308771,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":197,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":197,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":197,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997632285653,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.37.0","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","proto_id":"146","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
@@ -275,7 +275,7 @@
00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":164,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528997655006021,"flow_src_last_pkt_time":1528997655006021,"flow_dst_last_pkt_time":1528997655006021,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":197,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":197,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":197,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997655006021,"l3_proto":"ip4","src_ip":"37.0.25.62","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00775{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":164,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_src_last_pkt_time":1528997655006021,"flow_dst_last_pkt_time":1528997655006021,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_usec":1528997655006021,"pkt":"ABRP+4rqcNuYVcUnCABFAADhA5NAAPwRJQAlABk+CgxAHgcUchAAzVdGC1wAxX62GNWdpucNZiYPcJ1Tw+4BNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyamE3MTYvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjI4T0oBAgBIFwEAAAEF+QC\/pRrW1P2OBIB77PLtyYRYAgUAAKO0Q86taQAA4Eb2Dn1+Ei2LAQACCwUAANEKc5kzaUyUHJ2asC+h4v1QEoNkNdC6vGAIe51fKjW9k5g="}
00880{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":164,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528997655006021,"flow_src_last_pkt_time":1528997655006021,"flow_dst_last_pkt_time":1528997655006021,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":197,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":197,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":197,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997655006021,"l3_proto":"ip4","src_ip":"37.0.25.62","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","proto_id":"146","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00221{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":165,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":691,"global_ts_usec":1528997655347789}
00321{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1528997655347789,"packet_id":165,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":691,"global_ts_usec":1528997655347789}
01259{"packet_event_id":1,"packet_event_name":"packet","packet_id":165,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":725,"pkt_l4_len":0,"thread_ts_usec":1528997655006021,"pkt":"AAAMB6xAABRP+4rqCABFAALHnfCWAP8RAAAKDEAexuIZPnIQBxQCswAAAV0Cq2pJZM0ruVNMnb6INz7DlDAaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFd2CQlXSVNQUjEwGgkQADghDQM1NwZbIqcXATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceUTAwLWE3KjQyLWQwLWUwQDAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwYzUxNmE3MjI1YiwgNWIyMmE3MTYvZjA6Nzk6MjA6ZDE6N2Q6MzcvMjI4JAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TyYCAgAkFwEAAAsFAADLaWk9Y3GhxCUALFVq30f3AwIAIPJ2\/3EaFAAAV8gHDlZaV0MyVGVzdEzhYhoKAABXyAgERVQaEAAAV8gKClN0YW5kYXJkGhAAAFfICwpUZXN0IExhYhoJAABXyA8DMRoKAABXyBAETkoaEQAAV8gRC0x4bmRodXJzdBoMAABXyBIGAAAAyRoXAABXyB0RVlpXIEMyIFRlc3QgTGFiGgsAAFfIJQXOelcaDQAAOCEOBzA3MDcxGgwAADghEQYAAAAAGhUAADghEg9JbnZhbGlkIFZBbHVlGh0AADghExc0MC44MDQ4ODJOLTc2LjEwMjgzOVcaDAAAOCEUBgAAAQIaDAAAOCEVBgAAAAIaFQAAOCEWD1N0YWRpdW26aXJlY3QaDAAABYMHBsB8SplQEpV0+y2O0IA5getcDb\/AJ1c="}
00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":166,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528997655528306,"flow_src_last_pkt_time":1528997655528306,"flow_dst_last_pkt_time":1528997655528306,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":276,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":276,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":276,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997655528306,"l3_proto":"ip4","src_ip":"198.226.25.62","dst_ip":"10.12.37.0","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00882{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_src_last_pkt_time":1528997655528306,"flow_dst_last_pkt_time":1528997655528306,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":318,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":318,"pkt_l4_len":284,"thread_ts_usec":1528997655528306,"pkt":"ABRP+4rqcNuYZMUnCABFAAEwA5xAAPwRT9bG4hk+CgwlAAcUchB0HNn2Al0BFJBXpcO19tza8j\/VlLjh3P0aCwAAV8gbBVNQQxpuAAABNxA0jONf4TbIHPUvuy933g6GTJqzqlfKJTFZvtaM0NBQo2jkN\/g2tPEp73PKTNfSnSD8j7kRNPVhPusRHPLIHahhhZlLWh2egFea0oaNGerpaQMfhEQ5jMYg8ICzMJVYCSspbKc8\/fk7ATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmcsIjViMjJhNzE2L2YwOjc5OjYwOmQxOjclADM3LzIyOFkMOTA4NDIxMzI5MhIJU3VjY2VzcxkFU1BDTwYDAgAEUBIwdD70xCUAoHuVXO\/FXR+q"}
@@ -291,9 +291,9 @@
00745{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":172,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528997663992299,"flow_src_last_pkt_time":1528997663992299,"flow_dst_last_pkt_time":1528997663992299,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":205,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":205,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":205,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997663992299,"l3_proto":"ip4","src_ip":"170.170.170.170","dst_ip":"170.170.170.170","l4_proto":170,"flow_datalink":1,"flow_max_packets":3}
00774{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_src_last_pkt_time":1528997663992299,"flow_dst_last_pkt_time":1528997663992299,"flow_idle_time":620000000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_usec":1528997663992299,"pkt":"ABRP+4rqcNuYVcUnCABFAADhA8JAAPuqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00921{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":174,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528997476761239,"flow_src_last_pkt_time":1528997476761239,"flow_dst_last_pkt_time":1528997476761239,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":683,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":683,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":683,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997664564143,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.37.0","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","proto_id":"146","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00221{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":174,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":284,"global_ts_usec":1528997664794099}
00321{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1528997664794099,"packet_id":174,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":284,"global_ts_usec":1528997664794099}
00714{"packet_event_id":1,"packet_event_name":"packet","packet_id":174,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":318,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"thread_ts_usec":1528997664564143,"pkt":"ABRP+4rqcNuYVcUnCABFAAEwJQBAOfwRT6vG4hk1CgxAHgcUchABHPYEAmEBFD8mC375vqLp+KF9uwm3k4gaCwAAV8gbBVNQQxpuAAABNxA07wUYi7+P\/KZsVS9NJaMwCtVJk9jEkC3Vl7jOtDBnuTtoap5IYaKcg6eQ4RJKJBTY9DYRNNB+ybyX+uSA4d1O4JYyTwpoEtUi2e6DQEAJ+nzQSzAvvoa2HSAJtTQFSW0rq69l6fpVATUwMzExNDgwMDcTwDM4MDcyQHdsYW4ubW5jNDjSLm1jYzMxMS4zZ3BwbmV0d29yay5vcmcsIDViMjJhNzE2L2YwOjc5OjYwOmQxOjdkOjM3LzIyOFkMOTA4JQAhMzI5MhIJU3VjY2VzcxkFU1BDTwYDAgAEUBJTXIMaNTnLNgc2lqiL9H7Q"}
00200{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":1,"packet_id":175,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","protocol":2048,"global_ts_usec":1528997683254797}
00300{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1528997683254797,"packet_id":175,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","protocol":2048,"global_ts_usec":1528997683254797}
01285{"packet_event_id":1,"packet_event_name":"packet","packet_id":175,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"thread_ts_usec":1528997664564143,"pkt":"AAAMB6xAABRP+4rqCABRAALbIRRAAP8RAAAKDEAexuIZNXIQBxQCxwAAAWICv9GcOA+HA3ZCcU+zBYarldEaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXMlNQUjEwGgkAADghDQM4NwZbIqczATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQwLWUyLTAwOlZlchR6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJAzdhdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwYzUxNmE3MjI1YiwgNWIyMlE3MTYvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjI4BAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TzoCAQA4ATAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNMcHBuZXR3b3JrLm9yZxoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyAoKU3Rhqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":176,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528997683490128,"flow_src_last_pkt_time":1528997683490128,"flow_dst_last_pkt_time":1528997683490128,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":197,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":197,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":197,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997683490128,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.172.158","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00777{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":176,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_src_last_pkt_time":1528997683490128,"flow_dst_last_pkt_time":1528997683490128,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_usec":1528997683490128,"pkt":"ABRP+4rqcNuYVcUnCABFAADhA\/1AAPsRUM3G4hk1CgysngcUchAAzV+4C2IAxbjeL+gJ\/Z8y3pAVBW+ilI8BNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrTG9yZywgNWIyMmE3MTYvZjA6Nzk6NjA6UjE6NyUAMzcvMjI4T0oBAgBIFwEAAAEFAACeTPrzq4G+qMdV63zS5jgKAgUAANMitQR5aAAATi\/4eqBv42KLAQBzCwUAAI3Vpdgp79asxAN0pnzOl99QEuFioroE6q1umxIDXtaj55s="}
@@ -302,7 +302,7 @@
01422{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_src_last_pkt_time":1528997683835823,"flow_dst_last_pkt_time":1528997683835823,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":725,"pkt_l4_len":691,"thread_ts_usec":1528997683835823,"pkt":"AAAMB6xAABRP+4vqCABFAALHIRVAAP8RAAAKDEAexncZNXIQBxQCswAAAWMCqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":180,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528997687969587,"flow_src_last_pkt_time":1528997687969587,"flow_dst_last_pkt_time":1528997687969587,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":197,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":197,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":197,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997687969587,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1965,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00776{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":180,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_src_last_pkt_time":1528997687969587,"flow_dst_last_pkt_time":1528997687969587,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_usec":1528997687969587,"pkt":"ABRP+4rqcNuYVcUnCABFAADhBApAAPwRT8DG4hk1CgxAHgetchAAzW6NC2QAxZQNQW9gM5ZAoOSO4YFP3T0BNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE3MTYvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjI4T0oBAgBIFwEAAAEFAABnRC75Yur1ZFj3fN3BeW98AgUAAFegbuvq5gAA\/FNfCuUdMLiLAQACCwUAAJwUGRbAWowbz35Ho4OQS4FQEj0VhwwOXHKZf7fI3xH\/2bM="}
00202{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":185,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":2304,"global_ts_usec":1528997692784807}
00302{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1528997692784807,"packet_id":185,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":2304,"global_ts_usec":1528997692784807}
01257{"packet_event_id":1,"packet_event_name":"packet","packet_id":185,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":725,"pkt_type":2304,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":725,"pkt_l4_len":0,"thread_ts_usec":1528997692462514,"pkt":"ACUAB2ugABRP+4rqCQBFAALHIRlAAP8RAAAKDEAexuIZNXIQBxQCswAAAWcCq6p8EPt1JA7lQ+Db9yRaDGkaCgAAV8gOBFVTGnAAAFfIDQZ3aWZpGg8AAFfICSlXSVNQUjEwGgkAADghDQM5NwZbIqc8ATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQwLWUwLUkwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAIJASthdWRpdC1zZXNzaW9uLWlkJQAwZmYxMGFjMDIwMDAwYzUxNmE3MjI1YiwgNWIyMmE3MTYvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjI4BAasFAEQII5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGIQAAAAIMBgAABRQ9Bk0AABNABgAAAA1BBgAAAAZRBDU2TyYCAnEkFwEAAAsFAAB5qZtl7jXBbH7Ivr+LWOj2AwIAIKwexEUaFAAAVsgHDlZaV0MyVGVzdExhYhoKAABXyAgERVQaEAAAV8gKClN0YW5kYXJkGhAAAFfICwpUZXN0IExhYhoJgwBXyA8DMRoKAABXyBAETkoaEQAAV8gRC0x5bmRodXJzdBoMAABXyBIGAAAAyRoXAABXwB0RVlpXIEMyIFRlc3QgTGFiGgslAFclAAVWelcaDQAAOCEOBzA3MDcxGgwAADghEQYAAAAAGhUAADghEg9JbnZhbGlkIFZhbHVlGh0AADghExc0MC44MDQ4ODJOLTc0LjEwMjgzOVcaDAAAOCEUBgAAAQIaDAAAOCEVBgAAAAIaFQAAOCEWj1N0YWRpdW1EaXJlY3QaDAAABYMHBsBQSolQEnRJIAwgdOVHaEimFKQwq+M="}
00933{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":187,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":47,"flow_dst_packets_processed":47,"flow_first_seen":1528996068129675,"flow_src_last_pkt_time":1528997692257778,"flow_dst_last_pkt_time":1528997692968992,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":655,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":703,"flow_dst_max_l4_payload_len":276,"flow_src_tot_l4_payload_len":32241,"flow_dst_tot_l4_payload_len":10160,"midstream":0,"thread_ts_usec":1528997692968992,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","proto_id":"146","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00737{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":189,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528997764910655,"flow_src_last_pkt_time":1528997764910655,"flow_dst_last_pkt_time":1528997764910655,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":663,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":663,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":663,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997764910655,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","l4_proto":0,"flow_datalink":1,"flow_max_packets":3}
@@ -334,15 +334,15 @@
00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":213,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528997777144007,"flow_src_last_pkt_time":1528997777144007,"flow_dst_last_pkt_time":1528997777144007,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":683,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":683,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":683,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997777144007,"l3_proto":"ip4","src_ip":"10.84.37.0","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01423{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_src_last_pkt_time":1528997777144007,"flow_dst_last_pkt_time":1528997777144007,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":725,"pkt_l4_len":691,"thread_ts_usec":1528997777144007,"pkt":"AAAMB6xAABRP+4rqCABFAALHISdAAP8RAAAKVCUAxuIZNXIQBxQCswAAAXUCq0+RGyL6qp4kGgBnV02AqO8aCgAAV8gOBFVzGgwAAFfIDQZ3aWZpGg9zAFfICQlXSVNQUjEwGgkAADghDQM3NwZbItKBATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJWwwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmZBMGFjMDAwMDAwYzg4a2E3MjI1YiwgNWIyMmE3OGMvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjMxBAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TyZ1AgAkFwEAAAsFAAB4gbzVxbw2lh1ax6mZCkrRAwIAIEu4WjAaFAAAV8gHDlZaV0MyVGVzdExhYhoKAABXyAgERVQaEAAAV8gKClN0YW5kYXJkGhAAAFfICwpUZXN0IExhYhoJAABNyA8DMRoKAABXyBAETkoaEQAAV8gRC0x5bmRodXJzdBoMAABXyBIGAAAAyRoXAABXyB0RVlpXIEMyIFBlc3QgTGFiGgsAAFfIJQVWelcaDQAAOCEOBzA3MDcxGgwAADghTwYAAOsAGhUAADghEg9JbnZhbGlkIFZhbHVlGh0AADghExc0MC44MDQ4ODJOLTc0LjEwMjgzOVcaDAAAOCEUBgAAAQIaDAAAOCEVBgAAAAIaFQAAOCEWD1N0YWRpdW1EaXJlY3QaDAAABYMHBsBQSplQEiPn8\/WrP4cXVwKHtEGPFQc="}
00882{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":213,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528997777144007,"flow_src_last_pkt_time":1528997777144007,"flow_dst_last_pkt_time":1528997777144007,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":683,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":683,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":683,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997777144007,"l3_proto":"ip4","src_ip":"10.84.37.0","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","proto_id":"146","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00221{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":214,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":284,"global_ts_usec":1528997777328264}
00321{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1528997777328264,"packet_id":214,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":284,"global_ts_usec":1528997777328264}
00717{"packet_event_id":1,"packet_event_name":"packet","packet_id":214,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":318,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"thread_ts_usec":1528997777144007,"pkt":"ABRP+4rqcNuYVcUnCABFAAEwBTlWAPwRTkLG4hk1CgxAHgcUchABHFtlAnUBFPy\/77suJLORzOzxdqID6lIaCwAAV8gbBVNQQxpuAAABNxA0sgGX0jUZ0GkvrTEvR6JJSI5kjTryeLE5ZDtRZpqfIB5gVwEzf0GZAiOA3v7qRShWEqoRNMrrQ0Ld9EZkDOPTXqYYz\/U0I\/SC+HAlACKylcNORMjkiI8OEYrbS\/uvrFsRUJm7gb3AATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0dyUAay5vcmcsIDViMjJhNzhjL2aqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
00200{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":1,"packet_id":218,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","protocol":2048,"global_ts_usec":1528997778442013}
00300{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1528997778442013,"packet_id":218,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","protocol":2048,"global_ts_usec":1528997778442013}
00565{"packet_event_id":1,"packet_event_name":"packet","packet_id":218,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":206,"pkt_l4_len":0,"thread_ts_usec":1528997778376402,"pkt":"ABRP+4rqcNuYVcUnCABVAADABUNAAPwRTqjG4hk1CgxAHgcUchAArF9UA3cApCAevq4tL8m2+S5T0IZH68wBNTAzMTE0ODAyODE1MDE1ODlAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE3ODYvZTA6NWY6NDU6OTA6MDk6NWYvMjMwEiIzMjc2NCBTdWJzY3JpYmVyIG5vdCBwcm92aXNpb25lZE8HBAEABwBQEqtx8kLAbqN4aRfnk10cKJs="}
00221{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":219,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":711,"global_ts_usec":1528997780932557}
00321{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":3,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1528997780932557,"packet_id":219,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":711,"global_ts_usec":1528997780932557}
01285{"packet_event_id":1,"packet_event_name":"packet","packet_id":219,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"thread_ts_usec":1528997778376402,"pkt":"hQAMB6xAchRP+4rqCABFAALbISpAbP8RAAAKDEAewuIZOHIQBxQCxwAAAXgCv4kwEW0JCeMao3TRk2O0OJUaCgAAV2QOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQM4NwZbIqeUATUwMzExNDgwMDczNjM4MDclAHdsYW4ubW5jNE8wLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZEwtN2QtMzceJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjAAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwYzg4Y2E3MjI1YiwgNWIyMmE3OGMvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjMxBAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgABAAIMBgAABRQ9BgAAACUABgAAAA1BBgAAAAZRBDU2TzoCAaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00200{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":1,"packet_id":221,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","protocol":2048,"global_ts_usec":1528997781425645}
00300{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":1,"threshold_n":4,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1528997781425645,"packet_id":221,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","protocol":2048,"global_ts_usec":1528997781425645}
01257{"packet_event_id":1,"packet_event_name":"packet","packet_id":221,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":725,"pkt_l4_len":0,"thread_ts_usec":1528997781139202,"pkt":"AAAMB6xAABRPU4rqCAAXAALHIStAAP8RAAAKDEAexuIZNXIQBxQCswAAAXkCq1Vl1UpA6lxXEhEbxa4HRw8aCgAAV8gOBFVTmgwAAFfIDQZ3oGZpGg8AAFfICQlXSVNQUjEwGgkAADghDQM4NwZbIqeVATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZjEtN2QtMzceJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzAgYAAAAIGjEAAAAJASthdWRpdC1zZXMlAG9uLWlkPTFlZmYxMGFjMDAwMDAwYzg4Y2E3MjI1YiwgNWIyMmE3OGMlADA6Nzk6NjA6ZDE6N2Q6MzcvMjMxBAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TyYCAgAkFwEAAAsFAABKHBPmGtNtIJzGpfhqB3eGdAIAIFrsFJ8aFAAAV8gHDlZaV0MyVGVzdExhYlUKAABXyAgERVQaEAAAV8gKClN0YW5kYXJkGhAAAFfICwpUZXN0IExhYhoJAABXyA8DMRoKAABXyBAETkoaJQAAV8gRC0x5bmRodXJzdBoMAABXyBIGAAAAyRoXAABXyB0RVlpXIEMyIFRlc3QgTGFiGgsAAFfIJQVWelcaDQAAOCEOBzA3MDcxGgwAADghEQYAAAAAGhUAADghEg9JbnZhbGlkIFZhbHVlGh0AADgh8hc0sS44MDQ4ODJOLTc0LjEwMjgzqlcaDAAAOCEUBgAAAQIaDAAAOCEVBgAAAAI4NQAAOCEWJFN0YWRpdW1EaXJlY3QaDAAABYMHBtxQSplQEsG70Fu7iBnc6ge0pZ5Q5mQ="}
00200{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":1,"packet_id":223,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","protocol":2048,"global_ts_usec":1528997826378144}
00300{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1528997826378144,"packet_id":223,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","protocol":2048,"global_ts_usec":1528997826378144}
01285{"packet_event_id":1,"packet_event_name":"packet","packet_id":223,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"thread_ts_usec":1528997781611762,"pkt":"AAAMB6xAABRP+4rqCADLAALbISxAAP8RAAAKDEAexuIZNXIQBxQCxwAAAXoCv21LVaoOFlJlDTVaO4Jse+QaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQMyNwZbIqfCCTUwMzExNDgwMjgxNTAxNTg5QHdsYW4ubW5jrzgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZTAtNWYtNDUtOTAtMDktNWYeJTAwLWE3LTQyLWQwLXkwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWl2PTEwZmYxMGFjMDAwMDAwYzljMmE3MjI1YiwgNWIyMmE3YzIvZTA6NWY6NDU6OTA6MDk6NWYvMjMyBAasFAEQIA5WWldDMvxlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TzoCAQA4ATAzMTE0ODAyODE1MDE1ODlAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZxoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhcmQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwMxGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJGhcAAFfIHRFWWlcgQzIgVGVzdCBMYWIaCwAAV8glBVZ6VxoNAAA4IQ4HMDcwNzEaDAAAOCERBgAAAAAaFQAA8yESD0ludmFsaWQgVmFsdWUaHQAAOCETFzQwLjgwNDhvMk4tNzQuMTAyODM5VxoMAAA4IRQGAAABAhoMAAA4IR0GAAAAAhoVAAA4IRYPU3RhZGl1bURpcmVjdBoMAAAFgwcGwFBKmVASlj6j0uJ92nAXwxDVWGMfUg=="}
00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":227,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528997829855077,"flow_src_last_pkt_time":1528997829855077,"flow_dst_last_pkt_time":1528997829855077,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":703,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":703,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":703,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997829855077,"l3_proto":"ip4","src_ip":"10.12.64.37","dst_ip":"0.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":227,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_src_last_pkt_time":1528997829855077,"flow_dst_last_pkt_time":1528997829855077,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"thread_ts_usec":1528997829855077,"pkt":"AAAMB6xAABRd+4rqCABFAALbIS5AAP8RAAAKDEAlAOIZNXIQBxQCxwAAAXwCv4IsSQM3nR8wY02\/WtSNjVsaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAF\/ICQlXSVNQUjEwOgkAADghDQMyNwZbIqfFATVRMzExNDgwMjgxNTAxNTg5QHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vc2dZAxB+CDFjaXNjb4MGAAAAAR8TZTAtNWYtNDUtOTAtMDktNWYeJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzZG9uLWlkPTEwZmYxMGFjMDAwMDAwYzljMmE3MjI1YiwgNWIyMmE3YzIvZTA6NWY6NDU6OTA6MDk6NWYvMjMyBAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgC7AAZRBDU2TzoCAQA4ATAzMTE0ODAyODE1MDE1ODlAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLkVyZxoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFahoQAABXyAoKU3RhbmRhcmQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwMxGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJGhcAAFfIHRFWWlcgYzIgVGVzdCBMYWIaCwAAV8glBVZ6VxoNAAA4IQ4HMDcwNzEaDAAAOCERBgAAAAAaFQAAOCESD0ludmFsaWUgVmFsdWUaHQAAOCETFzQwLjgwNDg4Mk4tNzQuMTAyODM5VxoMeQA4IRQGAAABAhoMAAA4IRUzAAAAAhoVAAA4IRYPU3RhZGl1bURpcmVjdBoMAAAFgwcGwFBKmVASDRiCmnK8XecKtcjM1khyyg=="}
@@ -374,9 +374,9 @@
00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":236,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528997839322635,"flow_src_last_pkt_time":1528997839322635,"flow_dst_last_pkt_time":1528997839322635,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997839322635,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1813,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":236,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_src_last_pkt_time":1528997839322635,"flow_dst_last_pkt_time":1528997839322635,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_usec":1528997839322635,"pkt":"ABRP+4rqcNuYVcUnCABFAAClBj5AAPwRTcjG4hk1CgxAHgcVchAAkSN5C4AAiYCfkZP9IDJyM93m2y+NtRUBNTAzMTE0ODAwNzEzOTQzMDRAd2xhbi5tbmM0MDAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE3Y2YvYjA6OWY6YmE6NGE6MGU6N2UvMjMzTw4BAAAMFwwAAAwBf\/xQEl7YRWPdxCp7KxkigG7kdUs="}
00883{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":236,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528997839322635,"flow_src_last_pkt_time":1528997839322635,"flow_dst_last_pkt_time":1528997839322635,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997839322635,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1813,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","proto_id":"146","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00203{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":237,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_usec":1528997839449302}
00303{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1528997839449302,"packet_id":237,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_usec":1528997839449302}
01222{"packet_event_id":1,"packet_event_name":"packet","packet_id":237,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":697,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":697,"pkt_l4_len":0,"thread_ts_usec":1528997839322635,"pkt":"AAAMB6xAVRRP+4qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00200{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":1,"packet_id":238,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","protocol":2048,"global_ts_usec":1528997839511870}
00300{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1528997839511870,"packet_id":238,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","protocol":2048,"global_ts_usec":1528997839511870}
00565{"packet_event_id":1,"packet_event_name":"packet","packet_id":238,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":206,"pkt_l4_len":0,"thread_ts_usec":1528997839322635,"pkt":"ABRP+4rqcNuYVcUnCABlAADABkJAAPwRTaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00921{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":239,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528997655528306,"flow_src_last_pkt_time":1528997655528306,"flow_dst_last_pkt_time":1528997655528306,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":276,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":276,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":276,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997839322635,"l3_proto":"ip4","src_ip":"198.226.25.62","dst_ip":"10.12.37.0","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","proto_id":"146","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00919{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":239,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528997655006021,"flow_src_last_pkt_time":1528997655006021,"flow_dst_last_pkt_time":1528997655006021,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":197,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":197,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":197,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997839322635,"l3_proto":"ip4","src_ip":"37.0.25.62","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","proto_id":"146","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
@@ -392,9 +392,9 @@
00783{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":243,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528997260021140,"flow_src_last_pkt_time":1528997260021140,"flow_dst_last_pkt_time":1528997260021140,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":158,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":158,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":158,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997867808101,"l3_proto":"ip4","src_ip":"198.226.25.62","dst_ip":"10.12.64.30","l4_proto":85,"ndpi": {"proto":"Unknown","proto_id":"0","encrypted":0,"breed":"Unrated"}}
00739{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":243,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528997260021140,"flow_src_last_pkt_time":1528997260021140,"flow_dst_last_pkt_time":1528997260021140,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":158,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":158,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":158,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997867808101,"l3_proto":"ip4","src_ip":"198.226.25.62","dst_ip":"10.12.64.30","l4_proto":85,"flow_datalink":1,"flow_max_packets":3}
00582{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":243,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","packets-captured":243,"packets-processed":200,"total-skipped-flows":0,"total-l4-payload-len":85740,"total-not-detected-flows":10,"total-guessed-flows":2,"total-detected-flows":38,"total-detection-updates":0,"total-updates":98,"current-active-flows":15,"total-active-flows":54,"total-idle-flows":39,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":394,"global_ts_usec":1528997988607022}
00202{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":244,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":2560,"global_ts_usec":1528997988838453}
00302{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1528997988838453,"packet_id":244,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":2560,"global_ts_usec":1528997988838453}
00611{"packet_event_id":1,"packet_event_name":"packet","packet_id":244,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":239,"pkt_type":2560,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":239,"pkt_l4_len":0,"thread_ts_usec":1528997988607022,"pkt":"ABRP+4rqcNuYVcUnCgBFAADhCANAAPwRS8fG4hk1CgxAHgcUchAAzcqaC4QAxQGJ6Lj45v3l8O9jNbsTb\/MBNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE4NjQvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjM0T0oBAhBIFwEAAAEFAAD7NrjaxmMHv4vIE1TL2G1wAgUAANQK+SugcQAAjldODJoz\/yqLAQACCwUAAPFizAqNmvaDbjPlWgGZGZpQEuJJeKWQmKkvyDnGACXbYRU="}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":245,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":0,"global_ts_usec":1528997989240618}
00299{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1528997989240618,"packet_id":245,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":0,"global_ts_usec":1528997989240618}
01255{"packet_event_id":1,"packet_event_name":"packet","packet_id":245,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":725,"pkt_type":0,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":725,"pkt_l4_len":0,"thread_ts_usec":1528997988607022,"pkt":"AAAMB6xAABRP+4olAABFAALHITdAAP8RAAAKDEAexuIZNXIQBxQCswAAAYUCq1+INwexFZhfJQDfuQscp+waCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQM4NwZbIqhlATUwMzExNDgwMDczNjM4MDcyQHdsYW4QbW5jNDg2Lm1jYzMxMS5EZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAAGjEAAAAJASthdWRpdC1zZXNzae9uLWlkPTEwZmYxMGFjMDAwMDAwY2I2NGE4MjI1YiwgNWIyMmE4NjQvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjM0BAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABZU9BgAAABNABgAAAA1BBgAAAAZRBDU2TyYCAgAkFwEAAAsFAAAqyk7MPy+\/53EGG8G21R64AwIAIEnDCioaFAAAV8gHDlZaV0MyVGVzdExhYhoKAABXyEgERVSpEAAAV8gKClN0YW5kYXJkGhAAAFfICwpUZXN0Q0xhYhoJAADXyA8DMRoKAABXsBAETkpHEQAAV8gRC0x5bmRodXJzdBoMAABXyBIGAAAAyRoXAABXyB0RVlpXIEMyIFRlc3QgTGFiGgsAAFfIJQVWelcaNQAAOCEOBzA3MDcxGgwAADghEQYAAAAAGhUAADghEg9JbnZhbCUAIFZhbHVlGh0AADghExc0MC44MDQ4ODJOLTc0LjEwMjgzOVcaDAAAOCEUBgAAAQIaDAAAOCEVBgAAAAIaFQAAOCEWD1N0YWRpdW1EaXJlY3QaDAAABYMHBsBQSplQElQJdBGjY0wxqxPERz7qHjo="}
00878{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":246,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_src_last_pkt_time":1528997989461215,"flow_dst_last_pkt_time":1528997663992299,"flow_idle_time":620000000,"pkt_oversize":false,"pkt_caplen":318,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":318,"pkt_l4_len":284,"thread_ts_usec":1528997989461215,"pkt":"ABRP+4rqcNuYVcUnCABFqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
01378{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":247,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_src_last_pkt_time":1528997839322635,"flow_dst_last_pkt_time":1528997997929387,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":691,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":691,"pkt_l4_len":657,"thread_ts_usec":1528997997929387,"pkt":"AAAMB6xAABRP+4rqCABFAAKlIThAAP8RAAAKDEAexuIZNXIQBxUCkQAABIYCiWTbrkYoE6dP3NRell25+W4aCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGQVTUEMaCQAAOCENAzkBNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZ34IMWNpc2NvBQYAAAAIBAasFAEQCAasFAEWYRQAQP6AAAAAAAAAAAAAAAAAAAAgDlZaV0MyVGVzdExhYhoMAAA3YwEGAAAAAiwgNWIyMmE4NjQvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjM0PQYAAAATGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwY2I2NGE4MjI1Yi0GAAAAAUAGAAAADEEGAAAABlEENTY3BlsiqG0aFAAAV8gHDlZaV0MyVEMkdExhYhoKAABXyAgERVQaEAAAV8gKClN0YW5kYXJkGhAAAFfICwpUZXN0IExhYhoJAABXyA8DMRoKAABXyBAETkoaEQAAV8gRC0x5bmRodXJzdBoMAABXyBIGAAAAyRoXAABXyB0RVlpXIEMyIFRlc3QgTGFiGgsAAFfIJQVWelcaDQAAOCEOBzA3MDcxGgwAADghEQYAAAAAGhUAADghEg9JbnZhbGlkIFZhbHVlGh0AADghExdHMC44MDQ4ODJOLTc0LjEwMjgzOVcaDAAAOCEUaAAAAQIaDAAAOCEVBgAAAAIaFQAAOCEWD1N0YWRpdW1EaXJlY3QoBgAVAAEfE2YwLTc5LTYwLWQxLTdkLTM3HiUlAC1hNy00Jaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
@@ -445,7 +445,7 @@
01451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_src_last_pkt_time":1528998257171672,"flow_dst_last_pkt_time":1528998257171672,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"thread_ts_usec":1528998257171672,"pkt":"AAAMB6xAABRP+4rqCABFAALbtPNAAP8RAAAKDEAexuIZPnIQBxQCxwAAAZQCv\/QjF2fWlNBdxlblaWkTeyMaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQM1NwZbIqlxATUwMzExNDgwMjgxNTAxNTg5QHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZTAtNWYtNDUtOTAtMDktNWYeJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwY2Y1YWE5MjI1YiwgNWIyMmE5NWEvZTA6NWY6NDU6OTA6MDk6NWYvMjM4BAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2bzoCAQA4ATAzMTE0ODAyODE1MDE1ODlAd2xhbi5tbmM0ODAlAEZjMzExLjNncHBuZXR3b3JrLm9yZxoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhcmQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwMxGmwAAFfIEAROShoRAABXyE0LTHluZGh1cnN0GgwAAFfIEgYAAAjJGhcAAFfIHRFWWlcgQzIgVGVzdCBMYWIaCwAAV8glBVZ6VxoNAAA4IQ4HMDcwNjEaDAAAOCERBgAAAEIaFQAAOCESD0ludmFsaWQgVmFsdWUaHQAAOCFMFzQwLjgwNDg4Mk4tN3kuxzAyODM5VxoMAAA4IRQGAAABAhoMAAA4IRUGAAAAAhoVAAA4IRYPU3RhZGl1bURpcmVjdBoMAAAFgwcGwFBKmVAS4SWykyhQ3NEVyrk907GZpA=="}
00883{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":274,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528998257171672,"flow_src_last_pkt_time":1528998257171672,"flow_dst_last_pkt_time":1528998257171672,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":703,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":703,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":703,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528998257171672,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.62","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","proto_id":"146","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":275,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_src_last_pkt_time":1528998257171672,"flow_dst_last_pkt_time":1528998257238494,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_usec":1528998257238494,"pkt":"ABRP+4rqcNuYVcUnCABFAAClC51AAPwRSGDG4hk+CgxAHgcUchAAkfysC5QAiW3tOcJvsUMExQ3khIQf5JsBNTAzMTE0ODAyODE1MDE1ODlAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE5NWEvZTA6NWY6NDU6OTA6MAI6NWYvMjM4Tw4BAAAMFwwAAAwBf\/xQEttbuyUYSqflHrLDivPrVrc="}
00221{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":276,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":663,"global_ts_usec":1528998257392177}
00321{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1528998257392177,"packet_id":276,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":663,"global_ts_usec":1528998257392177}
01222{"packet_event_id":1,"packet_event_name":"packet","packet_id":276,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":697,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":697,"pkt_l4_len":0,"thread_ts_usec":1528998257238494,"pkt":"AAAMB6xAABRP+4rqCABFAAKrtPRAZP8RAAAKLEAexuIZPnIQBxQClwAAAZUCj2QnnzQfo5ejlXtjb\/umlWwaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQM1NwZbIqlxATUwMzExNDgwMjgxNTAxNTg5QHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNib4OUAAAAAR8TZTAtNWYtNDUtOTAtMDktNWYeJTAwLWE3LTQyLWQwLWUwLTEwOlZlcml6b25XaTZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXOqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00731{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":277,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":3,"flow_src_last_pkt_time":1528998257171672,"flow_dst_last_pkt_time":1528998257456042,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_usec":1528998257456042,"pkt":"ABRP+4rqcNuYVcUnCABFAADAC6FAAPwRSEHG4hk+CgxAHgcUchAArH\/HA5UApDEA20uf1YbOtjZ3cBjhL8UBNTAzMTE0ODAyODE1MDE1ODlAd2xhbi5tbmM0ODAubWNjczExLjNncHBuZXR3b3JrLm9yZywwNWIyMmE5NWEvZTA6NWY6NDU6OTA6MDk6NWYvMjM4EiIzMjc2NCBTdWJzY3JpYmVyIG53dCBwcm92aXNpb25lZE8HBAEABwBQEiTxEJAlgr8Mmnu4S7XiSkM="}
00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":278,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528998260755072,"flow_src_last_pkt_time":1528998260755072,"flow_dst_last_pkt_time":1528998260755072,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":703,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":703,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":703,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528998260755072,"l3_proto":"ip4","src_ip":"10.6.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -454,18 +454,18 @@
00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":279,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528998260831633,"flow_src_last_pkt_time":1528998260831633,"flow_dst_last_pkt_time":1528998260831633,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528998260831633,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.82.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00696{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":279,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_src_last_pkt_time":1528998260831633,"flow_dst_last_pkt_time":1528998260831633,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_usec":1528998260831633,"pkt":"ABRP+4rqcNuYVcUnCABFAAClC7JAAPwRSFTG4hk1ClJAHgcUchAAkW2jC5YAiay3x5utrN9ef0\/5StJEFS4BNTAzMTE0ODAyODE1MDE1ODlAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE5NWUvZTA6NWY6NDU6OTA6MDk6NWYvMjM4Tw4BAAAMVwwAAAwBf\/xQEkJeR7D8c3a4+60+qxnUicM="}
00883{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":279,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528998260831633,"flow_src_last_pkt_time":1528998260831633,"flow_dst_last_pkt_time":1528998260831633,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528998260831633,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.82.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","proto_id":"146","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00203{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":280,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_usec":1528998260959519}
00303{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1528998260959519,"packet_id":280,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_usec":1528998260959519}
01222{"packet_event_id":1,"packet_event_name":"packet","packet_id":280,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":697,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":697,"pkt_l4_len":0,"thread_ts_usec":1528998260831633,"pkt":"AAAMB6qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00202{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":281,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":2056,"global_ts_usec":1528998261024256}
00302{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":3,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1528998261024256,"packet_id":281,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":2056,"global_ts_usec":1528998261024256}
00566{"packet_event_id":1,"packet_event_name":"packet","packet_id":281,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":206,"pkt_type":2056,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":206,"pkt_l4_len":0,"thread_ts_usec":1528998260831633,"pkt":"ABRX+4rqcNuYVcUnCAhFAADAC7dAAPwRSDTG4hk1CgxAHgcUchAArEQCA5cApOyxS9lHKp\/iE8OGfXn5m7UBNTAzMTE0ODAwODE1MDE1ODlAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE5NWEvZTA6NWY6NDU6OTA6MDk6NWYvMjM4EiIzMjc2NCBTdWJzY3JpYmVyIG5vdCBwcm92aXNpb25lZE8HBAEABwBQEvCuKaRJ36jDL+AkcQNYHtM="}
00221{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":283,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":145,"global_ts_usec":1528998279670634}
00321{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1528998279670634,"packet_id":283,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":145,"global_ts_usec":1528998279670634}
00531{"packet_event_id":1,"packet_event_name":"packet","packet_id":283,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":179,"pkt_l4_len":0,"thread_ts_usec":1528998279600770,"pkt":"gBRP+yUAcNuYVcUnCABFADClC+NAAPsRSSPG4hk1CgxAHgcUchAAkf3TC5gAiaqvlSxwmtnYRSbHVUGZo3ABNTAzMTE0ODA0MzI2MDg1ODabd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE5ODcvNWM6MWQ6ZDk6NTM6MGM6OWIvMjM5Tw4BAAAMFwwAAAwBf\/xQEnv5mqy\/X1rSPl3U34VdPzc="}
00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":284,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528998279797842,"flow_src_last_pkt_time":1528998279797842,"flow_dst_last_pkt_time":1528998279797842,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":655,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":655,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":655,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528998279797842,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.80.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01388{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":284,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_src_last_pkt_time":1528998279797842,"flow_dst_last_pkt_time":1528998279797842,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":697,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":697,"pkt_l4_len":663,"thread_ts_usec":1528998279797842,"pkt":"AAAMB6xAABRP+4rqCABFAAKrIUlAAP8RAAAKDEAexuJQNXIQBxQClwAAAZkCj3rtQEtjvnzCegZr\/ks\/YsIaCgAAJQAOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQM3NwZbIq2HATUwMzExNDgwNDMyNjA4NTg2QHNsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TNWMtMWQtZDktNTMtMGMtOWIeJTAwLWE3LTQyLWQwLWUwLTAwOlaNcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwZDA4N2E5MjI1YiwgNWIyMmE5ODcvFWM6MWQ6ZDk6NTM6MGM6OWIvMjM5BASsFAEQIA5WWldDMlRlc3RMYWIaDPYAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TwoCAAAIFwwAABoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyCoKU3RhbmRhqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00883{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":284,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528998279797842,"flow_src_last_pkt_time":1528998279797842,"flow_dst_last_pkt_time":1528998279797842,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":655,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":655,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":655,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528998279797842,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.80.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","proto_id":"146","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":291,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528998285403937,"flow_src_last_pkt_time":1528998285403937,"flow_dst_last_pkt_time":1528998285403937,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528998285403937,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"14.12.64.30","src_port":3860,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00696{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_src_last_pkt_time":1528998285403937,"flow_dst_last_pkt_time":1528998285403937,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_usec":1528998285403937,"pkt":"ABRP+4rqcNuYVcUnCABFAAClDBBAAPwRR\/bG4hk1DgxAHg8UchAAkVlTC5wAid6Vm2Prh8ff1igjujrPQY0BNTAzMTE0ODA0MzI2MDg1ODZAd2xhbi5tbmM0ODAubWPjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmELODcvNWM6MWQ6ZDk6NTM6MGM6OWIvMjM5Tw4BAAAMFwwAAAwBf\/xQEvWoCrn3KdnMpOYKRlABwJ8="}
00221{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":293,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":172,"global_ts_usec":1528998285592193}
00321{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1528998285592193,"packet_id":293,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":172,"global_ts_usec":1528998285592193}
00565{"packet_event_id":1,"packet_event_name":"packet","packet_id":293,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":206,"pkt_l4_len":0,"thread_ts_usec":1528998285529302,"pkt":"ABRP+4rqcNuYVcUnCABFAADADBdAEPwRR9TG4hlFCgxAHgcUchAArDMCA50ApI8fGqCVnysbmexp5ciWlfwBJTAzMTE0ODA0MzI2MDg1ODZAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE5ODcvNWM6MWQ6ZDk6NTM6MGM6OWIvMjM5EiIzMjc2NCBTqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00933{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":294,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":81,"flow_dst_packets_processed":78,"flow_first_seen":1528996068129675,"flow_src_last_pkt_time":1528998285529302,"flow_dst_last_pkt_time":1528998282717553,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":143,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":703,"flow_dst_max_l4_payload_len":276,"flow_src_tot_l4_payload_len":54782,"flow_dst_tot_l4_payload_len":15355,"midstream":0,"thread_ts_usec":1528998285529302,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","proto_id":"146","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00924{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":294,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528998226495276,"flow_src_last_pkt_time":1528998226495276,"flow_dst_last_pkt_time":1528998226495276,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":703,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":703,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":703,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528998285529302,"l3_proto":"ip4","src_ip":"10.12.82.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","proto_id":"146","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
@@ -477,36 +477,36 @@
00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":296,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528998308061932,"flow_src_last_pkt_time":1528998308061932,"flow_dst_last_pkt_time":1528998308061932,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":683,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":683,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":683,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528998308061932,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29232,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01422{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":296,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_src_last_pkt_time":1528998308061932,"flow_dst_last_pkt_time":1528998308061932,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":725,"pkt_l4_len":691,"thread_ts_usec":1528998308061932,"pkt":"AAAMB3BAABRP+4rqCABFAALHIU9AAP8RAAAKDEAexuIZNXIwBxRDswAAAZ8Cq9PofZmSNOhQyNOgaRsyJ1QaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNYUjEwGgkAADghDQMwNxZbIqmjATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yaS5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b243aUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkczEwZmYxMGFjMDAwMDAwY2U1MmE5MjI1YiwgNWIyMmE5NTIvZjA6Nzk6JQA6ZDE6N2Q6MzcvMjM3BAasFAEQIA5WWldDhFRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TyYCAgAkFwEAAAsFAADqGOBIENmf79hbM4GZs1ZYAwIAIJdiOR0aFAC4V8gHDlZaV0MyVGVzdExhYhoKAABXyAgERVQaEAAAV8gKClN0YW5kYXJkGhBhAFfICwpUZXN0IExhYhoJAABXyA8DMRoKpwBXyBAETkoaEQAAV8gRC0x5bmRodXJzdBoMAABXyBIGAAAAyRoXAABXyB0RVlpXIEMyIFRlc3QgTGFiGgsAAFfIJQVWelcaDQAAOCEOBzA3MDcxGgwAADghEQYAAAAAGhUAADghEg9JbnZhbGlkIFZhbHVlGh0AADghExc0MC44MDQ4ODJOLTc0LjEwMjgzOVcaDAAAOCEUBgAAAQIaDAAAOCEVBgAAAAIaFQAAOCEWD1N0YWRpdW1EaHJlY3QaDAAABYNHBsBQSplQEuURqTNatQDGcJFc00xUIbY="}
00883{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":296,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528998308061932,"flow_src_last_pkt_time":1528998308061932,"flow_dst_last_pkt_time":1528998308061932,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":683,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":683,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":683,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528998308061932,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29232,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","proto_id":"146","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00203{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":297,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":16640,"global_ts_usec":1528998308249791}
00303{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1528998308249791,"packet_id":297,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":16640,"global_ts_usec":1528998308249791}
00716{"packet_event_id":1,"packet_event_name":"packet","packet_id":297,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":318,"pkt_type":16640,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"thread_ts_usec":1528998308061932,"pkt":"ABRP+4rqcNu2VcUnQQBFAAEwDINAAPsRR\/jG4hk1CgwlAAcUchABHKZIAp8BFMKP3L7bmNggOPWkTIavpgoaCwAAV8gbBVNQQxpuAAABNxA0723Z5fHoC0l+gadvadgzfaSzCz27rPwxopk71TEDK1VIm8mW\/vsFxUsHy2TxysAjZO8RNM3E07NOswLZR1Yjduj2RuApthb0mlkqWQZZpjfg4Vd1eYt2TqpojJTwm8thaNHCskFYATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLiUAYzMxMS4zZ3BwbmV0d29yay5vcmcsIDViMjJhOTUyL2YwOjc5OlAwOmQxOjdkOjM3LzIzN1kMOTA4NDIxMzI5MhIJU3VjY2VzcxkFeVBDTwYDAgAEUBIoTJCJ2HxVvdUlAOn56UH9"}
00200{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":1,"packet_id":298,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","protocol":2048,"global_ts_usec":1528998308483432}
00300{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1528998308483432,"packet_id":298,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","protocol":2048,"global_ts_usec":1528998308483432}
01287{"packet_event_id":1,"packet_event_name":"packet","packet_id":298,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"thread_ts_usec":1528998308061932,"pkt":"AAAMB6xAABRP+4rqCAAkAALbIVBAAP8RAAAKDEAexuIZNXIQBxQCxwAAAaACv\/i0glgkXqR4abyMOyu1FuUaCgAAV8gOBFVTGgwAAFfIDSUAaWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQMwNwZbIqmkATUwMzExNDgwNDMyNjA4NTg2QHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TNWMtMWQtZDktNTMtMGMtOWIeJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpLi1zZXNzaW9uLWl0PTEwZmYxMGFjMDAwMDAwZDFhNGE5MjI1YiwgNWIyMmE5YTQvNWM6MWQ6ZDE6NTM6MGM6OWIvMjQwBAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABFABgAAAA1BBgAAAAZRBDU2TzoCAQA4ATAzMTE0ODA0MzJoMDg1ODbWd2xhbi5tbkM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZxoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhdWQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwMxGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJGhcAAFfIHRFWWlcgQzIgVGVzdCBMYWIaCwAAV8glBVZ6VxoNAAA4IQ4HMDcwNzEaDAAAOCERBgAAAAAaFQAAOCESD0ludmFsaWQgVmFsdWUaHQAAOCETFzQwLjgwNDg4Mk4tNzQuMTAyODM5VxoMAAA4IRQGAAABAhoMAAA4IRUGAAAAAhoVAAA4IRYPU3RhZCUAbURpcmVjdBoMAAAFgwdbwFBKmVAS3DaqxzVlY8YVdJMYTWA\/Jw=="}
00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":307,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528998314309308,"flow_src_last_pkt_time":1528998314309308,"flow_dst_last_pkt_time":1528998314309308,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528998314309308,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.81.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":307,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_src_last_pkt_time":1528998314309308,"flow_dst_last_pkt_time":1528998314309308,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_usec":1528998314309308,"pkt":"ABRP+4pIcNuYVcUnCABFAAClDKJAAPwRR2TG4hk1ClFAHgcUchAAkVZiC6QAiXXtUkUY2UEpsUhCUrecX98BNTAzMTE0ODA0MzI2MDg1ODZAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE5YTQvNWM6MWQ6ZDk6NTM6MGM6OWIvMjQwTw4BAAAMFwwAAAwBf\/xQEi8FyNCyWjoJnDm8uRInVVc="}
00883{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":307,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528998314309308,"flow_src_last_pkt_time":1528998314309308,"flow_dst_last_pkt_time":1528998314309308,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528998314309308,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.81.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","proto_id":"146","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":309,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528998314512887,"flow_src_last_pkt_time":1528998314512887,"flow_dst_last_pkt_time":1528998314512887,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":164,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":164,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":164,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528998314512887,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":43028,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00731{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":309,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_src_last_pkt_time":1528998314512887,"flow_dst_last_pkt_time":1528998314512887,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_usec":1528998314512887,"pkt":"ABRP+4rqcNuYVcUnCABFAADADKZAAPwRR0XG4hk1CgxAHqgUchAArLr7A6UApAJ1Pjz8JGCwuo5GIgtQcZwBNTAzMTE0ODA0MzI2MDg1ODZAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm5yZywgNWIyMmE5YTQvNWM6MWQ6ZDk6QjM6MGM6OWIvMjQwEiIzMjc2NCBTdWJzY3JpYmVyIG5vdCBwcm92a3Npa25lZE8HBAEABwBQEil3cnDy8\/cVSnBQY7FdIyI="}
00221{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":312,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":691,"global_ts_usec":1528998315379425}
00321{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":3,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1528998315379425,"packet_id":312,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":691,"global_ts_usec":1528998315379425}
01257{"packet_event_id":1,"packet_event_name":"packet","packet_id":312,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":725,"pkt_l4_len":0,"thread_ts_usec":1528998315061032,"pkt":"AAAMB6xAABRPC4rqCABFAHfHIVdAAP8RAAAKDEAexuIZNXIQBxQCswAAAXcCq7birWrbSCR0XX2ECsyLDxcaCgAAVcgOBFVTGgwAAFfIDQZ3aWZp7g8AEFfICQlXSVNQUjEwGgkAADghDQMxNwZbIqmrATUwMzExNDgwMDczNlA4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtN6qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00203{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":313,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":17152,"global_ts_usec":1528998315564266}
00303{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":4,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1528998315564266,"packet_id":313,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":17152,"global_ts_usec":1528998315564266}
00717{"packet_event_id":1,"packet_event_name":"packet","packet_id":313,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":318,"pkt_type":17152,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"thread_ts_usec":1528998315061032,"pkt":"ABRU+4rqcNuYVcUnQwBFAAEwDOpAAPwRRszG4hk1CgxAHgcUchABHIc+AicBFAVYRP7z9BnlCK2x3nMNu9caCwAAV8gbBVNQQ\/1uAAABNxA0lSfZbnfLLhoh4+5ALjW4bpaGB\/F5lLUmaXWeOTpERaZCygHBXW8G5d8wRSUAsOoyXuERNO7GEB2l9DfyYkq5gsPl9gYDdVKWsTzavhi3cpWL4d4hWImwBdGLigMB9OjFS4NJg5i2ATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29iay5vcmcsIDViMjJhOTUyL2YwOjc5OjYwOmQxOjdkOjM3LzIzN1kMOTA4NDIxMzI5MhIJU3VjY2VzcxkFU1BDTwYDAgAEUBKDY\/Qv9KooB2GY4bCH4+IC"}
00928{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":314,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1528998257171672,"flow_src_last_pkt_time":1528998257171672,"flow_dst_last_pkt_time":1528998257456042,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":703,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":703,"flow_dst_max_l4_payload_len":164,"flow_src_tot_l4_payload_len":703,"flow_dst_tot_l4_payload_len":301,"midstream":0,"thread_ts_usec":1528998315061032,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.62","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","proto_id":"146","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00923{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":314,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528998260755072,"flow_src_last_pkt_time":1528998260755072,"flow_dst_last_pkt_time":1528998260755072,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":703,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":703,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":703,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528998315061032,"l3_proto":"ip4","src_ip":"10.6.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","proto_id":"146","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00924{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":314,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528998260831633,"flow_src_last_pkt_time":1528998260831633,"flow_dst_last_pkt_time":1528998260831633,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528998315061032,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.82.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","proto_id":"146","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00221{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":315,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":205,"global_ts_usec":1528998323044401}
00321{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":5,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1528998323044401,"packet_id":315,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":205,"global_ts_usec":1528998323044401}
00609{"packet_event_id":1,"packet_event_name":"packet","packet_id":315,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":239,"pkt_l4_len":0,"thread_ts_usec":1528998322857233,"pkt":"ABRP+0zqcNuYVcUnCABFAAAlAL1AEPwRRw3G4hk1CgxAHgcUchAAzTbHC6gAxWfYqv2MMmfQQQEjLJV5MYwBNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE5NTIvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjA3T0oBAgBIFwEAAAEFAAASnKqRiXtNkJ7pl81Lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00200{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":1,"packet_id":317,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","protocol":2048,"global_ts_usec":1528998323568325}
00300{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":1,"threshold_n":6,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1528998323568325,"packet_id":317,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","protocol":2048,"global_ts_usec":1528998323568325}
00714{"packet_event_id":1,"packet_event_name":"packet","packet_id":317,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":318,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"thread_ts_usec":1528998323340801,"pkt":"ABRP+4rqcNsYVcUnCACOAAEwDMFAAPwRRrrG4hk1CgxAHgcUchABHN46AqkBFC7XsmGo9thH1H39z75ZofsaCwAAV8gbBVNQQxpuAAABNxA01fgke7cAxvNUQc8fbhbu8Vj1f4ydqDyFV6zE3SwbdURor5DaN1W5275SM8SlmfBSLKIRNMdp\/4Zs6S04Xowx3iRvmA3n8taa5E4m8wpB3etCd2VzmAkdeZLlem0oTIzBlWNTWH1RATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jSzgwLm1jYzMxMS4zZ3BwbmV0d2Vyay5vc04sIDViMjJhOTUyL2YwOjc5OjYwOmQxOjdkOjM3LzIzN1kMOTA4NDIxMzI5MhIJU3VjY2VzcxkFU1BDTwYDAgAEUBLs7b4ERJr4qPbI12xbGqC0"}
00221{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":318,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":711,"global_ts_usec":1528998338204494}
00321{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1528998338204494,"packet_id":318,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":711,"global_ts_usec":1528998338204494}
01285{"packet_event_id":1,"packet_event_name":"packet","packet_id":318,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"thread_ts_usec":1528998323340801,"pkt":"AAAMB6xAABRP+4rqCABFAALbIVpEAP8RAAAKDEAexuIZNXIQBxQCxwAAAaoCv2Uj1+ujspK2VyIvdisE+iUaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQMzNwaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":319,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528998338382096,"flow_src_last_pkt_time":1528998338382096,"flow_dst_last_pkt_time":1528998338382096,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":197,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":197,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":197,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528998338382096,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.73","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00775{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":319,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_src_last_pkt_time":1528998338382096,"flow_dst_last_pkt_time":1528998338382096,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_usec":1528998338382096,"pkt":"ABQlAIrqcNuYVcUnCABFAADhDOxAAPwRRt7G4hk1CgxASQcUchAAzQ2+C6oAxV4x6AhgYl+1t\/7aBLDTkJgBNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE5NTIvZjA6Nzk6NjA6ZDE6N2Y6MzcvMjM3T0oBAgBIFwEAAAEFAAD9ndZ8FHhsyj5jhEswY1t0AgUAABpKKGv5SQAALFBpvDseP8KLAQACCwUAAC1HLAQoI0jpYeW4fPFsl+tQEgCJjyegSbpAOXlBuPG4l8E="}
00883{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":319,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528998338382096,"flow_src_last_pkt_time":1528998338382096,"flow_dst_last_pkt_time":1528998338382096,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":197,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":197,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":197,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528998338382096,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.73","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","proto_id":"146","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00221{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":321,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":284,"global_ts_usec":1528998338865071}
00321{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1528998338865071,"packet_id":321,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":284,"global_ts_usec":1528998338865071}
00716{"packet_event_id":1,"packet_event_name":"packet","packet_id":321,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":318,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"thread_ts_usec":1528998338669944,"pkt":"ABRP+4rq8NuYVcUnCABFAAEwDPCkAPwRRos14hk1CgxAHgcUchABHImMAqsBFPNe2aGl6LP5y1u\/scR1o3AaCwAAV8gbBVNQOBpuAAABNxA0yJ0HwRo2kUg5GkMLWv3LIW9bZ\/+pjZx0CoGr7LPlqjfgOPOLXgeADm9RiTIaXTD+uAsRNK2vP2ZsGXahxC9sjBUhoGJOMJlzjqJyAyTjvpVvse28Qg5S9JgwmD8p+ZaQYnYBaM5xATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0JQByay5vcmcsIDViMjJhOTUyL2YwOjc5OjYwOmQxOjdkOjM3LzIzN1kMOTA4NDIxMzI5MhIJU3VjY2VzcxkFU1BDTwYDAgAEUBIrffGqrk1JHmvfqoB\/bRcD"}
00221{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":322,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":711,"global_ts_usec":1528998342492938}
00321{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":3,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1528998342492938,"packet_id":322,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":711,"global_ts_usec":1528998342492938}
01285{"packet_event_id":1,"packet_event_name":"packet","packet_id":322,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"thread_ts_usec":1528998338669944,"pkt":"AAAMB6xAABRP+4rqCABFAMrbIVxAAP8RAAAKDEAexuIZNXIQBxQCxwAAAawCvx+brty2uhj+WwEK9jJ7XPQaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICSUASVNQUjEwGgkAADghDQM0NwZbIqnGATUwMzExNDgwMDczNjM4WTcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vciUAAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQwLWUwLTAwOlZlQml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwY2U1MmE5MjI1YiwgNWIycmE5NTIvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjM3BAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAgAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TzoCAQA4ATAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm8lABoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhcmQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwMxGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJGhcAAFfIHRFWWlcgQzIgXGVZdCBMYWIaCwAAV8glBVZ6VxoNAAA4IQ6qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00221{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":324,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":691,"global_ts_usec":1528998342974275}
00321{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":4,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1528998342974275,"packet_id":324,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":691,"global_ts_usec":1528998342974275}
01257{"packet_event_id":1,"packet_event_name":"packet","packet_id":324,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":725,"pkt_l4_len":0,"thread_ts_usec":1528998342683946,"pkt":"AAAMB6xAABRP+4rqCABFACUAIV1AAP8RAAAKDEAexuIZNXIQBxQCswAAAa0Cqyd5am7x7at665a6XdQ818IaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADhEDQM0NwZbIqnGATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZiAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkSzEwZmYxMGFjMDAwMDAwY2U1MmE5MjI1YiwgNWIyMmE5NTIvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjM3BAasFGYQIA5WSldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TyYCAgAkFwEAIAsFAACkCLiSdrciiCUA2Lhjf5WeAwIAIFh8yjsaFAAAV8gHDlZaV0My1GVzdExhYhoKAABXyAgERSUAEEYAV8gKClN0YW5kYXJkGhAAAFfICwpUZXN0IExhYhoJAABXyA8DMRoKAABXyBAETkoaEQAAV8gRC0x5bmRodXJzdBoMAABXyBIGAAAAyRoXAABXyB0RVlpXIEMyIFSqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":327,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528998346991239,"flow_src_last_pkt_time":1528998346991239,"flow_dst_last_pkt_time":1528998346991239,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":197,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":197,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":197,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528998346991239,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29208,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00775{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":327,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_src_last_pkt_time":1528998346991239,"flow_dst_last_pkt_time":1528998346991239,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_usec":1528998346991239,"pkt":"ABRP+4rqcNuTVcUnCABFAADhDRdAAPwRRrPG4hk1CgxAHgcUchgAzQnPC64AxTy6++0fAX35UVXUpCEgeNcBNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE5NTIvZjAlADk6QTA6ZCUAN2Q6MzcvMjM3T0oBAgBIFwEAAAEFAAB+LhDHIi3oCVbmy0rSchdaAgUAAJdIOUyErgAA73piWKcgvT+LAQACCwUAAEZfsVUxfYxGJMfW\/6iCQHdQEgwvQS2NfxbBCfFadP4Rx2E="}
@@ -514,7 +514,7 @@
00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":328,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528998347284506,"flow_src_last_pkt_time":1528998347284506,"flow_dst_last_pkt_time":1528998347284506,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":683,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":683,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":683,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528998347284506,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29289,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01422{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":328,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_src_last_pkt_time":1528998347284506,"flow_dst_last_pkt_time":1528998347284506,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":725,"pkt_l4_len":691,"thread_ts_usec":1528998347284506,"pkt":"AAAMB6xAABRP+4rqCABFAALHIV9AAP8RAAAKDEAexuIZNXJpBxQCswAAAa8Cq915o4ky+NTjcjv0F1wXmegaCgAAV8gOBFVTGgwAADHIDQZ3aWZpGg8AAFfICRlXSVNQUjEwGgkAADghDQM0NwZbIqnLATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDEjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQw72UwLTAwOlYlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjaTAwMDAwY2U1MmE5MjI1YiwgNWIyMmE5NSUAZjA6Nzk6NjA6ZDE6N2Q6MzcvMjM3UwasFAEQIA5WWldDMlRlc3SHYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TyYCAgAkFwEAAAsFAAA+8R0Z7LSWHOP9VffmhYCuAwIAIG5bieAaFAAAV8gHDlZaV0MyVGVzdExhahoKAABXyAgERVQaEAAA+8gKClN0YW5kYXJkGhAAAFfICwhUZXN0IExhYhoJAABXyA8DMRoKAABXyBAETkpiEQAAV8gRC055bmRodXJzdBoMACU4yKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00883{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":328,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528998347284506,"flow_src_last_pkt_time":1528998347284506,"flow_dst_last_pkt_time":1528998347284506,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":683,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":683,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":683,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528998347284506,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29289,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","proto_id":"146","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00203{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":329,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_usec":1528998347461328}
00303{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":5,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1528998347461328,"packet_id":329,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_usec":1528998347461328}
00714{"packet_event_id":1,"packet_event_name":"packet","packet_id":329,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":318,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"thread_ts_usec":1528998347284506,"pkt":"ABRP+4rqcNuYVcUnqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
00933{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":330,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":92,"flow_dst_packets_processed":85,"flow_first_seen":1528996068129675,"flow_src_last_pkt_time":1528998346794463,"flow_dst_last_pkt_time":1528998343169290,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":143,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":703,"flow_dst_max_l4_payload_len":276,"flow_src_tot_l4_payload_len":62331,"flow_dst_tot_l4_payload_len":16627,"midstream":0,"thread_ts_usec":1528998347284506,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","proto_id":"146","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00924{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":330,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528998226495276,"flow_src_last_pkt_time":1528998226495276,"flow_dst_last_pkt_time":1528998226495276,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":703,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":703,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":703,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528998347284506,"l3_proto":"ip4","src_ip":"10.12.82.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","proto_id":"146","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
@@ -534,7 +534,7 @@
00921{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":338,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528998307737757,"flow_src_last_pkt_time":1528998307737757,"flow_dst_last_pkt_time":1528998307737757,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":197,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":197,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":197,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528998376770988,"l3_proto":"ip4","src_ip":"198.7.9.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","proto_id":"146","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00924{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":338,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528998314309308,"flow_src_last_pkt_time":1528998314309308,"flow_dst_last_pkt_time":1528998314309308,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528998376770988,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.81.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","proto_id":"146","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00924{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":338,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528998260831633,"flow_src_last_pkt_time":1528998260831633,"flow_dst_last_pkt_time":1528998260831633,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528998376770988,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.82.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","proto_id":"146","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00200{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":1,"packet_id":339,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","protocol":2048,"global_ts_usec":1528998557316433}
00300{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1528998557316433,"packet_id":339,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","protocol":2048,"global_ts_usec":1528998557316433}
00529{"packet_event_id":1,"packet_event_name":"packet","packet_id":339,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":179,"pkt_l4_len":0,"thread_ts_usec":1528998557233595,"pkt":"ABRP+4rqcNuYVcUnCAAlAAClD1JAAPwRRKvG4hk+CgxAHgcUchAAkYCWC7QAiR2+QwBH7d0zmbIWMmGskGYBNTAzMTE0ODAwNzEzqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00922{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":341,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528998338382096,"flow_src_last_pkt_time":1528998338382096,"flow_dst_last_pkt_time":1528998338382096,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":197,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":197,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":197,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528998557443000,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.73","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","proto_id":"146","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00922{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":341,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528998279797842,"flow_src_last_pkt_time":1528998279797842,"flow_dst_last_pkt_time":1528998279797842,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":655,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":655,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":655,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528998557443000,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.80.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","proto_id":"146","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
@@ -563,7 +563,7 @@
00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":342,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528998576181572,"flow_src_last_pkt_time":1528998576181572,"flow_dst_last_pkt_time":1528998576181572,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528998576181572,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1814,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":342,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_src_last_pkt_time":1528998576181572,"flow_dst_last_pkt_time":1528998576181572,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_usec":1528998576181572,"pkt":"ABRP+4rqcNuYVcUnCABFAAClD7RAAPsRRVLG4hk1CgxAHgcWchAAkUUeC7YAjbHF+KxzM1jmiRGRdJnwnSQBNTAzMTE0ODAwNzEzOTQzMDRAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmFhOTAvYjA6OWY6YmE6NGE6MGU6N2UvMjQzTw4BAAAMFwwAAAwBf\/xQEmpMlHIe9v0pkoCIcMRZLH4="}
01387{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":2,"flow_src_last_pkt_time":1528998576307744,"flow_dst_last_pkt_time":1528998576080956,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":697,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":697,"pkt_l4_len":663,"thread_ts_usec":1528998576307744,"pkt":"AAAMB6xAABRP+4rqCABFAAKrIWVAAP8RAAAKDEAexuIZNXIQBxQClwAAAbcCj0ICRJPAa6Qqmxpo\/C0gFa8aCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQM3NwZbIqqwAWEwMzExNDgwMDdhMzk0MzA0QHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TYjAtOWYtYmEtNGEtMGUtN2UeJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwZDQ5MGFhMjI1YiwgNWIyMmFhOTAvYjA6OWQ6YmE6NGE6MGU6N2Uvqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00221{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":344,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":172,"global_ts_usec":1528998576381929}
00321{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1528998576381929,"packet_id":344,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":172,"global_ts_usec":1528998576381929}
00567{"packet_event_id":1,"packet_event_name":"packet","packet_id":344,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":206,"pkt_l4_len":0,"thread_ts_usec":1528998576307744,"pkt":"ABRP+4rqcNuYVcUnCABFAADAD7hAAfwRRDPG4hk1CgxAHgcUchAArCnlA7cApDiN+d11wTNhp6tcCWDiFuUBNTAzMTE0ODAwNzEzOTQzMDRAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmFhOTAvYjA6OWY6YmE6NGE6MGU6N2UvMjQzEiIzMjc2NCBTdWJzYydpYmVyIG5vdCBwcm92aXNpb25lZEcHBAEABwBQEmSUFMWhON8\/wqCGcP\/+Ta0="}
00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":345,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528998584808225,"flow_src_last_pkt_time":1528998584808225,"flow_dst_last_pkt_time":1528998584808225,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":703,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":703,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":703,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528998584808225,"l3_proto":"ip4","src_ip":"57.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":28948,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_src_last_pkt_time":1528998584808225,"flow_dst_last_pkt_time":1528998584808225,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"thread_ts_usec":1528998584808225,"pkt":"AAAMB6xAABRP+4rqCABFAALbIWZAAP8RAO05DEAexuIZNXIQcRQCxwAAAbgCv9zxrJZG2dsJ+s9nZZp6aFsaCgAAV8gOBFVTGgwAAFfIDQYlAGZpGg8AAFfICQlXSVNQUjEwGgkAADghDQM4NwZbIqq4ATUwMzExNDgwMjUwODY0NjI4AXdsYW4ubW5jNDgwDm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TMDAtNTYtY2QtNmQtNDItNTkeJTZjLWIyLWFlLThlLTMxLTgwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPbEwZmYxMGFjMDAwMDAwY2M3OGE4MjI1YiwgNWIyMmE4NzgvMDA6NTY6Y2Q6NmQ6NDI6NTkvMjM1BAasFAEQIKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
@@ -571,7 +571,7 @@
00775{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_src_last_pkt_time":1528998585019610,"flow_dst_last_pkt_time":1528998585019610,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_usec":1528998585019610,"pkt":"ABRP+4rqcNuYVcUnCABFAADhD9lAAPwRdvHG4hk1CgxAHgcUWBAAzQh\/C7gAxWTiZLZdO+cme7xhCKfM6MYBNTAzMTE0ODAyNTA4NjQ2MjhAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE4NzgvMDA6NTY6Y2Q6d2Q6NDI6NTkvMjM1T0oBAgBIFwEAAAEFAADyCxcI7XkaT0UFvUk8tJ2YAgUAAMJakSoc8QAAT38LtnrvLnGLAQACCwUAADQNzAWg+MfiRgxSS6PGeYdQEs5faleq8GPWzRgEVPv2RUo="}
00883{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":346,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528998585019610,"flow_src_last_pkt_time":1528998585019610,"flow_dst_last_pkt_time":1528998585019610,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":197,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":197,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":197,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528998585019610,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":22544,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","proto_id":"146","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
01423{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":3,"flow_src_last_pkt_time":1528998585268788,"flow_dst_last_pkt_time":1528998576080956,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":725,"pkt_l4_len":691,"thread_ts_usec":1528998585268788,"pkt":"AAAMB6xAABRP+4rqCABFAALHIWdAAP8RAAAKDEAexuIZNXIQBxQCswAAAbkCqwwIsTK62hmv9RZW9\/f12AIaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQM4NwZbIqq5ATUwMzExNDgwMjUwODY0NjKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00221{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":348,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":284,"global_ts_usec":1528998585453134}
00321{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1528998585453134,"packet_id":348,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":284,"global_ts_usec":1528998585453134}
00714{"packet_event_id":1,"packet_event_name":"packet","packet_id":348,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":318,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"thread_ts_usec":1528998585268788,"pkt":"ABRP+4rqcNuYVcUnCABFADUwD91AAPwRQ57G4hk1CgxAHgcUchABHJkzArkBFPuMuhZj3jbkVosdPxLeAO4aCwAAV8gbBVNQQxpuAAABNxA0w9JZoXWsZGeHUoYiJ9p40yJPEfSCC1VPuzQcz\/tcT9Zniiv93vAfl8Sqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
00583{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":349,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","packets-captured":349,"packets-processed":285,"total-skipped-flows":0,"total-l4-payload-len":123530,"total-not-detected-flows":15,"total-guessed-flows":3,"total-detected-flows":55,"total-detection-updates":0,"total-updates":132,"current-active-flows":6,"total-active-flows":76,"total-idle-flows":70,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":576,"global_ts_usec":1528998601376404}
00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":353,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528998605741189,"flow_src_last_pkt_time":1528998605741189,"flow_dst_last_pkt_time":1528998605741189,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":629,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":629,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":629,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528998605741189,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1813,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -585,9 +585,9 @@
00929{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":355,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1528998257171672,"flow_src_last_pkt_time":1528998557443000,"flow_dst_last_pkt_time":1528998257456042,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":655,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":703,"flow_dst_max_l4_payload_len":164,"flow_src_tot_l4_payload_len":2061,"flow_dst_tot_l4_payload_len":301,"midstream":0,"thread_ts_usec":1528998605816574,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.62","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","proto_id":"146","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00738{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":356,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528998636010967,"flow_src_last_pkt_time":1528998636010967,"flow_dst_last_pkt_time":1528998636010967,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":145,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":145,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":145,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528998636010967,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","l4_proto":37,"flow_datalink":1,"flow_max_packets":3}
00696{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":356,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_src_last_pkt_time":1528998636010967,"flow_dst_last_pkt_time":1528998636010967,"flow_idle_time":620000000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_usec":1528998636010967,"pkt":"ABRP+4rqcNuYVcUnCABFAAClEJJAAPslAHTG4hk1CgxAHgcUchAAkT3yC70AiXLX5bK1bcbjOxq4bylP028BNTAzMTE0ODAyMxg1Njg2MzFAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZyxiNWIyMmFhZWIvOTA6YjA6ZWQ6NGU6Nzc6YTMvMjQ1Tw4BAAAMFwwAAAxRf\/xQEvTT2\/+5xTPwYXYdoAWLt9A="}
00202{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":357,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":2064,"global_ts_usec":1528998636143546}
00302{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1528998636143546,"packet_id":357,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":2064,"global_ts_usec":1528998636143546}
01221{"packet_event_id":1,"packet_event_name":"packet","packet_id":357,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":697,"pkt_type":2064,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":697,"pkt_l4_len":0,"thread_ts_usec":1528998636010967,"pkt":"AAAMB6xAABRP+4rqCBBFAAKrIWxAAP8RAAAKDEAexuIZNXIQBxQClwAAAb4Cj8yIFnOZ6cZavy+ov11X2XMaCgAAV8gOBKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00203{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":361,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":22528,"global_ts_usec":1528998639586727}
00303{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1528998639586727,"packet_id":361,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":22528,"global_ts_usec":1528998639586727}
01222{"packet_event_id":1,"packet_event_name":"packet","packet_id":361,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":697,"pkt_type":22528,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":697,"pkt_l4_len":0,"thread_ts_usec":1528998639447671,"pkt":"AAAMB6xAABRP+4rqWABFAAKrIW5AAP8RAAAKCEAexuIZNXIQBxQClwAAAcACj3BXfw4b3GMlZswG9bQoL7gaCgAAV8gOBFVTGgwAAFfIDQZXaWZpJQAAAFfICQlXSVNQUjEwGgkAADghDQMzNwZbIqrvATUwMzExNDgwMjMyNTY4NjMxQHdsYW4ubW5jNDkwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TOTAtYjAtZWQtNGUtNzctYTMeJTAwLWE3LTQyLWQwLWUwLXAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJESthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwZDZlYmFhMjI1YiwgNWIybWFhZWIvOTA6YjA6ZWQ6NGU6Nzc6YTMvMjQ1BAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2T2cCAAAIbQwAABoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhcmQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwMxGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJGhdWAFfIHRFWWlcgQzIgVGVzdDdMYWIaCwAAV8glBVZ6VxoNAAA4IQ4HMDcwNzEaDAAAOCERcAAAAAAaFQAAOCESD0ludmFsaWQgVmFsdWUaHQAAOCETFzQwLjgwNDg4Mk4tNzQuMTAyODM5VxoMAAA4IRQGAAABAhoMAAA4IRUGAAAAAhoVAAA4IRYPU3RhZGl1bURpcmVjdBoMAAAFgwcGwFBKmVASZHVbxXaB7Y4HBclkU5O1hA=="}
00928{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":366,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":7,"flow_first_seen":1528998576080956,"flow_src_last_pkt_time":1528998643272189,"flow_dst_last_pkt_time":1528998643334661,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":655,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":703,"flow_dst_max_l4_payload_len":276,"flow_src_tot_l4_payload_len":6191,"flow_dst_tot_l4_payload_len":1239,"midstream":0,"thread_ts_usec":1528998643334661,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","proto_id":"146","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00927{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":366,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1528998257171672,"flow_src_last_pkt_time":1528998557443000,"flow_dst_last_pkt_time":1528998257456042,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":655,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":703,"flow_dst_max_l4_payload_len":164,"flow_src_tot_l4_payload_len":2061,"flow_dst_tot_l4_payload_len":301,"midstream":0,"thread_ts_usec":1528998643334661,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.62","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","proto_id":"146","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
@@ -613,6 +613,6 @@
~~ total memory freed........: 6181702 bytes
~~ total allocations/frees...: 122644/122644
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 204 chars
~~ json string min len.......: 304 chars
~~ json string max len.......: 2255 chars
~~ json string avg len.......: 1229 chars
~~ json string avg len.......: 1279 chars

8
test/results/fuzz-2021-06-07-c6c72a0a56.pcap.out
View File

@@ -1,8 +1,8 @@
00506{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":3265032704,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
00569{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1953631155595384}
00258{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":1,"source":"fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","size":48,"expected":4093509168,"global_ts_usec":1953631155595384}
00358{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1953631155595384,"packet_id":1,"source":"fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","size":48,"expected":4093509168,"global_ts_usec":1953631155595384}
00357{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":48,"pkt_l4_len":0,"thread_ts_usec":1953631155595384,"pkt":"\/wAAJAAjAMBfnZUlCABF\/4mFRACAAFARjVhmboAgAAb\/AAho0tcI0wgALf8gewty"}
00223{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":1,"source":"fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","l4_data_len":14,"global_ts_usec":1953631155595384}
00323{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1953631155595384,"packet_id":1,"source":"fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","l4_data_len":14,"global_ts_usec":1953631155595384}
00357{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":48,"pkt_l4_len":0,"thread_ts_usec":1953631155595384,"pkt":"\/wAAJAAjAMBfnZUlCABF\/4mFRACAAFARjVhmboAgAAb\/AAho0tcI0wgALf8gewty"}
00571{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1953631155595384}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
@@ -17,6 +17,6 @@
~~ total memory freed........: 6034017 bytes
~~ total allocations/frees...: 121477/121477
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 228 chars
~~ json string min len.......: 328 chars
~~ json string max len.......: 576 chars
~~ json string avg len.......: 403 chars
~~ json string avg len.......: 451 chars

6
test/results/fuzz-2021-10-13.pcap.out
View File

@@ -1,6 +1,6 @@
00495{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"fuzz-2021-10-13.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":3265032704,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
00557{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"fuzz-2021-10-13.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":980658803882137}
00206{"error_event_id":1,"error_event_name":"Unknown datalink layer packet","datalink":0,"packet_id":1,"source":"fuzz-2021-10-13.pcap","alias":"nDPId-test","layer_type":3080300,"global_ts_usec":980658803882137}
00305{"error_event_id":1,"error_event_name":"Unknown datalink layer packet","datalink":0,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":980658803882137,"packet_id":1,"source":"fuzz-2021-10-13.pcap","alias":"nDPId-test","layer_type":3080300,"global_ts_usec":980658803882137}
00546{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"fuzz-2021-10-13.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":197,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":197,"pkt_l4_len":0,"thread_ts_usec":980658803882137,"pkt":"AC8AbGXLAAAAlQZ\/NAA6MDA1L3VwbG8yZD9sPTAuAAAAAAAAAAA9AAAAgAGtAAAAPAEAADUAMMkAAFsEMjk5oIBtrTHFxwpdEDIAAQBGAAAAaXAAc+dXAAAAAAAIAAoAAAD\/MvsABgAAAAAAAAAAAAAAAAAAAAAkABAAAAAAAAA8AQAAAAAACJcFAAAA\/zL7AAYAAP9NPLKhAgAAAI8NOwAAAH8AAhwAAQAAAAAAECA\/BeIoAAAAACA9eC75+f\/\/xQAAAAA="}
00559{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"fuzz-2021-10-13.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":5,"global_ts_usec":980658803882137}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
@@ -15,6 +15,6 @@
~~ total memory freed........: 6034017 bytes
~~ total allocations/frees...: 121477/121477
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 211 chars
~~ json string min len.......: 310 chars
~~ json string max len.......: 564 chars
~~ json string avg len.......: 387 chars
~~ json string avg len.......: 430 chars

6
test/results/gnutella.pcap.out
View File

@@ -1,5 +1,5 @@
00488{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"gnutella.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":3265032704,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
00175{"error_event_id":4,"error_event_name":"Packet too short","datalink":1,"packet_id":1,"source":"gnutella.pcap","alias":"nDPId-test","size":4,"expected":14,"global_ts_usec":22}
00261{"error_event_id":4,"error_event_name":"Packet too short","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":22,"packet_id":1,"source":"gnutella.pcap","alias":"nDPId-test","size":4,"expected":14,"global_ts_usec":22}
00260{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"gnutella.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":4,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":4,"pkt_l4_len":0,"thread_ts_usec":22,"pkt":"AAAAAA=="}
00683{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":9752391,"flow_src_last_pkt_time":9752391,"flow_dst_last_pkt_time":9752391,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":9752391,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ffa4:e108","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3}
00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":9752391,"flow_dst_last_pkt_time":9752391,"flow_idle_time":140000000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":78,"pkt_l4_len":24,"thread_ts_usec":9752391,"pkt":"MzP\/pOEICAAn5uVZht1gAAAAABg6\/wAAAAAAAAAAAAAAAAAAAAD\/AgAAAAAAAAAAAAH\/pOEIhwAMIAAAAAD+gAAAAAAAAMUNUZ+WpOEI"}
@@ -6536,6 +6536,6 @@
~~ total memory freed........: 7778018 bytes
~~ total allocations/frees...: 138009/138009
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 180 chars
~~ json string min len.......: 265 chars
~~ json string max len.......: 2514 chars
~~ json string avg len.......: 1347 chars
~~ json string avg len.......: 1389 chars

6
test/results/gtp_prime.pcapng.out
View File

@@ -1,6 +1,6 @@
00491{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"gtp_prime.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":3265032704,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
00554{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"gtp_prime.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1424882324190538}
00191{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1,"source":"gtp_prime.pcapng","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1424882324190538}
00291{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1424882324190538,"packet_id":1,"source":"gtp_prime.pcapng","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1424882324190538}
00682{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"gtp_prime.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":300,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":300,"pkt_l4_len":0,"thread_ts_usec":1424882324190538,"pkt":"tjL\/AAFBtij\/AAFBgQAAZIEAAGcIAEXAARYAAAAAPxEI+QoKNgEKCicK\/EQNOgEC27Eu8AD0AAR+AfwA7wEBHAYA6b9gggDkgAFggwgTACEAAAAA8KQGgAQKCjUBhQQHkAAAhwVlaHJwZIgC8SGpCKAGgAQBAAAGiwEBrIIAKjAogwIDSIQCA0iFAQKGCRUCJRY4RCsAAKkQgQEIhgEJhwNMS0CIA0xLQI0JFQIlFjgBKwAAjgErjwEAsCKkIAYOKwYBBAGyfwMBAkYEAQCBAQCiCzAJAgEBAgEBgQEOkgpBTFUtTk9ERTAxlAEBlQEAlwIBAJgBA54BA58iAQG\/JAaABAoKBgOfJQMTIBCfJgkVAiUWOAArAACfJwkVAiUWOEQrAACfKAQHkAAA"}
00556{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"gtp_prime.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":5,"global_ts_usec":1424882324190538}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
@@ -15,6 +15,6 @@
~~ total memory freed........: 6034017 bytes
~~ total allocations/frees...: 121477/121477
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 196 chars
~~ json string min len.......: 296 chars
~~ json string max len.......: 687 chars
~~ json string avg len.......: 426 chars
~~ json string avg len.......: 470 chars

18102
test/results/ip_fragmented_garbage.pcap.out
View File

File diff suppressed because it is too large Load Diff

8
test/results/ipv6_in_gtp.pcap.out
View File

@@ -1,9 +1,9 @@
00491{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ipv6_in_gtp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":3265032704,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
00554{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"ipv6_in_gtp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1536839120404326}
00191{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1,"source":"ipv6_in_gtp.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1536839120404326}
00291{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1536839120404326,"packet_id":1,"source":"ipv6_in_gtp.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1536839120404326}
00483{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"ipv6_in_gtp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":150,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":150,"pkt_l4_len":0,"thread_ts_usec":1536839120404326,"pkt":"AAAAAAACNLNUB8pWgQAMoYEAYAUIAEVoAIBoSQAA\/xHueQruUBoK7v5LCGgIaABsAAAw\/wBcEoCPuGAIuFIANBFAJgf8IEBSA55JCupNF\/7gnP0Al2q8Zxk+AAAAAAAAAAe\/4GQ6ADQ3SIBuFZfDWsIvMrWrNfP4Fx5OYe4CUCXgPs5ziPlz8hT\/27dLl2xtqJbPLkrE"}
00554{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":2,"source":"ipv6_in_gtp.pcap","alias":"nDPId-test","packets-captured":2,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":5,"global_ts_usec":1536840494424533}
00191{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2,"source":"ipv6_in_gtp.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1536840494424533}
00291{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1536840494424533,"packet_id":2,"source":"ipv6_in_gtp.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1536840494424533}
00506{"packet_event_id":1,"packet_event_name":"packet","packet_id":2,"source":"ipv6_in_gtp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":166,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":166,"pkt_l4_len":0,"thread_ts_usec":1536839120404326,"pkt":"AAAAAAABNLNUB8pVgQAMn4EAQAIIAEVYAJD2QgAA\/xGMPAruJFwK7v5NCGgIaAB8AAAw\/wBsB0wVsGANtkgARDJAKgEEyMAUFE4AAQAClFtnYSoBBMjwAA9JAAAAAAAAAAT\/O2YDAAAAQhlm1OFxgeTba50SyREjm3lFbPc9lgrLUcRYebJHYlYzSCeWv2L\/IjSAXfS1U+Rh4DDxR7yVXb8kOaI3Xg=="}
00556{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"ipv6_in_gtp.pcap","alias":"nDPId-test","packets-captured":2,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_usec":1536840494424533}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
@@ -18,6 +18,6 @@
~~ total memory freed........: 6034017 bytes
~~ total allocations/frees...: 121477/121477
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 196 chars
~~ json string min len.......: 296 chars
~~ json string max len.......: 561 chars
~~ json string avg len.......: 377 chars
~~ json string avg len.......: 426 chars

26
test/results/ja3_lots_of_cipher_suites.pcap.out
View File

@@ -1,26 +1,26 @@
00505{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":3265032704,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
00568{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1557818846743554}
00205{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1557818846743554}
00305{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1557818846743554,"packet_id":1,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1557818846743554}
00390{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":74,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":74,"pkt_l4_len":0,"thread_ts_usec":1557818846743554,"pkt":"AAAAAAABsKp3tUhAgQAAXYEAAQIIAEUAADTDSUAAPwad0wrOgxIKzkH55SEBu84u1gAAAAAAgAJyEJdSAAACBAW0AQEEAgEDAwI="}
00205{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1557818846744536}
00305{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1557818846744536,"packet_id":2,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1557818846744536}
00390{"packet_event_id":1,"packet_event_name":"packet","packet_id":2,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":74,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":74,"pkt_l4_len":0,"thread_ts_usec":1557818846743554,"pkt":"AAAAAAABAAd9VAeAgQAAXYEAAQIIAEUAADQAAEAAPQZjHQrOQfkKzoMSAbvlIcEFrEzOLtYBgBI5CGLyAAACBAW0AQEEAgEDAwc="}
00205{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":3,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1557818846771521}
00305{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":3,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1557818846771521,"packet_id":3,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1557818846771521}
00382{"packet_event_id":1,"packet_event_name":"packet","packet_id":3,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":68,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":68,"pkt_l4_len":0,"thread_ts_usec":1557818846743554,"pkt":"AAAAAAABsKp3tUhAgQAAXYEAAQIIAEUAACjDSkAAPwad3grOgxIKzkH55SEBu84u1gHBBaxNUBAchMBIAAAAAAAAAAA="}
00205{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":4,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1557818846773036}
00305{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":4,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1557818846773036,"packet_id":4,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1557818846773036}
01454{"packet_event_id":1,"packet_event_name":"packet","packet_id":4,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":866,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":866,"pkt_l4_len":0,"thread_ts_usec":1557818846743554,"pkt":"AAAAAAABsKp3tUhAgQAAXYEAAQIIAEUAA0zDS0AAPwaauQrOgxIKzkH55SEBu84u1gHBBaxNUBgchP+6AAAWAwMDHwEAAxsDA7MBwRcglDZhL6NP+OfprwtR2a2+EN2bALWxOtNOmOORAAK8AA8AxQCVwJHADcCrwH8AEQDDACXAhwCPAKvABMCZwEoAO8wU5BQAwcCbACbAaQCzALHAJACUAEMARcBlAD3AosBXAI3AEwAZABcAaeQbAGTACswV5BkApQApwD7AW8B0zBPAXAASwBfAhQAnABMAnQCZAAsAiQABACLAlcCBwAvAOcBmwCPkEwCHAG3AGMBjABrkEAA1wDAAKMB+wCAAOMCfACwAMcAvALUALsBfwG\/ALsCYAAMAmwACAC\/AP8AcAJfAKgC3AD7AgwCgwAcAhsAtwFIAkgAGwCEANABqADnAZAAMAGAAgMAdwIrAdsARwKUAhABBAAgArsAywHzARcCcALvATgA2ALwAYgC4AKjAfQAUAJYAkcBgwKfAVcBw5BYAQgBhwAXAPcBZwAkAaAC5wB8AZ8CeAGbAcsA2AKYAhQCwwFEAgsCQwDzkHsCgwBQAjgCT5B\/AqgCpAIHAqMBHAAQAEMADwFjApMAxAEvAFeQVAIgAvgCawAIArMA1wGcAScA4AAkALQC9wGHkHcBPAGvAOwBHABsAp8BQwJLAG8BaAEDAegAgAIMAo8BewEbAFsASAJDAEACfAK3AYsBtwIDAe8CIACsAnAANwCUAMMCWwCzAhMBsAAXATcBqwKHAGQCY5BfAVAAWAB7AKMB5wIbAmgBjwFbAjwBMwEzAncAzACPAa8ABAKrAdwCkAKHAeADEwCLAjsA6AD8AbABKwAgAMsCpADrAQAAHAMLANMCmwHHAGsCLAEYAPAAzAL\/AK8AnAKLAS8BTACTADsBIAETAHsBEAB\/kGMCNALoAtgC05BrABsBCwEnAQwCK5BIASAAKAIsANwAVAMAAnsCCwIzAJsAPAGUAjMCJwKPAcwAqwG7AXcBoACHAlwCywDfkHMApwJMAr8B1wEEAAAAOwAzAlOQRABgA\/wEAADYACgAGAAQAFwAYAA0AIAAeAgEDAQQBBQEGAQICAwIEAgUCBgICAwMDBAMFAwYDAAsABAMAAQI="}
00205{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":5,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1557818846773618}
00305{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":5,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1557818846773618,"packet_id":5,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1557818846773618}
00382{"packet_event_id":1,"packet_event_name":"packet","packet_id":5,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":68,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":68,"pkt_l4_len":0,"thread_ts_usec":1557818846743554,"pkt":"AAAAAAABAAd9VAeAgQAAXYEAAQIIAEUAACjoA0AAPQZ7JQrOQfkKzoMSAbvlIcEFrE3OLtklUBAAf9kpAAAAAAAAAAA="}
00205{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":6,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1557818846909855}
00305{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":6,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1557818846909855,"packet_id":6,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1557818846909855}
02335{"packet_event_id":1,"packet_event_name":"packet","packet_id":6,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1522,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":1522,"pkt_l4_len":0,"thread_ts_usec":1557818846743554,"pkt":"AAAAAAABAAd9VAeAgQAAXYEAAQIIAEUABdzoBEAAPQZ1cArOQfkKzoMSAbvlIcEFrE3OLtklUBAAf4KWAAAWAwMAMQIAAC0DA6eY8O1X3X3mQxpK5jBthKXbggXTdMEwSebU\/C3eGyaMAABFAAAF\/wEAAQAWAwMKsAsACqwACqkABa0wggWpMIIEkaADAgECAgRcADaSMA0GCSqGSIb3DQEBCwUAMIGwMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxEjAQBgNVBAcMCVJvY2hlc3RlcjEaMBgGA1UECgwRWGVyb3ggQ29ycG9yYXRpb24xKzApBgNVBAsMIkdlbmVyaWMgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxMTAvBgNVBAMMKFhlcm94IEdlbmVyaWMgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMTgxMTI5MTg1NzIyWhcNMjMxMTI5MTg1NzIyWjCBsjELMAkGA1UEBhMCVVMxFDASBgNVBAgMC0Nvbm5lY3RpY3V0MRAwDgYDVQQHDAdOb3J3YWxrMRowGAYDVQQKDBFYZXJveCBDb3Jwb3JhdGlvbjEmMCQGA1UECwwdR2xvYmFsIFByb2R1Y3QgRGVsaXZlcnkgR3JvdXAxGDAWBgNVBAMMD1hSWDlDOTM0RTk0OUZFRjEdMBsGCSqGSIb3DQEJARYOdXNlckB4ZXJveC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzOO4XBzGAsvXAUZCvKlNS0ZkTg4CPeXJP+nJVRYA6XFVgcCBzykrSHCu0Y5U7SEcAp8qNsaTFqksYnK\/LydYXDbB8hopOYrLt9CybGPHIgOHFLqHcR7AQGMPPsqNseCPbVxC9MxESLkuuP6C+psPTMgU3We8QQepVTiTwRPkjbRt2ckXJmlv9RVwBZJw5H9Kj67ioINRaF7pzZa8+WXvRU7yezlug0Rzfp5ecju0QBU4VVZe3xUzfdZWz\/fJSPmAHkTaC2YSiwkocYvBT4zICg1P1PoEDtqIqZeii6N1m0v6iOX9IqiHmzg62Idlf1UVl5TDJNOjjpoWiNOg8STnRAgMBAAGjggHFMIIBwTAJBgNVHRMEAjAAMA4GA1UdDwEB\/wQEAwID6DARBglghkgBhvhCAQEEBAMCBeAwJwYJYIZIAYb4QgENBBoWGFhlcm94IERldmljZSBDZXJ0aWZpY2F0ZTBFBgNVHSUEPjA8BggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMEBggrBgEFBQcDBQYIKwYBBQUHAwYGCCsGAQUFBwMHMIHgBgNVHREEgdgwgdWkgbUwgbIxCzAJBgNVBAYTAlVTMRQwEgYDVQQIDAtDb25uZWN0aWN1dDEQMA4GA1UEBwwHTm9yd2FsazEaMBgGA1UECgwRWGVyb3ggQ29ycG9yYXRpb24xJjAkBgNVBAsMHUdsb2JhbCBQcm9kdWN0IERlbGl2ZXJ5IEdyb3VwMRgwFgYDVQQDDA9YUlg5QzkzNEU5NDlGRUYxHTAbBgkqhkiG9w0BCQEWDnVzZXJAeGVyb3guY29tghVYUlg5QzkzNEU5NDlGRUYubG9jYWyHBArOQfkwHQYDVR0OBBYEFMmJGzBJIOsjLFdZLeXCDp3CSY16MB8GA1UdIwQYMBaAFA5YSZ0ji1KMbT2VVkZ5iGGFcfkbMA0GCSqGSIb3DQEBCwUAA4IBAQB80KwxdBQ2CUwzB3yhxrGfnJ\/+Rn876RYYjG9vMongwqLQxzoMeih5ZYXUzZli4hz+h1LK1v\/Ege\/lnGMJWs5DzyRepcrJfNJyE84fIaiM7ydc4mgf4KSu\/x7gt5qX9YMDRXEHpueX87MCCsZd9AQjFk4qZRY0WhjFRvbThA5GqkFpCqA0X55jQpF7OHcvidnEDSSGJOscxoaULh4nHZ+rmU8zNBk1ygIMcR6kn+pbP+1LRFxtmg9WILz8X+C22fbQoA=="}
00205{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":7,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1557818846909875}
00305{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":7,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1557818846909875,"packet_id":7,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1557818846909875}
02338{"packet_event_id":1,"packet_event_name":"packet","packet_id":7,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1522,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":1522,"pkt_l4_len":0,"thread_ts_usec":1557818846743554,"pkt":"AAAAAAABAAd9VAeAgQAAXYEAAQIIAEUABdzoBUAAPQZ1bwrOQfkKzoMSAbvlIcEFsgHOLtklUBAAf385AAALxoVe5\/5I\/GDx\/TXFQSvGZzZlkxxeY6r7JfvE1MO5kSqJIylcqtI3CgZidU7wxPplCb4PCKG\/MIidVTuxRwAE9jCCBPIwggPaoAMCAQICAQIwDQYJKoZIhvcNAQELBQAwgbAxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazESMBAGA1UEBwwJUm9jaGVzdGVyMRowGAYDVQQKDBFYZXJveCBDb3Jwb3JhdGlvbjErMCkGA1UECwwiR2VuZXJpYyBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eTExMC8GA1UEAwwoWGVyb3ggR2VuZXJpYyBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eTAgFw0xNTExMTIyMzUyNDBaGA8yMDI0MDQxNTIzNTk1OVowgbAxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazESMBAGA1UEBwwJUm9jaGVzdGVyMRowGAYDVQQKDBFYZXJveCBDb3Jwb3JhdGlvbjErMCkGA1UECwwiR2VuZXJpYyBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eTExMC8GA1UEAwwoWGVyb3ggR2VuZXJpYyBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKt8bDMRhnfwJSIitgDFLpGuBprC4tMhmkGTeBAp8D9tAJoRmr+CQlMBB0pRzAN3w\/GP1z48MoOiOUPMjA0yAQqbt15H+uMuVo4oC0Zl\/CXAy2wCEdlvlnWBzsZx+on5aArVYHxCe638JGA7+LhPXCM+346VJRtjkNd9d11824SziT\/ygbTCBgVVvBQfxWREr4m3OIDTRnRYod7st+aMcTs4X8iIywZyrHXM2eAOP\/xODdJcpVCW5vx+mk6jJj73WVq\/XPDe0cXAxYE8sy6qGWTHvht48XMNGGpEESimKhn1YJiWKYBNbsKu1nbfEzD687rWbkrNMW0Sc\/MsgRTOAUcCAwEAAaOCAREwggENMB0GA1UdDgQWBBQOWEmdI4tSjG09lVZGeYhhhXH5GzCB3QYDVR0jBIHVMIHSgBQOWEmdI4tSjG09lVZGeYhhhXH5G6GBtqSBszCBsDELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRIwEAYDVQQHDAlSb2NoZXN0ZXIxGjAYBgNVBAoMEVhlcm94IENvcnBvcmF0aW9uMSswKQYDVQQLDCJHZW5lcmljIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MTEwLwYDVQQDDChYZXJveCBHZW5lcmljIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5ggECMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAFzBoKpnLrmCU34LZVg1dmsGoHKRK8ICHad1WmoTf8tebjslNeQND+QJaTFr3pX+k42\/n0u56QcCuzaiFTXHUV9FwQBXBhJRCC1Gw8JtD3KZTYD9IBg4q76pwMV3oYIc7yX0hApuPlis99BtrQ9uAJVJiqY61RayEgUpVpo+CewQOmF5JFd9ewI7lhRF\/1idFtJtNnVamFRvVESZUI+qwjibTBflOWhLITGcO7Wiztv2SGGWMWBXMEA04kzRXHZBKwPrVxAN4fFTRFJV+ONyDQcmGWoouPJiF2sv+h4P7L2o+Dy0iFjKIFY9A5Cg99pRDDKSRMAvCINP6g5IjDcjgJUWAwMDDwwAAwsBAMNj2BphFRDNLN7J8e1RH+Su2MMVc1DB3hpn71wBz6BtmNgWp4+Y2p9CQiEHz4mR1ejIQBfdfvytF2PniPCskclZXrLgsDC4r0hI53ROCdv4P1SZUaFs3carINdEGB1bHf8sdFbtL9NWvyl+LVW75HzWLA=="}
00205{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":8,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1557818846910003}
00305{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":8,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1557818846910003,"packet_id":8,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1557818846910003}
01291{"packet_event_id":1,"packet_event_name":"packet","packet_id":8,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":734,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":734,"pkt_l4_len":0,"thread_ts_usec":1557818846743554,"pkt":"AAAAAAABAAd9VAeAgQAAXYEAAQIIAEUAAsjoBkAAPQZ4ggrOQfkKzoMSAbvlIcEFt7XOLtklUBgAf3btAAArP3r0rVe0Aym6JLwpOw\/ARwhTpY9aS7jceyqxacIXzRspfll0u1\/NkXDZNHalNI0jifA02VmOaSzhsGzJ03fuqKyyLCUPurWOZCj\/m+yOkMFwArOo4uIOxsENzfQIgKhMCW3YH1KAEc\/D52lgcc5dEHoPQCigIQjo2dWhtfY\/oG4sKNF1rHdnRmXJwxczAAECAQCB0DPstOMfM5F8X5MwgsDlsx2xgwVyLIjRqp9YCi1KiPDkTsRRNZ9DD6t\/ryiWXZAQh9BkHB6TFnEabzzd3ZV133DGDkbN8ivrZ\/z57itpt2v72s73UcOj834+OvBHQFis\/1RjFZ7mfCgZRE7PIBkRRL\/Gn9PLQP0KlGyVBXaYBJTPMozKF3QO3V\/4LEH3gpTFO8WY5zmgwf\/CrWjV7llloR3tiNBaPGJTsW2xi2J6BP1sZieM89wnWuVbN6GqAOFNenvYif3wSlXllxAZenbfAoFQylIORWBw38yjKf3qIiHxBJU4ZxexUo\/O3\/t3hKHDSjcp4a7NNUxFPMsCxeC4AgEBAC3kckI79wHr9Jdk4qPrAuTCIIeE\/qBxvLET0Ua\/Ah37Jo0oIdRWbuCV7ge6meATSbHe7FqMhYpMG23Q4uSTupEwX5lZxUqx\/xIwzx\/AfDOL16722QUiKA21ChDMHjmqP5t7YWazRTsOuyLB6n0u9314zm7LNLRLxx5EGml4HiX5zxmVQR\/KEVEeOD+pMCY0IxlT35RaHC0aLunpBP\/ttxpaC85IzJ+shFeD9zYmMngnHXqhjgcuDFtGQMpQpLUFpMeo2O0rVIMdLlN1ZFuVyYVT661Vjz7ZgC7FvbaJEi5940Vlycu+kXQRVfxPb6IwVbYoX8euxN9GS2WsUJxqmpEWAwMABA4AAAA="}
00205{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":9,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1557818846937133}
00305{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":9,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1557818846937133,"packet_id":9,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1557818846937133}
00382{"packet_event_id":1,"packet_event_name":"packet","packet_id":9,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":68,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":68,"pkt_l4_len":0,"thread_ts_usec":1557818846743554,"pkt":"AAAAAAABsKp3tUhAgQAAXYEAAQIIAEUAACjDTEAAPwad3ArOgxIKzkH55SEBu84u2SXBBbIBUBAfXrSWAAAAAAAAAAA="}
00206{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":10,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1557818846938365}
00307{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":10,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1557818846938365,"packet_id":10,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1557818846938365}
00383{"packet_event_id":1,"packet_event_name":"packet","packet_id":10,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":68,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":68,"pkt_l4_len":0,"thread_ts_usec":1557818846743554,"pkt":"AAAAAAABAAd9VAeAgQAAXYEAAQIIAEUAACjoB0AAPQZ7IQrOQfkKzoMSAbvlIcEFulXOLtksUBAAf8saAAAAAAAAAAA="}
00206{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":11,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1557818846965822}
00307{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":11,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1557818846965822,"packet_id":11,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1557818846965822}
00383{"packet_event_id":1,"packet_event_name":"packet","packet_id":11,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":68,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":68,"pkt_l4_len":0,"thread_ts_usec":1557818846743554,"pkt":"AAAAAAABsKp3tUhAgQAAXYEAAQIIAEUAACifbEAAPwbBvArOgxIKzkH55SEBu84u2SwAAAAAUAQAAEcBAAAAAAAAAAA="}
00573{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":11,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","packets-captured":11,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":25,"global_ts_usec":1557818846965822}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
@@ -35,6 +35,6 @@
~~ total memory freed........: 6034017 bytes
~~ total allocations/frees...: 121477/121477
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 210 chars
~~ json string min len.......: 310 chars
~~ json string max len.......: 2343 chars
~~ json string avg len.......: 1275 chars
~~ json string avg len.......: 1325 chars

30
test/results/ja3_lots_of_cipher_suites_2_anon.pcap.out
View File

@@ -1,35 +1,35 @@
00512{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":3265032704,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
00575{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1505724520744830}
00258{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":1,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":114,"expected":118,"global_ts_usec":1505724520744830}
00358{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1505724520744830,"packet_id":1,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":114,"expected":118,"global_ts_usec":1505724520744830}
00452{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":114,"pkt_l4_len":0,"thread_ts_usec":1505724520744830,"pkt":"\/Ejvopo\/MNF+D2w+CABFuABkI90AAEARjIOEvvQMl3m5LAhoCGgAUAAAMv8AQAE8W3RuUAAARQAAPGNKQABABin+wKiTsZd5waDkgAG7Qsba5QAAAACgAjkIo+MAAAIEBbQEAggKAAu5rwAAAAABAwMF"}
00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1505724520744830,"flow_src_last_pkt_time":1505724520744830,"flow_dst_last_pkt_time":1505724520744830,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":72,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":72,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1505724520744830,"l3_proto":"ip4","src_ip":"132.190.244.12","dst_ip":"151.121.185.44","src_port":2152,"dst_port":2152,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00615{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1505724520744830,"flow_dst_last_pkt_time":1505724520744830,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":80,"thread_ts_usec":1505724520744830,"pkt":"\/Ejvopo\/MNF+D2w+CABFuABkI90AAEARjIOEvvQMl3m5LAhoCGgAUAAAMv8AQAE8W3RuUAAARQAAPGNKQABABin+wKiTsZd5waDkgAG7Qsba5QAAAACgAjkIo+MAAAIEBbQEAggKAAu5rwAAAAABAwMF"}
00898{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1505724520744830,"flow_src_last_pkt_time":1505724520744830,"flow_dst_last_pkt_time":1505724520744830,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":72,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":72,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1505724520744830,"l3_proto":"ip4","src_ip":"132.190.244.12","dst_ip":"151.121.185.44","src_port":2152,"dst_port":2152,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GTP.GTP_U","proto_id":"152.271","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1505724520744830,"flow_dst_last_pkt_time":1505724520947456,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1505724520947456,"pkt":"MNF+EIYg\/Ejv6KgaCABFAABgHZ4AAD0Rln6XebkshL70DAhoCGgATAAAMP8APEGxP1xFAAA8AABAADIGm0iXecGgwKiTsQG75IBV2gFiQsba5qAScSDmyQAAAgQFeAQCCAoxbvx\/AAu5rwEDAwc="}
00258{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":3,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":106,"expected":110,"global_ts_usec":1505724521281457}
00358{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1505724521281457,"packet_id":3,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":106,"expected":110,"global_ts_usec":1505724521281457}
00444{"packet_event_id":1,"packet_event_name":"packet","packet_id":3,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":106,"pkt_l4_len":0,"thread_ts_usec":1505724520947456,"pkt":"\/Ejvopo\/MNF+D2w+CABFuABcNCoAAEARfD6EvvQMl3m5LAhoCGgASAAAMv8AOAE8W3RxUAAARQAANGNLQABABioFwKiTsZd5waDkgAG7Qsba5lXaAWOAEAHJhFMAAAEBCAoAC7oNMW78fw=="}
00607{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1505724521281457,"flow_dst_last_pkt_time":1505724520947456,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1505724521281457,"pkt":"\/Ejvopo\/MNF+D2w+CABFuABcNCoAAEARfD6EvvQMl3m5LAhoCGgASAAAMv8AOAE8W3RxUAAARQAANGNLQABABioFwKiTsZd5waDkgAG7Qsba5lXaAWOAEAHJhFMAAAEBCAoAC7oNMW78fw=="}
00258{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":4,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":513,"expected":517,"global_ts_usec":1505724521624823}
00358{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"threshold_n":3,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1505724521624823,"packet_id":4,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":513,"expected":517,"global_ts_usec":1505724521624823}
00990{"packet_event_id":1,"packet_event_name":"packet","packet_id":4,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":513,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":513,"pkt_l4_len":0,"thread_ts_usec":1505724521281457,"pkt":"\/Ejvopo\/MNF+D2w+CABFuAHzPsUAAEARcAyEvvQMl3m5LAhoCGgB3wAAMv8BzwE8W3RzUAAARQABy2NMQABABihtwKiTsZd5waDkgAG7Qsba5lXaAWOAGAHJpLIAAAEBCAoAC7oOMW78fxYDAQGSAQABjgMDWb+IaLIesQWIv6YFz4XWzGx5xL0th24F2at6CJidHk8AAQbALMAwAJ\/ArcCfwCTAKABrwArAFAA5wK\/Ao8CHwIvAfcBzwHcAxACIwCvALwCewKzAnsAjwCcAZ8AJwBMAM8CuwKLAhsCKwHzAcsB2AL4ARcAIwBIAFgCrwKfAOACzwDYAkcCRwJvAl8CrAKrApsA3ALLANQCQwJDAlsCawKrANACPAJ3AnQA9ADXAMsAqwA\/ALsAmwAXAocB7AMAAhMCNwHnAicB1AJzAnAA8AC\/AMcApwA7ALcAlwATAoMB6ALoAQcCMwHjAiMB0AArADcADAK0AtwCVwJPAmQCsALYAlMCSwJgAkwCpwKUArwCNwI\/AlcCpAKjApACuAIzAjsCUwKgAiwD\/AQAAXwAAABMAEQAADjE5Mi42OS4xMzYuMTc5AA0AFgAUBgMGAQUDBQEEAwQBAwMDAQIDAgEACgAYABYAGQAcABgAGwAXABYAGgAVABQAEwASAAsAAgEAABYAAAAXAAAAIwAA"}
00258{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":9,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":106,"expected":110,"global_ts_usec":1505724523243945}
00358{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"threshold_n":4,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1505724523243945,"packet_id":9,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":106,"expected":110,"global_ts_usec":1505724523243945}
00445{"packet_event_id":1,"packet_event_name":"packet","packet_id":9,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":106,"pkt_l4_len":0,"thread_ts_usec":1505724522900342,"pkt":"\/Ejvopo\/MNF+D2w+CABFuABccWEAAEARPweEvvQMl3m5LAhoCGgASAAAMv8AOAE8W3R4UAAARQAANGNNQABABioDwKiTsZd5waDkgAG7QsbcfVXaBs+AEAIjeMYAAAEBCAoAC7rNMW7\/7w=="}
00259{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":10,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":106,"expected":110,"global_ts_usec":1505724523425476}
00359{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"threshold_n":5,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1505724523425476,"packet_id":10,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":106,"expected":110,"global_ts_usec":1505724523425476}
00446{"packet_event_id":1,"packet_event_name":"packet","packet_id":10,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":106,"pkt_l4_len":0,"thread_ts_usec":1505724523243945,"pkt":"\/Ejvopo\/MNF+D2w+CABFuABcdugAAEAROYCEvvQMl3m5LAhoCGgASAAAMv8AOAE8W3R5UAAARQAANGNOQABABioCwKiTsZd5waDkgAG7QsbcfVXaB5OAEAIjeAIAAAEBCAoAC7rNMW7\/7w=="}
00259{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":11,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":118,"expected":122,"global_ts_usec":1505724523784944}
00359{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"threshold_n":6,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1505724523784944,"packet_id":11,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":118,"expected":122,"global_ts_usec":1505724523784944}
00461{"packet_event_id":1,"packet_event_name":"packet","packet_id":11,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":118,"pkt_l4_len":0,"thread_ts_usec":1505724523425476,"pkt":"\/Ejvopo\/MNF+D2w+CABFuABogi4AAEARLi6EvvQMl3m5LAhoCGgAVAAAMv8ARAE8W3R6UAAARQAAQGNPQABABin1wKiTsZd5waDkgAG7QsbcfVXaB5OwEAIjg6MAAAEBCAoAC7rNMW8EIAEBBQpV2gbPVdoHkw=="}
00259{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":12,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":629,"expected":633,"global_ts_usec":1505724525364548}
00359{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"threshold_n":7,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1505724525364548,"packet_id":12,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":629,"expected":633,"global_ts_usec":1505724525364548}
01149{"packet_event_id":1,"packet_event_name":"packet","packet_id":12,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":629,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":629,"pkt_l4_len":0,"thread_ts_usec":1505724523784944,"pkt":"\/Ejvopo\/MNF+D2w+CABFuAJnsccAAEAR\/JWEvvQMl3m5LAhoCGgCUwAAMv8CQwE8W3R7UAAARQACP2NQQABABif1wKiTsZd5waDkgAG7QsbcfVXaB5OAGAIjv8IAAAEBCAoAC7rRMW8EIBYDAwIGEAACAgIAmOi+GN3N8UwFIOyGgG7fRoYqddIen6fJLfOoMdGcgjC7EXRuMLo4ueRPzuPNKTKsd0rXjIh8nF1luCtj74M6hLMrC8RgUQ8NtWnU+VyJ5ocLdxtzZF0gGB+1NhUGr48PAz8CyV8iWtZ4r5z1HdzPAjUZcbzNDe0GFdLkO0mrmT1V\/fADZpMXfOis2u6uwZpitz8p9IosL8QiH6+IqUMckXifdvysezYp9tH9I18YsH7HyCm46xkjwyg7bNLoY89xVSe+3KoGnCgNymiAS0DFirvRnfEhZ55M6aVqDHyopcrpE\/p7Ra+JZESNmMF2sYfinmGSLWypwRK8tqaU\/ff99MtBg4KsFRNdp7dUOalIiR2j+\/gLC7fy\/B8rinO1aEkQfPwupPH+TOkI6kU7p6ZpEMlgYUAeUCVVdw2kpGnwan1lhC7pX4eYGUKHCcYnb9WwWjN9kb1rdtJu6KJWHsmxhkqn+5IJXszwezV7EVVZplgJPkRBwWsUatOWpjd9GuEZrUofu+2zRAWb37O45WXULSMfnimMKJd4Xwqcyx7tqMpzzTK7dWYdIkVZW9y5jVbcfrEnX0PFjjBobFRt6z81tve44yNzWQLg\/BhIGmKgyP4ZWrM3REf0v0GIj8wfwr+jHsMczvQifNTnUyyug\/Xc6cQyMh8qaav4EhHbL4l4yFg="}
00259{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":13,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":112,"expected":116,"global_ts_usec":1505724525422029}
00359{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"threshold_n":8,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1505724525422029,"packet_id":13,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":112,"expected":116,"global_ts_usec":1505724525422029}
00454{"packet_event_id":1,"packet_event_name":"packet","packet_id":13,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":112,"pkt_l4_len":0,"thread_ts_usec":1505724525364548,"pkt":"\/Ejvopo\/MNF+D2w+CABFuABis2MAAEAR\/P6EvvQMl3m5LAhoCGgATgAAMv8APgE8W3R8UAAARQAAOmNRQABABin5wKiTsZd5waDkgAG7QsbeiFXaB5OAGAIjWbAAAAEBCAoAC7rRMW8EIBQDAwABAQ=="}
00259{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":14,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":151,"expected":155,"global_ts_usec":1505724525500430}
00359{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"threshold_n":9,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1505724525500430,"packet_id":14,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":151,"expected":155,"global_ts_usec":1505724525500430}
00505{"packet_event_id":1,"packet_event_name":"packet","packet_id":14,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":151,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":151,"pkt_l4_len":0,"thread_ts_usec":1505724525422029,"pkt":"\/Ejvopo\/MNF+D2w+CABFuACJtcMAAEAR+neEvvQMl3m5LAhoCGgAdQAAMv8AZQE8W3R9UAAARQAAYWNSQABABinRwKiTsZd5waDkgAG7QsbejlXaB5OAGAIj3G8AAAEBCAoAC7rRMW8EIBYDAwAoAAAAAAAAAADM1WLZBbPlOmD9XANW49sO0tmduGTuSuv4J+SEqWJkSA=="}
00259{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":21,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":151,"expected":155,"global_ts_usec":1505724526101283}
00360{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"threshold_n":10,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1505724526101283,"packet_id":21,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":151,"expected":155,"global_ts_usec":1505724526101283}
00505{"packet_event_id":1,"packet_event_name":"packet","packet_id":21,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":151,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":151,"pkt_l4_len":0,"thread_ts_usec":1505724525702072,"pkt":"\/Ejvopo\/MNF+D2w+CABFuACJx48AAEAR6KuEvvQMl3m5LAhoCGgAdQAAMv8AZQE8W3SBUAAARQAAYWNTQABABinQwKiTsZd5waDkgAG7QsbejlXaB5OAGAIj26cAAAEBCAoAC7uZMW8EIBYDAwAoAAAAAAAAAADM1WLZBbPlOmD9XANW49sO0tmduGTuSuv4J+SEqWJkSA=="}
00259{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":22,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":106,"expected":110,"global_ts_usec":1505724526161588}
00360{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"threshold_n":11,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1505724526161588,"packet_id":22,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":106,"expected":110,"global_ts_usec":1505724526161588}
00445{"packet_event_id":1,"packet_event_name":"packet","packet_id":22,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":106,"pkt_l4_len":0,"thread_ts_usec":1505724526101283,"pkt":"\/Ejvopo\/MNF+D2w+CABFuABcySMAAEAR50SEvvQMl3m5LAhoCGgASAAAMv8AOAE8W3SDUAAARQAANGNUQABABin8wKiTsZd5waDkgAG7Qsbeu1XaCFKAEAIjZNIAAAEBCAoAC7vdMW8PEg=="}
00261{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":24,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":1202,"expected":1206,"global_ts_usec":1505724526501623}
00362{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"threshold_n":12,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1505724526501623,"packet_id":24,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":1202,"expected":1206,"global_ts_usec":1505724526501623}
01926{"packet_event_id":1,"packet_event_name":"packet","packet_id":24,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1202,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1202,"pkt_l4_len":0,"thread_ts_usec":1505724526302674,"pkt":"\/Ejvopo\/MNF+D2w+CABFuASk0zUAAEAR2OqEvvQMl3m5LAhoCGgEkAAAMv8EgAE8W3SEUAAARQAEfGNVQABABiWzwKiTsZd5waDkgAG7Qsbeu1XaCIaAGAIjjQIAAAEBCAoAC7viMW8PEhcDAwRDAAAAAAAAAAFJqZsr2XFOAWwXDu0+7Y9vPaXF6QBuCgzG25Q\/KbgqYu88jDq040h3tvc+aLu+DTcTspkgI5XvLXRFxqBxdvTufQDpaiPCYyECwSJhep14pGbJr74Zfc\/j6Av4+JPM7XoLFlKyk030dBFrQrGR3OC0pR3zpNnKaUQjB+tTd4nLUXzWv2mjrWj7pce\/bPzpfedXtz8tcxLvi8SEHscHZsArZDwdeUf5QLLvVFDZNU4ZEQaimEyX15KzM6G5ToQIrvIFXEhAF3dG5oXfA+Ae4WLPSnyb5NwMMF4kDDNIe1ZVjNBxSABFaYjPPiJg0gQg\/+QEqg1CX23cpDZyJxz7smWB9h7xs7H9AygfzY9wASIaEq6DqGATMfMsN3dYWATzH3hum27SvUyhZ75L0k5HqqsoGIfu+LYC1hNDONFV6+lkufq4BpitkoCYAzdbmomEw05OzNlTrWr0XPFYwgNz7thDeUGqO\/xKaUFeEC4Y7Xy1Gc41hkWo54xuUrmAxO9X1\/+gkn+c3MHGrRESux79pmus577Y7Fo4U\/4oJ6luI0bGV303za2qj4yCdXLeQWjtrOGdBBkw\/wBHF5IbYMOF9bJFx68HeOrrn4nYFgmVhrWXDxyY1xWgLDIjRY5UDtLoQjMcM03rPMf1Z8L76UZ2YHFgGbBPU1OGctMjFUx+R73JxaqxVRw4ymshyrqvP9+E3HE7UquBR2x9EQISSgDorx56T92cLWOMHjn+ek1JnoCiwSF6nQ5wDmyw72RptvWz6AU0FUnuqURBs\/Yt3PJfdurGsJxYBs+wDZGPNy41Qf5bJwUyIKMkYqmgYULqkbNWOZxFV99s4+BV262g1PDKETuLCv2a\/bmZ\/xolpL0HSIF0vX2xBElZHZ+hd84KVa1Y1XFdDw8mr7TyDNVUiL3tNunlmrQfdQETgjFhKIaQn6XGF8V1kH05Pfc52o2vbYUaSnIDJWt30SPlvtzw5ruQY4AYjS9\/zvW4ADabvEgwiTZjb2txs6oHyKnVCekE0WjVDCEceBK1aQn6rKOOPXvKdj3iDTl1Ep2O3m+u3pqEIGzMPxhnKMpUTUMR5vH5kQ6XVO3\/\/O3Fv4Gs+QXjMNEsaI4CKiHU5k1Q0MbXxbrvkqD7nzLmoRz\/kTcbg2\/gjB1KRUMXAi27pqag38iFL5LdNl02Bk8czI\/JMSOpzjzmaW1x5HQLihorbExEU6gi6LG\/RLyN0wdxLAEVfUuvGwMzSO969\/mxBBfNydqDsDV4YQiFLRSJTGt9vGEn+QmnSkfZdl3aM1n9v1oUbRwSanCl2G5YkrCo8NVoEuKsjRybURkxyp7cEy1T38EAeIr7HE3lwdlheQG63MqfDiIz7ld4f9Q0nYgQa1Und43tDU8iH72YEZe9PfwwG1sJOBUaECdibU9+goippYdBUnHF+Q41lhVnISz+74wOY0LMuM8="}
00259{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":25,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":106,"expected":110,"global_ts_usec":1505724526501639}
00360{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"threshold_n":13,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1505724526501639,"packet_id":25,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":106,"expected":110,"global_ts_usec":1505724526501639}
00445{"packet_event_id":1,"packet_event_name":"packet","packet_id":25,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":106,"pkt_l4_len":0,"thread_ts_usec":1505724526501623,"pkt":"\/Ejvopo\/MNF+D2w+CABFuABc0zYAAEAR3TGEvvQMl3m5LAhoCGgASAAAMv8AOAE8W3SFUAAARQAANGNWQABABin6wKiTsZd5waDkgAG7QsbjA1XaCIaAEQIjYE4AAAEBCAoAC7vkMW8PEg=="}
00950{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":14,"flow_first_seen":1505724520744830,"flow_src_last_pkt_time":1505724526501639,"flow_dst_last_pkt_time":1505724526702991,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1160,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2974,"flow_dst_tot_l4_payload_len":2858,"midstream":0,"thread_ts_usec":1505724526702991,"l3_proto":"ip4","src_ip":"132.190.244.12","dst_ip":"151.121.185.44","src_port":2152,"dst_port":2152,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"GTP.GTP_U","proto_id":"152.271","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00584{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":27,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","packets-captured":27,"packets-processed":27,"total-skipped-flows":0,"total-l4-payload-len":5832,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":35,"global_ts_usec":1505724526702991}
@@ -45,6 +45,6 @@
~~ total memory freed........: 6036560 bytes
~~ total allocations/frees...: 121515/121515
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 263 chars
~~ json string min len.......: 363 chars
~~ json string max len.......: 1931 chars
~~ json string avg len.......: 1084 chars
~~ json string avg len.......: 1134 chars

12
test/results/log4j-webapp-exploit.pcap.out
View File

@@ -5,9 +5,9 @@
00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1639425815407353,"flow_dst_last_pkt_time":1639425815407439,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1639425815407439,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADwAAEAAQAYGj6wQ7gqsEO4BH5AHwIo9\/lB5loKyoBJxIDRcAAACBAW0BAIICmhBAYSt+LIaAQMDBw=="}
00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1639425815408732,"flow_dst_last_pkt_time":1639425815407439,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_usec":1639425815408732,"pkt":"AAAAAQAGAkJ2jzQWAAAIAEUAADRjYUAAPQamNawQ7gGsEO4KB8AfkHmWgrKKPf5RgBAB9sqWAAABAQgKrfiyHGhBAYQ="}
01332{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1639425815407353,"flow_src_last_pkt_time":1639425815415338,"flow_dst_last_pkt_time":1639425815407439,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":646,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":646,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639425815415338,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.10","src_port":1984,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"192.168.13.31","http": {"url":"192.168.13.31:8080\/log4shell\/login","code":0,"content_type":"","user_agent":"jndi:ldap:\/\/172.16.238.11:1389\/a","request_content_type":"application\/x-www-form-urlencoded"}}}
00199{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":113,"packet_id":6,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","protocol":2054,"global_ts_usec":1639425815682836}
00299{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":113,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1639425815682836,"packet_id":6,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","protocol":2054,"global_ts_usec":1639425815682836}
00344{"packet_event_id":1,"packet_event_name":"packet","packet_id":6,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":44,"pkt_type":2054,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":44,"pkt_l4_len":0,"thread_ts_usec":1639425815415366,"pkt":"AAQAAQAGAkKsEO4KAAAIBgABCAAGBAABAkKsEO4KrBDuCgAAAAAAAKwQ7gs="}
00199{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":113,"packet_id":7,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","protocol":2054,"global_ts_usec":1639425815682948}
00299{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":113,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1639425815682948,"packet_id":7,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","protocol":2054,"global_ts_usec":1639425815682948}
00344{"packet_event_id":1,"packet_event_name":"packet","packet_id":7,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":44,"pkt_type":2054,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":44,"pkt_l4_len":0,"thread_ts_usec":1639425815415366,"pkt":"AAAAAQAGAkKsEO4LAAAIBgABCAAGBAACAkKsEO4LrBDuCwJCrBDuCqwQ7go="}
00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639425815682954,"flow_src_last_pkt_time":1639425815682954,"flow_dst_last_pkt_time":1639425815682954,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639425815682954,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":57650,"dst_port":1389,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1639425815682954,"flow_dst_last_pkt_time":1639425815682954,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1639425815682954,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADycRUAAQAZqP6wQ7gqsEO4L4TIFbQLNSvsAAAAAoAJyEDRmAAACBAW0BAIICvIpEmgAAAAAAQMDBw=="}
@@ -24,9 +24,9 @@
00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1639425815944677,"flow_dst_last_pkt_time":1639425815944677,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1639425815944677,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADw8h0AAQAZP8awQ7goKCgof2HAjKVh5kSAAAAAAoAJyEK5yAAACBAW0BAIICq5YAo8AAAAAAQMDBw=="}
00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1639425815944677,"flow_dst_last_pkt_time":1639425815944820,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1639425815944820,"pkt":"AAAAAQAGAkJ2jzQWAAAIAEUAADwAAEAAQAaMeAoKCh+sEO4KIynYcLp2lFRYeZEhoBJxIK5yAAACBAW0BAIICiCvi5+uWAKPAQMDBw=="}
00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1639425815944860,"flow_dst_last_pkt_time":1639425815944820,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_usec":1639425815944860,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADQ8iEAAQAZP+KwQ7goKCgof2HAjKVh5kSG6dpRVgBAA5a5qAAABAQgKrlgCjyCvi58="}
00200{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":113,"packet_id":35,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","protocol":2054,"global_ts_usec":1639425820869730}
00300{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":113,"threshold_n":3,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1639425820869730,"packet_id":35,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","protocol":2054,"global_ts_usec":1639425820869730}
00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":35,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":44,"pkt_type":2054,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":44,"pkt_l4_len":0,"thread_ts_usec":1639425815944860,"pkt":"AAAAAQAGAkJ2jzQWAAAIBgABCAAGBAABAkJ2jzQWrBDuAQAAAAAAAKwQ7go="}
00200{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":113,"packet_id":36,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","protocol":2054,"global_ts_usec":1639425820869752}
00300{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":113,"threshold_n":4,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1639425820869752,"packet_id":36,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","protocol":2054,"global_ts_usec":1639425820869752}
00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":36,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":44,"pkt_type":2054,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":44,"pkt_l4_len":0,"thread_ts_usec":1639425815944860,"pkt":"AAQAAQAGAkKsEO4KAAAIBgABCAAGBAACAkKsEO4KrBDuCgJCdo80FqwQ7gE="}
01908{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":65,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1639425815944677,"flow_src_last_pkt_time":1639425823295194,"flow_dst_last_pkt_time":1639425823295146,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":5,"flow_dst_max_l4_payload_len":3,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":3,"midstream":0,"thread_ts_usec":1639425823295194,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"10.10.10.31","src_port":55408,"dst_port":9001,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"data_analysis": {"iat": {"min":46,"avg":474225.3,"max":7288582,"stddev":1789599.0,"var":3202664366080.0,"ent":1.1,"data": [143,183,7288581,7288582,60489,60668,256,174,116,102,89,87,86,86,151,159,99,144,121,87,73,51,50,48,47,46,47,47,47,46,81]},"pktlen": {"min":52,"avg":53.5,"max":60,"stddev":2.2,"var":4.6,"ent":5.0,"data": [60,60,52,55,52,53,52,53,52,53,52,53,52,53,52,53,52,53,52,55,52,57,52,55,52,55,52,55,52,55,52,55]},"bins": {"c_to_s": [17,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0],"entropies": [4.511636257,5.106626511,4.986606121,5.071912289,4.895165443,4.975576401,4.895165443,4.975576401,4.818242550,4.937840462,4.895165443,4.975576401,4.895165443,4.975576401,4.895165443,4.937840462,4.856703758,4.937840462,4.856703758,4.947280407,4.856703758,5.028079987,4.803725243,5.020007610,4.856703758,4.983644009,4.856703758,5.020007610,4.856703758,5.020007610,4.856703758,4.910916805]}}
00814{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":65,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1639425815944677,"flow_src_last_pkt_time":1639425823295194,"flow_dst_last_pkt_time":1639425823295146,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":5,"flow_dst_max_l4_payload_len":3,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":3,"midstream":0,"thread_ts_usec":1639425823295194,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"10.10.10.31","src_port":55408,"dst_port":9001,"l4_proto":"tcp","ndpi": {"proto":"Unknown","proto_id":"0","encrypted":0,"breed":"Unrated"}}
@@ -65,6 +65,6 @@
~~ total memory freed........: 6065147 bytes
~~ total allocations/frees...: 121998/121998
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 204 chars
~~ json string min len.......: 304 chars
~~ json string max len.......: 1913 chars
~~ json string avg len.......: 1057 chars
~~ json string avg len.......: 1107 chars

62
test/results/reasm_segv_anon.pcapng.out
View File

@@ -1,69 +1,45 @@
00497{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":3265032704,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
00560{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1550422828553466}
00243{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":1,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":106,"expected":110,"global_ts_usec":1550422828553466}
00343{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1550422828553466,"packet_id":1,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":106,"expected":110,"global_ts_usec":1550422828553466}
00428{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":106,"pkt_l4_len":0,"thread_ts_usec":1550422828553466,"pkt":"AAAAcxs8EFFy5LtdCABFeABcpb4AAEARUG2RTALsu2A0VQhoCGgASAAAMv8AOAn8kEPKcwAARQAANFkiQAB\/BgGSrBEkFT++kSvhEwBQ8LOPBjqqVCGAEAEBeCMAAAEBBQo6qnTxOqqFWQ=="}
00763{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1550422828553466,"flow_src_last_pkt_time":1550422828553466,"flow_dst_last_pkt_time":1550422828553466,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1550422828553466,"l3_proto":"ip4","src_ip":"145.76.2.236","dst_ip":"187.96.52.85","src_port":2152,"dst_port":2152,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1550422828553466,"flow_dst_last_pkt_time":1550422828553466,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1550422828553466,"pkt":"AAAAcxs8EFFy5LtdCABFeABcpb4AAEARUG2RTALsu2A0VQhoCGgASAAAMv8AOAn8kEPKcwAARQAANFkiQAB\/BgGSrBEkFT++kSvhEwBQ8LOPBjqqVCGAEAEBeCMAAAEBBQo6qnTxOqqFWQ=="}
00879{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1550422828553466,"flow_src_last_pkt_time":1550422828553466,"flow_dst_last_pkt_time":1550422828553466,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1550422828553466,"l3_proto":"ip4","src_ip":"145.76.2.236","dst_ip":"187.96.52.85","src_port":2152,"dst_port":2152,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GTP.GTP_U","proto_id":"152.271","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00243{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":2,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":106,"expected":110,"global_ts_usec":1550422828949487}
00343{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1550422828949487,"packet_id":2,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":106,"expected":110,"global_ts_usec":1550422828949487}
00428{"packet_event_id":1,"packet_event_name":"packet","packet_id":2,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":106,"pkt_l4_len":0,"thread_ts_usec":1550422828553466,"pkt":"AAAAcxs8EFFy5LtdCABFeABcLoEAAEARx6qRTALsu2A0VQhoCGgASAAAMv8AOAn8kEPNcwAARQAANFkkQAB\/BgGQrBEkFT++kSvhEwBQ8LOPBjqqVCGAEAEBcqsAAAEBBQo6qnTxOqqK0Q=="}
00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1550422828949487,"flow_dst_last_pkt_time":1550422828553466,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1550422828949487,"pkt":"AAAAcxs8EFFy5LtdCABFeABcLoEAAEARx6qRTALsu2A0VQhoCGgASAAAMv8AOAn8kEPNcwAARQAANFkkQAB\/BgGQrBEkFT++kSvhEwBQ8LOPBjqqVCGAEAEBcqsAAAEBBQo6qnTxOqqK0Q=="}
00243{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":3,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":106,"expected":110,"global_ts_usec":1550422829033309}
00343{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"threshold_n":3,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1550422829033309,"packet_id":3,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":106,"expected":110,"global_ts_usec":1550422829033309}
00428{"packet_event_id":1,"packet_event_name":"packet","packet_id":3,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":106,"pkt_l4_len":0,"thread_ts_usec":1550422828949487,"pkt":"AAAAcxs8EFFy5LtdCABFeABcSu8AAEARqzyRTALsu2A0VQhoCGgASAAAMv8AOAn8kEPOcwAARQAANFklQAB\/BgGPrBEkFT++kSvhEwBQ8LOPBjqqVCGAEAEBbTMAAAEBBQo6qnTxOqqQSQ=="}
00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1550422829033309,"flow_dst_last_pkt_time":1550422828553466,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1550422829033309,"pkt":"AAAAcxs8EFFy5LtdCABFeABcSu8AAEARqzyRTALsu2A0VQhoCGgASAAAMv8AOAn8kEPOcwAARQAANFklQAB\/BgGPrBEkFT++kSvhEwBQ8LOPBjqqVCGAEAEBbTMAAAEBBQo6qnTxOqqQSQ=="}
00244{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":14,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":114,"expected":118,"global_ts_usec":1550422830892428}
00344{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"threshold_n":4,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1550422830892428,"packet_id":14,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":114,"expected":118,"global_ts_usec":1550422830892428}
00438{"packet_event_id":1,"packet_event_name":"packet","packet_id":14,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":114,"pkt_l4_len":0,"thread_ts_usec":1550422829930010,"pkt":"AAAAcxs8EFFy5LtdCABFeABkrHMAAEARSbCRTALsu2A0VQhoCGgAUAAAMv8AQAn8kEPacwAARQAAPFkxQAB\/BgF7rBEkFT++kSvhEwBQ8LOPBjqqVCGgEAEB\/lMAAAEBBRI6qmoBOqpveTqqdPE6qpBJ"}
00244{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":16,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":114,"expected":118,"global_ts_usec":1550422831332137}
00344{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"threshold_n":5,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1550422831332137,"packet_id":16,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":114,"expected":118,"global_ts_usec":1550422831332137}
00437{"packet_event_id":1,"packet_event_name":"packet","packet_id":16,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":114,"pkt_l4_len":0,"thread_ts_usec":1550422830894938,"pkt":"AAAAcxs8EFFy5LtdCABFeABkPGYAAEARub2RTALsu2A0VQhoCGgAUAAAMv8AQAn8kEPbcwAARQAAPFkyQAB\/BgF6rBEkFT++kSvhEwBQ8LOPBjqqVCGgEAEBA8wAAAEBBRI6qmSJOqpveTqqdPE6qpBJ"}
00244{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":24,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_usec":1550422831496038}
00344{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"threshold_n":6,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1550422831496038,"packet_id":24,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_usec":1550422831496038}
00450{"packet_event_id":1,"packet_event_name":"packet","packet_id":24,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":122,"pkt_l4_len":0,"thread_ts_usec":1550422831334845,"pkt":"AAAAcxs8EFFy5LtdCABFeABsdA0AAEARgg6RTALsu2A0VQhoCGgAWAAAMv8ASAn8kEPccwAARQAARFkzQAB\/BgFxrBEkFT++kSvhEwBQ8LOPBjqqVCHAEAEBaSwAAAEBBRo6qn\/hOqqFWTqqdPE6qpBJOqpkiTqqb3k="}
00244{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":25,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_usec":1550422831516116}
00344{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"threshold_n":7,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1550422831516116,"packet_id":25,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_usec":1550422831516116}
00449{"packet_event_id":1,"packet_event_name":"packet","packet_id":25,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":122,"pkt_l4_len":0,"thread_ts_usec":1550422831496038,"pkt":"AAAAcxs8EFFy5LtdCABFeABseqMAAEARe3iRTALsu2A0VQhoCGgAWAAAMv8ASAn8kEPdcwAARQAARFk0QAB\/BgFwrBEkFT++kSvhEwBQ8LOPBjqqVCHAEAEBXjwAAAEBBRo6qoVZOqqK0TqqdPE6qpBJOqpkiTqqb3k="}
00244{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":26,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":114,"expected":118,"global_ts_usec":1550422833131470}
00344{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"threshold_n":8,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1550422833131470,"packet_id":26,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":114,"expected":118,"global_ts_usec":1550422833131470}
00438{"packet_event_id":1,"packet_event_name":"packet","packet_id":26,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":114,"pkt_l4_len":0,"thread_ts_usec":1550422831516116,"pkt":"AAAAcxs8EFFy5LtdCABFeABkmSIAAEARXQGRTALsu2A0VQhoCGgAUAAAMv8AQAn8kEPqcwAARQAAPFk9QAB\/BgFvrBEkFT++kSvhEwBQ8LOPBjqqWZmgEAEB\/lMAAAEBBRI6qnTxOqqQSTqqZIk6qm95"}
00244{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":30,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":114,"expected":118,"global_ts_usec":1550422833287234}
00344{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"threshold_n":9,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1550422833287234,"packet_id":30,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":114,"expected":118,"global_ts_usec":1550422833287234}
00437{"packet_event_id":1,"packet_event_name":"packet","packet_id":30,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":114,"pkt_l4_len":0,"thread_ts_usec":1550422833134009,"pkt":"AAAAcxs8EFFy5LtdCABFeABkzGMAAEARKcCRTALsu2A0VQhoCGgAUAAAMv8AQAn8kEPrcwAARQAAPFk+QAB\/BgFurBEkFT++kSvhEwBQ8LOPBjqqXxGgEAEB+NsAAAEBBRI6qnTxOqqQSTqqZIk6qm95"}
02140{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":23,"flow_first_seen":1550422828553466,"flow_src_last_pkt_time":1550422833287234,"flow_dst_last_pkt_time":1550422833289770,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":80,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":640,"flow_dst_tot_l4_payload_len":27912,"midstream":0,"thread_ts_usec":1550422833289770,"l3_proto":"ip4","src_ip":"145.76.2.236","dst_ip":"187.96.52.85","src_port":2152,"dst_port":2152,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":1,"avg":305486.2,"max":1859119,"stddev":563984.9,"var":318078976000.0,"ent":3.1,"data": [396021,83822,1376171,124,2,2,1,3,2,2,113,124,1859119,964928,439709,439658,123,2,1,1,1,121,163901,20078,1615354,1799040,121,3,155764,155637,124]},"pktlen": {"min":76,"avg":920.2,"max":1476,"stddev":651.3,"var":424215.9,"ent":4.5,"data": [92,92,92,1476,1476,1476,1476,1476,1476,1476,1476,1476,1476,100,1476,100,1476,1476,1476,1476,1372,1476,1476,108,108,100,76,388,1164,100,76,388]},"bins": {"c_to_s": [0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,2,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,17,0,0]},"directions": [0,0,0,1,1,1,1,1,1,1,1,1,1,0,1,0,1,1,1,1,1,1,1,0,0,0,1,1,1,0,1,1],"entropies": [5.396138191,5.404344082,5.439617157,7.876337528,7.839885235,7.778254986,7.872960091,7.839048862,7.805950642,7.829119205,7.848347187,7.849987984,7.779471874,5.402985096,7.775711060,5.441986561,7.838281155,7.873279095,7.848281860,7.860656261,7.849815845,7.850412846,7.844122410,5.518630505,5.537148952,5.382984638,5.187358379,7.340617657,7.811021328,5.454438686,5.151109695,7.382753849]},"ndpi": {"confidence": {"6":"DPI"},"proto":"GTP.GTP_U","proto_id":"152.271","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00244{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":34,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_usec":1550422833447409}
00345{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"threshold_n":10,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1550422833447409,"packet_id":34,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_usec":1550422833447409}
00450{"packet_event_id":1,"packet_event_name":"packet","packet_id":34,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":122,"pkt_l4_len":0,"thread_ts_usec":1550422833289895,"pkt":"AAAAcxs8EFFy5LtdCABFeABsAdEAAEAR9EqRTALsu2A0VQhoCGgAWAAAMv8ASAn8kEPscwAARQAARFk\/QAB\/BgFlrBEkFT++kSvhEwBQ8LOPBjqqXxHAEAEBHQQAAAEBBRo6qqCxOqqlwTqqdPE6qpBJOqpkiTqqb3k="}
00244{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":35,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_usec":1550422834706876}
00345{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"threshold_n":11,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1550422834706876,"packet_id":35,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_usec":1550422834706876}
00449{"packet_event_id":1,"packet_event_name":"packet","packet_id":35,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":122,"pkt_l4_len":0,"thread_ts_usec":1550422833447409,"pkt":"AAAAcxs8EFFy5LtdCABFeABspBUAAEARUgaRTALsu2A0VQhoCGgAWAAAMv8ASAn8kEP1cwAARQAARFlIQAB\/BgFcrBEkFT++kSvhEwBQ8LOPBjqqXxHAEAEBG8wAAAEBBRo6qqCxOqqm+TqqdPE6qpBJOqpkiTqqb3k="}
00244{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":36,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_usec":1550422834810623}
00345{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"threshold_n":12,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1550422834810623,"packet_id":36,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_usec":1550422834810623}
00449{"packet_event_id":1,"packet_event_name":"packet","packet_id":36,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":122,"pkt_l4_len":0,"thread_ts_usec":1550422834706876,"pkt":"AAAAcxs8EFFy5LtdCABFeABswggAAEARNBORTALsu2A0VQhoCGgAWAAAMv8ASAn8kEP3cwAARQAARFlJQAB\/BgFbrBEkFT++kSvhEwBQ8LOPBjqqXxHAEAEBF4wAAAEBBRo6qqCxOqqrOTqqdPE6qpBJOqpkiTqqb3k="}
00244{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":37,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_usec":1550422834810623}
00345{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"threshold_n":13,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1550422834810623,"packet_id":37,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_usec":1550422834810623}
00449{"packet_event_id":1,"packet_event_name":"packet","packet_id":37,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":122,"pkt_l4_len":0,"thread_ts_usec":1550422834810623,"pkt":"AAAAcxs8EFFy5LtdCABFeABswgkAAEARNBKRTALsu2A0VQhoCGgAWAAAMv8ASAn8kEP4cwAARQAARFlKQAB\/BgFarBEkFT++kSvhEwBQ8LOPBjqqXxHAEAEBFlQAAAEBBRo6qqCxOqqscTqqdPE6qpBJOqpkiTqqb3k="}
00244{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":38,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_usec":1550422834970446}
00345{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"threshold_n":14,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1550422834970446,"packet_id":38,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_usec":1550422834970446}
00449{"packet_event_id":1,"packet_event_name":"packet","packet_id":38,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":122,"pkt_l4_len":0,"thread_ts_usec":1550422834810623,"pkt":"AAAAcxs8EFFy5LtdCABFeABsCZYAAEAR7IWRTALsu2A0VQhoCGgAWAAAMv8ASAn8kEP6cwAARQAARFlLQAB\/BgFZrBEkFT++kSvhEwBQ8LOPBjqqXxHAEAEBEhQAAAEBBRo6qqCxOqqwsTqqdPE6qpBJOqpkiTqqb3k="}
00244{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":49,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":130,"expected":134,"global_ts_usec":1550422836805918}
00345{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"threshold_n":15,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1550422836805918,"packet_id":49,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":130,"expected":134,"global_ts_usec":1550422836805918}
00461{"packet_event_id":1,"packet_event_name":"packet","packet_id":49,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":130,"pkt_l4_len":0,"thread_ts_usec":1550422835423571,"pkt":"AAAAcxs8EFFy5LtdCABFeAB0ec4AAEARfEWRTALsu2A0VQhoCGgAYAAAMv8AUAn8kEMGdAAARQAATFlXQAB\/BgFFrBEkFT++kSvhEwBQ8LOPBjqqXxHgEAEBriQAAAEBBSI6qmSJOqpqATqqZIk6qm95OqqgsTqqsLE6qnTxOqqQSQ=="}
00244{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":51,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":114,"expected":118,"global_ts_usec":1550422837968976}
00345{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"threshold_n":16,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1550422837968976,"packet_id":51,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":114,"expected":118,"global_ts_usec":1550422837968976}
00437{"packet_event_id":1,"packet_event_name":"packet","packet_id":51,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":114,"pkt_l4_len":0,"thread_ts_usec":1550422836808446,"pkt":"AAAAcxs8EFFy5LtdCABFeABkCt4AAEAR60WRTALsu2A0VQhoCGgAUAAAMv8AQAn8kEMOdAAARQAAPFlfQAB\/BgFNrBEkFT++kSvhEwBQ8LOPBjqqb3mgEAEBaxMAAAEBBRI6qqCxOqqwsTqqdPE6qpBJ"}
00244{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":54,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":106,"expected":110,"global_ts_usec":1550422838904895}
00429{"packet_event_id":1,"packet_event_name":"packet","packet_id":54,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":106,"pkt_l4_len":0,"thread_ts_usec":1550422837971380,"pkt":"AAAAcxs8EFFy5LtdCABFeABcQ5AAAEARspuRTALsu2A0VQhoCGgASAAAMv8AOAn8kEMUdAAARQAANFllQAB\/BgFPrBEkFT++kSvhEwBQ8LOPBjqqkEmAEAEB5OIAAAEBBQo6qqCxOqqwsQ=="}
00244{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":57,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":106,"expected":110,"global_ts_usec":1550422838960483}
00429{"packet_event_id":1,"packet_event_name":"packet","packet_id":57,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":106,"pkt_l4_len":0,"thread_ts_usec":1550422838907386,"pkt":"AAAAcxs8EFFy5LtdCABFeABcVMgAAEARoWORTALsu2A0VQhoCGgASAAAMv8AOAn8kEMVdAAARQAANFlmQAB\/BgFOrBEkFT++kSvhEwBQ8LOPBjqqlcGAEAEB32oAAAEBBQo6qqCxOqqwsQ=="}
00244{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":59,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":106,"expected":110,"global_ts_usec":1550422840104736}
00429{"packet_event_id":1,"packet_event_name":"packet","packet_id":59,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":106,"pkt_l4_len":0,"thread_ts_usec":1550422838963083,"pkt":"AAAAcxs8EFFy5LtdCABFeABc4ZkAAEARFJKRTALsu2A0VQhoCGgASAAAMv8AOAn8kEMfdAAARQAANFlvQAB\/BgFFrBEkFT++kSvhEwBQ8LOPBjqqlcGAEAEB5OIAAAEBBQo6qps5OqqwsQ=="}
00242{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":60,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":94,"expected":98,"global_ts_usec":1550422840304141}
00411{"packet_event_id":1,"packet_event_name":"packet","packet_id":60,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":1550422840104736,"pkt":"AAAAcxs8EFFy5LtdCABFeABQIPEAAEAR1UaRTALsu2A0VQhoCGgAPAAAMv8ALAn8kEMgdAAARQAAKFlwQAB\/BgFQrBEkFT++kSvhEwBQ8LOPBjqqsLFQEAEBwUkAAA=="}
00244{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":71,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":106,"expected":110,"global_ts_usec":1550422840464152}
00429{"packet_event_id":1,"packet_event_name":"packet","packet_id":71,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":106,"pkt_l4_len":0,"thread_ts_usec":1550422840306564,"pkt":"AAAAcxs8EFFy5LtdCABFeABcV2kAAEARnsKRTALsu2A0VQhoCGgASAAAMv8AOAn8kEMhdAAARQAANFlxQAB\/BgFDrBEkFT++kSvhEwBQ8LOPBjqqsLGAEAEB5OIAAAEBBQo6qpXBOqqbOQ=="}
00242{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":72,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":94,"expected":98,"global_ts_usec":1550422841363459}
00411{"packet_event_id":1,"packet_event_name":"packet","packet_id":72,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":1550422840464152,"pkt":"AAAAcxs8EFFy5LtdCABFeABQeDYAAEARfgGRTALsu2A0VQhoCGgAPAAAMv8ALAn8kEMndAAARQAAKFl3QAB\/BgFJrBEkFT++kSvhEwBQ8LOPBjqqtilQEAEBu9EAAA=="}
00244{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":75,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":106,"expected":110,"global_ts_usec":1550422841387384}
00429{"packet_event_id":1,"packet_event_name":"packet","packet_id":75,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":106,"pkt_l4_len":0,"thread_ts_usec":1550422841366048,"pkt":"AAAAcxs8EFFy5LtdCABFeABcgJcAAEARdZSRTALsu2A0VQhoCGgASAAAMv8AOAn8kEModAAARQAANFl4QAB\/BgE8rBEkFT++kSvhEwBQ8LOPBjqqtimAEAEBiLoAAAEBBQo6qsEZOqrGkQ=="}
00244{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":76,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":114,"expected":118,"global_ts_usec":1550422841667515}
00437{"packet_event_id":1,"packet_event_name":"packet","packet_id":76,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":114,"pkt_l4_len":0,"thread_ts_usec":1550422841387384,"pkt":"AAAAcxs8EFFy5LtdCABFeABk3UcAAEARGNyRTALsu2A0VQhoCGgAUAAAMv8AQAn8kEMpdAAARQAAPFl5QAB\/BgEzrBEkFT++kSvhEwBQ8LOPBjqqtimgEAEBStoAAAEBBRI6qtGBOqrW+TqqwRk6qsaR"}
00244{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":77,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":114,"expected":118,"global_ts_usec":1550422841947169}
00437{"packet_event_id":1,"packet_event_name":"packet","packet_id":77,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":114,"pkt_l4_len":0,"thread_ts_usec":1550422841667515,"pkt":"AAAAcxs8EFFy5LtdCABFeABkO3EAAEARurKRTALsu2A0VQhoCGgAUAAAMv8AQAn8kEMqdAAARQAAPFl6QAB\/BgEyrBEkFT++kSvhEwBQ8LOPBjqqtimgEAEBRWIAAAEBBRI6qsEZOqrMCTqq0YE6qtb5"}
00244{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":78,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_usec":1550422842802966}
00449{"packet_event_id":1,"packet_event_name":"packet","packet_id":78,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":122,"pkt_l4_len":0,"thread_ts_usec":1550422841947169,"pkt":"AAAAcxs8EFFy5LtdCABFeABsXowAAEARl4+RTALsu2A0VQhoCGgAWAAAMv8ASAn8kEMydAAARQAARFmBQAB\/BgEjrBEkFT++kSvhEwBQ8LOPBjqqtinAEAEB0NEAAAEBBRo6quzZOqryUTqqwRk6qswJOqrRgTqq1vk="}
00244{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":79,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_usec":1550422842862838}
00449{"packet_event_id":1,"packet_event_name":"packet","packet_id":79,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":122,"pkt_l4_len":0,"thread_ts_usec":1550422842802966,"pkt":"AAAAcxs8EFFy5LtdCABFeABsdGMAAEARgbiRTALsu2A0VQhoCGgAWAAAMv8ASAn8kEMzdAAARQAARFmCQAB\/BgEirBEkFT++kSvhEwBQ8LOPBjqqtinAEAEB1kkAAAEBBRo6qudhOqryUTqqwRk6qswJOqrRgTqq1vk="}
00244{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":81,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_usec":1550422844222036}
00449{"packet_event_id":1,"packet_event_name":"packet","packet_id":81,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":122,"pkt_l4_len":0,"thread_ts_usec":1550422842865363,"pkt":"AAAAcxs8EFFy5LtdCABFeABsUeoAAEARpDGRTALsu2A0VQhoCGgAWAAAMv8ASAn8kEM8dAAARQAARFmLQAB\/BgEZrBEkFT++kSvhEwBQ8LOPBjqqu6HAEAEB0NEAAAEBBRo6qudhOqryUTqqwRk6qswJOqrRgTqq1vk="}
00930{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":82,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":54,"flow_first_seen":1550422828553466,"flow_src_last_pkt_time":1550422844222036,"flow_dst_last_pkt_time":1550422844224430,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2008,"flow_dst_tot_l4_payload_len":72488,"midstream":0,"thread_ts_usec":1550422844224430,"l3_proto":"ip4","src_ip":"145.76.2.236","dst_ip":"187.96.52.85","src_port":2152,"dst_port":2152,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"GTP.GTP_U","proto_id":"152.271","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00570{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":82,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","packets-captured":82,"packets-processed":82,"total-skipped-flows":0,"total-l4-payload-len":74496,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":66,"global_ts_usec":1550422844224430}
00570{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":82,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","packets-captured":82,"packets-processed":82,"total-skipped-flows":0,"total-l4-payload-len":74496,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":42,"global_ts_usec":1550422844224430}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 82/82
~~ skipped flows.............: 0
@@ -76,6 +52,6 @@
~~ total memory freed........: 6038155 bytes
~~ total allocations/frees...: 121570/121570
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 247 chars
~~ json string min len.......: 348 chars
~~ json string max len.......: 2145 chars
~~ json string avg len.......: 1195 chars
~~ json string avg len.......: 1245 chars

8
test/results/rsh-syslog-false-positive.pcap.out
View File

@@ -5,9 +5,9 @@
00883{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"rsh-syslog-false-positive.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1464076252936094,"flow_src_last_pkt_time":1464076252936094,"flow_dst_last_pkt_time":1464076252936094,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":240,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":240,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":240,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1464076252936094,"l3_proto":"ip4","src_ip":"172.31.78.129","dst_ip":"172.29.43.201","src_port":9039,"dst_port":514,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
01583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"rsh-syslog-false-positive.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1464076252948094,"flow_dst_last_pkt_time":1464076252936094,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":844,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":844,"pkt_l4_len":824,"thread_ts_usec":1464076252948094,"pkt":"RQADTL4fQAA8BqsFrB9OgawdK8kjTwICdUbSxTedTUKAGABzuVAAAAEBCAoozL9lkELg+DwxNjc+MjAxNi0wNS0yNFQwOTo1MDo1Mi45MjY0NzUrMDI6MDAgbGRhcDAxIHNsYXBkWzM0NTM0XTogY29ubj0xMTU5MDIzIG9wPTQ0IFNSQ0ggYXR0cj1vYmplY3RDbGFzcyB1aWQgdXNlclBhc3N3b3JkIHVpZE51bWJlciBnaWROdW1iZXIgZ2Vjb3MgaG9tZURpcmVjdG9yeSBsb2dpblNoZWxsIGtyYlByaW5jaXBhbE5hbWUgY24gbW9kaWZ5VGltZXN0YW1wIG1vZGlmeVRpbWVzdGFtcCBzaGFkb3dMYXN0Q2hhbmdlIHNoYWRvd01pbiBzaGFkb3dNYXggc2hhZG93V2FybmluZyBzaGFkb3dJbmFjdGl2ZSBzaGFkb3dFeHBpcmUgc2hhZG93RmxhZyBrcmJMYXN0UHdkQ2hhbmdlIGtyYlBhc3N3b3JkRXhwaXJhdGlvbiBwd2RBdHRyaWJ1dGUgYXV0aG9yaXplZFNlcnZpY2UgYWNjb3VudEV4cGlyZXMgdXNlckFjY291bnRDb250cm9sIG5zQWNjb3VudExvY2sgaG9zdCBsb2dpbkRpc2FibGVkIGxvZ2luRXhwaXJhdGlvblRpbWUgbG9naW5BbGxvd2VkVGltZU1hcAo8MTY3PjIwMTYtMDUtMjRUMDk6NTA6NTIuOTI2NDgxKzAyOjAwIGxkYXAwMSBzbGFwZFszNDUzNF06IGNvbm49MTE1OTAyMyBvcD00NCBFTlRSWSBkbj0idWlkPXRvb2xib3gsb3U9YWMtYWl4LW1hcnNlaWxsZSxvdT1pbnRlcm5lLG91PXBlb3BsZSxkYz1pbixkYz1waG0sZGM9ZWR1Y2F0aW9uLGRjPWdvdXYsZGM9ZnIiCjwxNjc+MjAxNi0wNS0yNFQwOTo1MDo1Mi45MjY0ODYrMDI6MDAgbGRhcDAxIHNsYXBkWzM0NTM0XTogY29ubj0xMTU5MDIzIG9wPTQ0IFNFQVJDSCBSRVNVTFQgdGFnPTEwMSBlcnI9MCBuZW50cmllcz0xIHRleHQ9Cg=="}
00859{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"rsh-syslog-false-positive.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1464076252968094,"flow_dst_last_pkt_time":1464076252936094,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":303,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":303,"pkt_l4_len":283,"thread_ts_usec":1464076252968094,"pkt":"RQABL74gQAA8Bq0hrB9OgawdK8kjTwICdUbV3TedTUKAGABzb+4AAAEBCAoozL94kELhBTwxNjc+MjAxNi0wNS0yNFQwOTo1MDo1Mi45NTc4OTUrMDI6MDAgbGRhcDAxIHNsYXBkWzM0NTM0XTogY29ubj0xMTU5MDIzIG9wPTQ1IFNSQ0ggYmFzZT0ib3U9Z3JvdXBlcyxkYz1pbixkYz1waG0sZGM9ZWR1Y2F0aW9uLGRjPWdvdXYsZGM9ZnIiIHNjb3BlPTIgZGVyZWY9MCBmaWx0ZXI9IigmKG1lbWJlclVpZD10b29sYm94KShvYmplY3RDbGFzcz1wb3NpeEdyb3VwKShjbj0qKSgmKGdpZE51bWJlcj0qKSghKGdpZE51bWJlcj0wKSkpKSIK"}
00254{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":12,"packet_id":6,"source":"rsh-syslog-false-positive.pcap","alias":"nDPId-test","size":1010,"expected":1084,"global_ts_usec":1464076253006101}
00354{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":12,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1464076253006101,"packet_id":6,"source":"rsh-syslog-false-positive.pcap","alias":"nDPId-test","size":1010,"expected":1084,"global_ts_usec":1464076253006101}
01640{"packet_event_id":1,"packet_event_name":"packet","packet_id":6,"source":"rsh-syslog-false-positive.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1010,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1010,"pkt_l4_len":0,"thread_ts_usec":1464076252992093,"pkt":"RQAEPL4jQAA8BqoRrB9OgawdK8kjTwICdUbbRzedTUKAGABzdzIAAAEBCAoozL+dkELhMTwxNjc+MjAxNi0wNS0yNFQwOTo1MDo1Mi45ODc5MjgrMDI6MDAgbGRhcDAxIHNsYXBkWzM0NTM0XTogY29ubj0xMTU5MDIzIG9wPTQ3IFNSQ0ggYmFzZT0ib3U9cGVvcGxlLGRjPWluLGRjPXBobSxkYz1lZHVjYXRpb24sZGM9Z291dixkYz1mciIgc2NvcGU9MiBkZXJlZj0wIGZpbHRlcj0iKCYodWlkPXRvb2xib3gpKG9iamVjdENsYXNzPXBvc2l4QWNjb3VudCkoJih1aWROdW1iZXI9KikoISh1aWROdW1iZXI9MCkpKSkiCjwxNjc+MjAxNi0wNS0yNFQwOTo1MDo1Mi45ODc5NDMrMDI6MDAgbGRhcDAxIHNsYXBkWzM0NTM0XTogY29ubj0xMTU5MDIzIG9wPTQ3IFNSQ0ggYXR0cj1vYmplY3RDbGFzcyB1aWQgdXNlclBhc3N3b3JkIHVpZE51bWJlciBnaWROdW1iZXIgZ2Vjb3MgaG9tZURpcmVjdG9yeSBsb2dpblNoZWxsIGtyYlByaW5jaXBhbE5hbWUgY24gbW9kaWZ5VGltZXN0YW1wIG1vZGlmeVRpbWVzdGFtcCBzaGFkb3dMYXN0Q2hhbmdlIHNoYWRvd01pbiBzaGFkb3dNYXggc2hhZG93V2FybmluZyBzaGFkb3dJbmFjdGl2ZSBzaGFkb3dFeHBpcmUgc2hhZG93RmxhZyBrcmJMYXN0UHdkQ2hhbmdlIGtyYlBhc3N3b3JkRXhwaXJhdGlvbiBwd2RBdHRyaWJ1dGUgYXV0aG9yaXplZFNlcnZpY2UgYWNjb3VudEV4cGlyZXMgdXNlckFjY291bnRDb250cm9sIG5zQWNjb3VudExvY2sgaG9zdCBsb2dpbkRpc2FibGVkIGxvZ2luRXhwaXJhdGlvblRpbWUgbG9naW5BbGxvd2VkVGltZU1hcAo8MTY3PjIwMTYtMDUtMjRUMDk6NTA6NTIuOTg3OTQ5KzAyOjAwIGxkYXAwMSBzbGFwZFszNDUzNF06IGNvbm49MTE1OTAyMyBvcD00NyBFTlRSWSBkbj0idWlkPXRvb2xib3gsb3U9YWMtYWl4LW1hcnNlaWxsZSxvdT1pbnRlcm5lLG91PXBlb3BsZSxkYz1pbixkYz1waG0sZGM9ZWR1Y2F0aW9uLGRjPWdvdXYsZGM9ZnIiCjwxNjc+MjAxNi0wNS0yNFQwOTo1MDo1Mi45ODc5NTMrMDI6MDAgbGRhcDAxIHNsYXA="}
00254{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":12,"packet_id":7,"source":"rsh-syslog-false-positive.pcap","alias":"nDPId-test","size":1010,"expected":1400,"global_ts_usec":1464076253008101}
00354{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":12,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1464076253008101,"packet_id":7,"source":"rsh-syslog-false-positive.pcap","alias":"nDPId-test","size":1010,"expected":1400,"global_ts_usec":1464076253008101}
01640{"packet_event_id":1,"packet_event_name":"packet","packet_id":7,"source":"rsh-syslog-false-positive.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1010,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1010,"pkt_l4_len":0,"thread_ts_usec":1464076253006101,"pkt":"RQAFeL4kQAA8BqjUrB9OgawdK8kjTwICdUbfTzedTUKAEABzI2UAAAEBCAoozL+fkELhMTwxNjc+MjAxNi0wNS0yNFQwOTo1MDo1Mi45OTYwNzYrMDI6MDAgbGRhcDAxIHNsYXBkWzM0NTM0XTogY29ubj0xMTU5MDIzIG9wPTQ4IFNSQ0ggYmFzZT0ib3U9Z3JvdXBlcyxkYz1pbixkYz1waG0sZGM9ZWR1Y2F0aW9uLGRjPWdvdXYsZGM9ZnIiIHNjb3BlPTIgZGVyZWY9MCBmaWx0ZXI9IigmKG1lbWJlclVpZD10b29sYm94KShvYmplY3RDbGFzcz1wb3NpeEdyb3VwKShjbj0qKSgmKGdpZE51bWJlcj0qKSghKGdpZE51bWJlcj0wKSkpKSIKPDE2Nz4yMDE2LTA1LTI0VDA5OjUwOjUyLjk5NjA5MSswMjowMCBsZGFwMDEgc2xhcGRbMzQ1MzRdOiBjb25uPTExNTkwMjMgb3A9NDggU1JDSCBhdHRyPW9iamVjdENsYXNzIGNuIHVzZXJQYXNzd29yZCBnaWROdW1iZXIgbW9kaWZ5VGltZXN0YW1wIG1vZGlmeVRpbWVzdGFtcAo8MTY3PjIwMTYtMDUtMjRUMDk6NTA6NTIuOTk2MDk2KzAyOjAwIGxkYXAwMSBzbGFwZFszNDUzNF06IGNvbm49MTE1OTAyMyBvcD00OCBFTlRSWSBkbj0iY249aW50c2lyLWFkbWlucyxvdT1ncm91cGVzLGRjPWluLGRjPXBobSxkYz1lZHVjYXRpb24sZGM9Z291dixkYz1mciIKPDE2Nz4yMDE2LTA1LTI0VDA5OjUwOjUyLjk5NjEwMSswMjowMCBsZGFwMDEgc2xhcGRbMzQ1MzRdOiBjb25uPTExNTkwMjMgb3A9NDggU0VBUkNIIFJFU1VMVCB0YWc9MTAxIGVycj0wIG5lbnRyaWVzPTEgdGV4dD0KPDE2Nz4yMDE2LTA1LTI0VDA5OjUwOjUyLjk5NzMzMCswMjowMCBsZGFwMDEgc2xhcGRbMzQ1MzRdOiBjb25uPTExNTkwMjMgb3A9NDkgU1JDSCBiYXNlPSJvdT1ncm91cGVzLGRjPWluLGRjPXBobSxkYz1lZHVjYXRpb24sZGM9Z291dixkYz1mciIgc2NvcGU9MiBkZXJlZj0wIGZpbHRlcj0iKCYoZ2lkTnVtYmVyPTYwMDAxKShvYmplY3RDbGFzcz1wb3NpeEdyb3VwKShjbj0qKSgmKGdpZE51bWJlcj0qKSghKGdpZE51bWJlcj0wKSkpKSIKPDE2Nz4yMDE2LTA1LTI0VDA5OjU="}
00924{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"rsh-syslog-false-positive.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1464076252936094,"flow_src_last_pkt_time":1464076253018101,"flow_dst_last_pkt_time":1464076252936094,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":240,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":958,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4939,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1464076253018101,"l3_proto":"ip4","src_ip":"172.31.78.129","dst_ip":"172.29.43.201","src_port":9039,"dst_port":514,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
00574{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8,"source":"rsh-syslog-false-positive.pcap","alias":"nDPId-test","packets-captured":8,"packets-processed":8,"total-skipped-flows":0,"total-l4-payload-len":4939,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1464076253018101}
@@ -23,6 +23,6 @@
~~ total memory freed........: 6036009 bytes
~~ total allocations/frees...: 121496/121496
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 259 chars
~~ json string min len.......: 359 chars
~~ json string max len.......: 1645 chars
~~ json string avg len.......: 951 chars
~~ json string avg len.......: 1000 chars

6
test/results/skype_no_unknown.pcap.out
View File

@@ -504,7 +504,7 @@
00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":895,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1431970665893094,"flow_src_last_pkt_time":1431970665893094,"flow_dst_last_pkt_time":1431970665893094,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":33,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1431970665893094,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.148","src_port":13021,"dst_port":40033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":895,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":1,"flow_src_last_pkt_time":1431970665893094,"flow_dst_last_pkt_time":1431970665893094,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_usec":1431970665893094,"pkt":"0NQSxnP1PBXCt3IOCABFAAA9lmMAAEARmbbAqAEinTfrlDLdnGEAKXtSe2sCw7Vy\/6hHK2XTagfLmixWAHOAd\/loE1p\/EyV7QPa1"}
00900{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":895,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1431970665893094,"flow_src_last_pkt_time":1431970665893094,"flow_dst_last_pkt_time":1431970665893094,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":33,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1431970665893094,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.148","src_port":13021,"dst_port":40033,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","proto_id":"125.38","encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
00195{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":897,"source":"skype_no_unknown.pcap","alias":"nDPId-test","layer_type":94,"global_ts_usec":1431970666370007}
00295{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1431970666370007,"packet_id":897,"source":"skype_no_unknown.pcap","alias":"nDPId-test","layer_type":94,"global_ts_usec":1431970666370007}
00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":897,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":100,"pkt_type":94,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":100,"pkt_l4_len":0,"thread_ts_usec":1431970666274816,"pkt":"AQAMzMzMJKQ8\/kzXAF6qqgMAAAwgAAF4S2kAAQAOQWlyR2F0ZXdheQACABEAAAABAQHMAATAqAHbAAQACAAAAAIABQAQQWlyR1cudjEuMC4zAAYAB0FHVwADAAdicjAA\/wAFLg=="}
00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":899,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1431970666902808,"flow_src_last_pkt_time":1431970666902808,"flow_dst_last_pkt_time":1431970666902808,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1431970666902808,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.142","src_port":51255,"dst_port":40005,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":899,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":1,"flow_src_last_pkt_time":1431970666902808,"flow_dst_last_pkt_time":1431970666902808,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1431970666902808,"pkt":"0NQSxnP1PBXCt3IOCABFAABAb9VAAEAG6VLAqAEinTeCjsg3nEXoG0e9AAAAALAC\/\/9+tAAAAgQFtAEDAwUBAQgKPjIEMAAAAAAEAgAA"}
@@ -1398,6 +1398,6 @@
~~ total memory freed........: 6743370 bytes
~~ total allocations/frees...: 126585/126585
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 200 chars
~~ json string min len.......: 300 chars
~~ json string max len.......: 2283 chars
~~ json string avg len.......: 1241 chars
~~ json string avg len.......: 1291 chars

16
test/results/someip_sd_sample.pcap.out
View File

@@ -1,16 +1,16 @@
00496{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"someip_sd_sample.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":3265032704,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
00559{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"someip_sd_sample.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1559741544964106}
00207{"error_event_id":1,"error_event_name":"Unknown datalink layer packet","datalink":192,"packet_id":1,"source":"someip_sd_sample.pcap","alias":"nDPId-test","layer_type":4096,"global_ts_usec":1559741544964106}
00307{"error_event_id":1,"error_event_name":"Unknown datalink layer packet","datalink":192,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1559741544964106,"packet_id":1,"source":"someip_sd_sample.pcap","alias":"nDPId-test","layer_type":4096,"global_ts_usec":1559741544964106}
00433{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"someip_sd_sample.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":114,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":114,"pkt_l4_len":0,"thread_ts_usec":1559741544964106,"pkt":"AAAQAAEAAAAIAAQAAAAAAAEAXgIDBQBUr+cDQAgARQAAVAAAQAD\/EXSfwKhYSesCAwV3GncaAEDieP\/\/gQAAAAAwAAAAAwEBAgDAAAAAAAAAEAEAABAA6wAAAQAAHgAAAAAAAAAMAAkEAMCoWEkAEcNQ"}
00207{"error_event_id":1,"error_event_name":"Unknown datalink layer packet","datalink":192,"packet_id":2,"source":"someip_sd_sample.pcap","alias":"nDPId-test","layer_type":4096,"global_ts_usec":1559741545065160}
00307{"error_event_id":1,"error_event_name":"Unknown datalink layer packet","datalink":192,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1559741545065160,"packet_id":2,"source":"someip_sd_sample.pcap","alias":"nDPId-test","layer_type":4096,"global_ts_usec":1559741545065160}
00433{"packet_event_id":1,"packet_event_name":"packet","packet_id":2,"source":"someip_sd_sample.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":114,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":114,"pkt_l4_len":0,"thread_ts_usec":1559741544964106,"pkt":"AAAQAAEAAAAIAAQAAAAAAABUr+cDQABUr+cDAAgARQAAVAAAQAD\/EUmxwKhYTcCoWEl3GncaAECLdf\/\/gQAAAAAwAAAAAwEBAgDAAAAAAAAAEAYAABAA6wAAAQAAHgAAAAEAAAAMAAkEAMCoWE0AEepg"}
00207{"error_event_id":1,"error_event_name":"Unknown datalink layer packet","datalink":192,"packet_id":3,"source":"someip_sd_sample.pcap","alias":"nDPId-test","layer_type":4096,"global_ts_usec":1559741545065225}
00307{"error_event_id":1,"error_event_name":"Unknown datalink layer packet","datalink":192,"threshold_n":3,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1559741545065225,"packet_id":3,"source":"someip_sd_sample.pcap","alias":"nDPId-test","layer_type":4096,"global_ts_usec":1559741545065225}
00418{"packet_event_id":1,"packet_event_name":"packet","packet_id":3,"source":"someip_sd_sample.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":102,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":102,"pkt_l4_len":0,"thread_ts_usec":1559741544964106,"pkt":"AAAQAAEAAAAIAAQAAAAAAABUr+cDAABUr+cDQAgARQAASAAAQAD\/EUm9wKhYScCoWE13GncaADSSJ\/\/\/gQAAAAAkAAAAAgEBAgDAAAAAAAAAEAcAAAAA6wAAAQAAHgAAAAEAAAAA"}
00207{"error_event_id":1,"error_event_name":"Unknown datalink layer packet","datalink":192,"packet_id":4,"source":"someip_sd_sample.pcap","alias":"nDPId-test","layer_type":4096,"global_ts_usec":1559741545764092}
00307{"error_event_id":1,"error_event_name":"Unknown datalink layer packet","datalink":192,"threshold_n":4,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1559741545764092,"packet_id":4,"source":"someip_sd_sample.pcap","alias":"nDPId-test","layer_type":4096,"global_ts_usec":1559741545764092}
00434{"packet_event_id":1,"packet_event_name":"packet","packet_id":4,"source":"someip_sd_sample.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":114,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":114,"pkt_l4_len":0,"thread_ts_usec":1559741544964106,"pkt":"AAAQAAEAAAAIAAQAAAAAAAEAXgIDBQBUr+cDQAgARQAAVAAAQAD\/EXSfwKhYSesCAwV3GncaAEDid\/\/\/gQAAAAAwAAAABAEBAgDAAAAAAAAAEAEAABAA6wAAAQAAHgAAAAAAAAAMAAkEAMCoWEkAEcNQ"}
00207{"error_event_id":1,"error_event_name":"Unknown datalink layer packet","datalink":192,"packet_id":5,"source":"someip_sd_sample.pcap","alias":"nDPId-test","layer_type":4096,"global_ts_usec":1559741545865172}
00307{"error_event_id":1,"error_event_name":"Unknown datalink layer packet","datalink":192,"threshold_n":5,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1559741545865172,"packet_id":5,"source":"someip_sd_sample.pcap","alias":"nDPId-test","layer_type":4096,"global_ts_usec":1559741545865172}
00433{"packet_event_id":1,"packet_event_name":"packet","packet_id":5,"source":"someip_sd_sample.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":114,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":114,"pkt_l4_len":0,"thread_ts_usec":1559741544964106,"pkt":"AAAQAAEAAAAIAAQAAAAAAABUr+cDQABUr+cDAAgARQAAVAAAQAD\/EUmxwKhYTcCoWEl3GncaAECLdP\/\/gQAAAAAwAAAABAEBAgDAAAAAAAAAEAYAABAA6wAAAQAAHgAAAAEAAAAMAAkEAMCoWE0AEepg"}
00207{"error_event_id":1,"error_event_name":"Unknown datalink layer packet","datalink":192,"packet_id":6,"source":"someip_sd_sample.pcap","alias":"nDPId-test","layer_type":4096,"global_ts_usec":1559741545865698}
00307{"error_event_id":1,"error_event_name":"Unknown datalink layer packet","datalink":192,"threshold_n":6,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1559741545865698,"packet_id":6,"source":"someip_sd_sample.pcap","alias":"nDPId-test","layer_type":4096,"global_ts_usec":1559741545865698}
00417{"packet_event_id":1,"packet_event_name":"packet","packet_id":6,"source":"someip_sd_sample.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":102,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":102,"pkt_l4_len":0,"thread_ts_usec":1559741544964106,"pkt":"AAAQAAEAAAAIAAQAAAAAAABUr+cDAABUr+cDQAgARQAASAAAQAD\/EUm9wKhYScCoWE13GncaADSSJv\/\/gQAAAAAkAAAAAwEBAgDAAAAAAAAAEAcAAAAA6wAAAQAAHgAAAAEAAAAA"}
00562{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"someip_sd_sample.pcap","alias":"nDPId-test","packets-captured":6,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_usec":1559741545865698}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
@@ -25,6 +25,6 @@
~~ total memory freed........: 6034017 bytes
~~ total allocations/frees...: 121477/121477
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 212 chars
~~ json string min len.......: 312 chars
~~ json string max len.......: 567 chars
~~ json string avg len.......: 388 chars
~~ json string avg len.......: 438 chars

6
test/results/starcraft_battle.pcap.out
View File

@@ -48,7 +48,7 @@
00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1437389961548711,"flow_src_last_pkt_time":1437389961548711,"flow_dst_last_pkt_time":1437389961548711,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1437389961548711,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"64.233.184.188","src_port":2759,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1437389961548711,"flow_dst_last_pkt_time":1437389961548711,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":55,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":55,"pkt_l4_len":21,"thread_ts_usec":1437389961548711,"pkt":"hCYVPnXEIImEa8W6CABFAAApPndAAIAGAKbAqAFkQOm4vArHFGzE+CH9edXaGlAQAPyZDAAAAA=="}
00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1437389961548711,"flow_dst_last_pkt_time":1437389961598805,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1437389961598805,"pkt":"IImEa8W6hCYVPnXECABFAAA0aJ8AACgGbnNA6bi8wKgBZBRsCsd51doaxPgh\/oAQAXGUkwAAAQEFCsT4If3E+CH+"}
00197{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":28,"source":"starcraft_battle.pcap","alias":"nDPId-test","layer_type":35020,"global_ts_usec":1437389962628618}
00297{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1437389962628618,"packet_id":28,"source":"starcraft_battle.pcap","alias":"nDPId-test","layer_type":35020,"global_ts_usec":1437389962628618}
00363{"packet_event_id":1,"packet_event_name":"packet","packet_id":28,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":58,"pkt_type":35020,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":58,"pkt_l4_len":0,"thread_ts_usec":1437389961598805,"pkt":"AYDCAAAOIImEa8W6iMwCBwQgiYRrxboEBwMgiYRrxboGAg4R\/gkAEg8BAwABAAD+BwASuwEAAQEAAA=="}
00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1437389963466906,"flow_src_last_pkt_time":1437389963466906,"flow_dst_last_pkt_time":1437389963466906,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":381,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":381,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":381,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1437389963466906,"l3_proto":"ip4","src_ip":"192.168.1.254","dst_ip":"239.255.255.250","src_port":38605,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01017{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1437389963466906,"flow_dst_last_pkt_time":1437389963466906,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":423,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":423,"pkt_l4_len":389,"thread_ts_usec":1437389963466906,"pkt":"AQBef\/\/6hCYVPnXECABFAAGZAABAAAERxbPAqAH+7\/\/\/+pbNB2wBhW9zTk9USUZZICogSFRUUC8xLjENCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTYwDQpsT0NBVElPTjogaHR0cDovLzE5Mi4xNjguMS4yNTQ6NTcwNTIvcm9vdERlc2MwLnhtbA0KU0VSVkVSOiBFUElDRU5UUk8gVVBuUC8xLjAgTWluaVVQblBkLzEuNg0KTlQ6IHV1aWQ6MTEyNjY3MzYtZmE1OS0xMWU0LTljOWYtODQyNjE1M2U3NWM0DQpVU046IHV1aWQ6MTEyNjY3MzYtZmE1OS0xMWU0LTljOWYtODQyNjE1M2U3NWM0DQpOVFM6IHNzZHA6YWxpdmUNCk9QVDogImh0dHA6Ly9zY2hlbWFzLnVwbnAub3JnL3VwbnAvMS8wLyI7DQowMS1OTFM6IDENCkJPT1RJRC5VUE5QLk9SRzogMQ0KQ09ORklHSUQuVVBOUC5PUkc6IDEzMzcNCg0K"}
@@ -328,6 +328,6 @@
~~ total memory freed........: 6177497 bytes
~~ total allocations/frees...: 122936/122936
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 202 chars
~~ json string min len.......: 302 chars
~~ json string max len.......: 2346 chars
~~ json string avg len.......: 1274 chars
~~ json string avg len.......: 1324 chars

16
test/results/syslog.pcap.out
View File

@@ -1,7 +1,7 @@
00486{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"syslog.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":3265032704,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
00179{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1,"source":"syslog.pcap","alias":"nDPId-test","layer_type":34916,"global_ts_usec":108743144}
00272{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":108743144,"packet_id":1,"source":"syslog.pcap","alias":"nDPId-test","layer_type":34916,"global_ts_usec":108743144}
01206{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"syslog.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":703,"pkt_type":34916,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":703,"pkt_l4_len":0,"thread_ts_usec":108743144,"pkt":"ABczYQAA4KHXGMJziGQRABs9AqsAIUW0AqkAAEAAQBEKT1+I8jZdFH5uAgICAgKVMFQ8MjY+SmFuIDAxIDAwOjAxOjQ3IG5iNiBuYmQ6IDAxPTc7MDM9OTUuMTM2LjI0Mi41NDswND1OQjYtRlhDLXIyOzA1PUUwQTFENzE4QzI3MDswNj0xMDc7MjA9MTsyOT05NS4xMzYuMjQyLjU0OzJBPU5CNi1CT09UTE9BREVSLVIxLjMyLjBfTkI2LU1BSU4tUjMuMy40X05CNi1SRVNDVUUtUjMuMS44X05CNi1BRFNMLUEycEQwMzVwX05CNi1DT05GSUctUjMuMy40LjI7MDc9NDA7MDg9MTA7MEE9MTQwMTA7MEI9MTEyODswQz0xNjAwMDswRD0xMDY4OzBFPTMzLjA7MEY9MTguNDsxMj02LjI7MTM9Ni44OzE0PTE5Ljg7MTU9MTIuMTsxNj0wOzE3PTA7MTg9MDsxOT0wOzFCPTE7MUM9QURTTDIrOzFEPTA7MUU9YXV0bzsxRj0xOzIxPTA7MjI9Mzk7MjM9MDsyND0yNjs0Qj0zOzRDPTA7NEQ9MjQ3Mzg7NEU9MzEzNTE2OzRGPTA7NTA9MDs1MT0wOzUyPTA7MTA9MTsxMT00OzMwPTA7MzE9MDszMj0yOzMzPTI7MzQ9MDszNT0wOzM2PTA7NDE9MDs0Mj11bmtub3duOzdDPTA7N0Q9dW5rbm93bjsyRD11bmtub3duOzJGPXVua25vd247Mzk9MDszQT0wOzQ0PTQ5OzQ2PTQ5OzQ4PTQ5OzNCPTA7M0M9MDszRD0wOzNFPTA7M0Y9MDs0MD0wOzc3PTU7Nzg9MDs3OT0wOzkwPTA7OTE9MDs5Mj0wOzk4PTs5OT07OWE9dW5rbm93bjs5Yj1vbjs5Yz1kb3duOzlkPTA7QjA9MA=="}
00179{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2,"source":"syslog.pcap","alias":"nDPId-test","layer_type":34916,"global_ts_usec":113756696}
00272{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":113756696,"packet_id":2,"source":"syslog.pcap","alias":"nDPId-test","layer_type":34916,"global_ts_usec":113756696}
00774{"packet_event_id":1,"packet_event_name":"packet","packet_id":2,"source":"syslog.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":379,"pkt_type":34916,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":379,"pkt_l4_len":0,"thread_ts_usec":108743144,"pkt":"ABczYQAA4KHXGMJziGQRABs9AWcAIUW0AWUAAEAAQBEL0V+I8jZdFH4wAgICAgFRGxc8MjY+SmFuIDAxIDAwOjAxOjUzIG5iNiBuYmQ6IDAxPTg7MDM9OTUuMTM2LjI0Mi41NDswND1OQjYtRlhDLXIyOzA1PUUwQTFENzE4QzI3MDswNj0xMTM7MjA9MTsyOT05NS4xMzYuMjQyLjU0OzJBPU5CNi1CT09UTE9BREVSLVIxLjMyLjBfTkI2LU1BSU4tUjMuMy40X05CNi1SRVNDVUUtUjMuMS44X05CNi1BRFNMLUEycEQwMzVwX05CNi1DT05GSUctUjMuMy40LjI7Mzc9NDszMD0wOzMxPTA7MzI9MjszMz0yOzM0PTA7MzU9MDszNj0wOzQxPTA7NDI9dW5rbm93bjs3Qz0wOzdEPXVua25vd247MkQ9dW5rbm93bjsyRj11bmtub3duOzM5PTA7M0E9MDs0ND01NTs0Nj01NTs0OD01NQ=="}
00549{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"syslog.pcap","alias":"nDPId-test","packets-captured":3,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":6,"global_ts_usec":1377043331844398}
00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"syslog.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1377043331844398,"flow_src_last_pkt_time":1377043331844398,"flow_dst_last_pkt_time":1377043331844398,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":140,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":140,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":140,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1377043331844398,"l3_proto":"ip4","src_ip":"172.20.51.54","dst_ip":"172.31.110.40","src_port":514,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -113,13 +113,13 @@
00908{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":85,"source":"syslog.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744358191948,"flow_src_last_pkt_time":1618744358191948,"flow_dst_last_pkt_time":1618744358191948,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":139,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":139,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":139,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052948178444,"l3_proto":"ip4","src_ip":"192.168.254.157","dst_ip":"196.240.66.148","src_port":49611,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
01039{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":85,"source":"syslog.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":1,"flow_first_seen":1618744117704164,"flow_src_last_pkt_time":1618744314014150,"flow_dst_last_pkt_time":1618744128983164,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":136,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":136,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052948178444,"l3_proto":"ip4","src_ip":"10.186.117.194","dst_ip":"169.46.82.162","src_port":49948,"dst_port":52173,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
00562{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":85,"source":"syslog.pcap","alias":"nDPId-test","packets-captured":85,"packets-processed":82,"total-skipped-flows":0,"total-l4-payload-len":11419,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":0,"total-updates":10,"current-active-flows":1,"total-active-flows":17,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":115,"global_ts_usec":1646228387732435}
00187{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":85,"source":"syslog.pcap","alias":"nDPId-test","layer_type":34916,"global_ts_usec":1646228387732435}
00287{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1646228387732435,"packet_id":85,"source":"syslog.pcap","alias":"nDPId-test","layer_type":34916,"global_ts_usec":1646228387732435}
00974{"packet_event_id":1,"packet_event_name":"packet","packet_id":85,"source":"syslog.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":525,"pkt_type":34916,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":525,"pkt_l4_len":0,"thread_ts_usec":1639052948178444,"pkt":"JFpMlM8sAB0cD7o8iGQRAAABAfkAIUUAAfduywAAMxGwY8N4pYZT66ndAgIq+AHjFX48NDU+MSAyMDIyLTAzLTAyVDEyOjM5OjQ3LjY4OTM5Mi0wMTowMCBwZlNlbnNlLmxvY2FsZG9tYWluIHN1cmljYXRhIDM3MDQ2IC0gLSB7InRpbWVzdGFtcCI6ICIyMDIyLTAzLTAyVDEyOjM5OjQ3LjU2MTUyMy0wMTAwIiwgImZsb3dfaWQiOiAzODEwNzkzNTU4MjI1NzMsICJpbl9pZmFjZSI6ICJiZ2U5IiwgImV2ZW50X3R5cGUiOiAic3NoIiwgInNyY19pcCI6ICIxMDYuMTMuMjIzLjEiLCAic3JjX3BvcnQiOiA1MjUzMiwgImRlc3RfaXAiOiAiMTk1LjEyMC4xNjUuMTM0IiwgImRlc3RfcG9ydCI6IDIyMjIsICJwcm90byI6ICJUQ1AiLCAic3NoIjogeyJjbGllbnQiOiB7InByb3RvX3ZlcnNpb24iOiAiMi4wIiwgInNvZnR3YXJlX3ZlcnNpb24iOiAibGlic3NoLTAuNi4zIn0sICJzZXJ2ZXIiOiB7InByb3RvX3ZlcnNpb24iOiAiMi4wIiwgInNvZnR3YXJlX3ZlcnNpb24iOiAiT3BlblNTSF82LjdwMSBEZWJpYW4tNStkZWI4dTMifX19"}
00187{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":86,"source":"syslog.pcap","alias":"nDPId-test","layer_type":34916,"global_ts_usec":1646228388234384}
00287{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1646228388234384,"packet_id":86,"source":"syslog.pcap","alias":"nDPId-test","layer_type":34916,"global_ts_usec":1646228388234384}
00874{"packet_event_id":1,"packet_event_name":"packet","packet_id":86,"source":"syslog.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":450,"pkt_type":34916,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":450,"pkt_l4_len":0,"thread_ts_usec":1639052948178444,"pkt":"JFpMlM8sAB0cD7o8iGQRAAABAa4AIUUAAayvtwAAMxFvwsN4pYZT66ndAgIq+AGYZY08NDU+MSAyMDIyLTAzLTAyVDEyOjM5OjQ4LjE5MTY4NC0wMTowMCBwZlNlbnNlLmxvY2FsZG9tYWluIHN1cmljYXRhIDM3MDQ2IC0gLSB7InRpbWVzdGFtcCI6ICIyMDIyLTAzLTAyVDEyOjM5OjQ4LjA1NTI1My0wMTAwIiwgImZsb3dfaWQiOiAxMjEzNTkwMDQ2ODI0NDA1LCAiaW5faWZhY2UiOiAiYmdlOSIsICJldmVudF90eXBlIjogImRucyIsICJzcmNfaXAiOiAiMTk1LjEyMC4xNjUuMTM0IiwgInNyY19wb3J0IjogODM2MCwgImRlc3RfaXAiOiAiOC44LjguOCIsICJkZXN0X3BvcnQiOiA1MywgInByb3RvIjogIlVEUCIsICJkbnMiOiB7InR5cGUiOiAicXVlcnkiLCAiaWQiOiAxODQ4NCwgInJybmFtZSI6ICJvcGVudnBudGVjLmV0cmEtaWQuY29tIiwgInJydHlwZSI6ICJBIiwgInR4X2lkIjogMH19"}
00187{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":87,"source":"syslog.pcap","alias":"nDPId-test","layer_type":34916,"global_ts_usec":1646228388765119}
00287{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":3,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1646228388765119,"packet_id":87,"source":"syslog.pcap","alias":"nDPId-test","layer_type":34916,"global_ts_usec":1646228388765119}
00874{"packet_event_id":1,"packet_event_name":"packet","packet_id":87,"source":"syslog.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":449,"pkt_type":34916,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":449,"pkt_l4_len":0,"thread_ts_usec":1639052948178444,"pkt":"JFpMlM8sAB0cD7o8iGQRAAABAa0AIUUAAav9yAAAMxEhssN4pYZT66ndAgIq+AGXbaE8NDU+MSAyMDIyLTAzLTAyVDEyOjM5OjQ4LjcyMjMzOC0wMTowMCBwZlNlbnNlLmxvY2FsZG9tYWluIHN1cmljYXRhIDM3MDQ2IC0gLSB7InRpbWVzdGFtcCI6ICIyMDIyLTAzLTAyVDEyOjM5OjQ4LjE5NzI2NS0wMTAwIiwgImZsb3dfaWQiOiAyOTAwNDk2NzE1NjE4NzMsICJpbl9pZmFjZSI6ICJiZ2U5IiwgImV2ZW50X3R5cGUiOiAiZG5zIiwgInNyY19pcCI6ICIxOTUuMTIwLjE2NS4xMzQiLCAic3JjX3BvcnQiOiA0NjkyLCAiZGVzdF9pcCI6ICI4LjguOC44IiwgImRlc3RfcG9ydCI6IDUzLCAicHJvdG8iOiAiVURQIiwgImRucyI6IHsidHlwZSI6ICJxdWVyeSIsICJpZCI6IDM5MDc0LCAicnJuYW1lIjogIm9wZW52cG50ZWMuZXRyYS1pZC5jb20iLCAicnJ0eXBlIjogIkEiLCAidHhfaWQiOiAwfX0="}
00187{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":88,"source":"syslog.pcap","alias":"nDPId-test","layer_type":34916,"global_ts_usec":1646228388765633}
00287{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":4,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1646228388765633,"packet_id":88,"source":"syslog.pcap","alias":"nDPId-test","layer_type":34916,"global_ts_usec":1646228388765633}
00982{"packet_event_id":1,"packet_event_name":"packet","packet_id":88,"source":"syslog.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":530,"pkt_type":34916,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":530,"pkt_l4_len":0,"thread_ts_usec":1639052948178444,"pkt":"JFpMlM8sAB0cD7o8iGQRAAABAf4AIUUAAfwa3gAAMxEETMN4pYZT66ndAgIq+AHo0Bs8NDU+MSAyMDIyLTAzLTAyVDEyOjM5OjQ4LjcyMjQzOC0wMTowMCBwZlNlbnNlLmxvY2FsZG9tYWluIHN1cmljYXRhIDM3MDQ2IC0gLSB7InRpbWVzdGFtcCI6ICIyMDIyLTAzLTAyVDEyOjM5OjQ4LjIxNTI3Ny0wMTAwIiwgImZsb3dfaWQiOiAyOTAwNDk2NzE1NjE4NzMsICJpbl9pZmFjZSI6ICJiZ2U5IiwgImV2ZW50X3R5cGUiOiAiZG5zIiwgInNyY19pcCI6ICIxOTUuMTIwLjE2NS4xMzQiLCAic3JjX3BvcnQiOiA0NjkyLCAiZGVzdF9pcCI6ICI4LjguOC44IiwgImRlc3RfcG9ydCI6IDUzLCAicHJvdG8iOiAiVURQIiwgImRucyI6IHsidmVyc2lvbiI6IDIsICJ0eXBlIjogImFuc3dlciIsICJpZCI6IDM5MDc0LCAiZmxhZ3MiOiAiODE4MCIsICJxciI6IHRydWUsICJyZCI6IHRydWUsICJyYSI6IHRydWUsICJycm5hbWUiOiAib3BlbnZwbnRlYy5ldHJhLWlkLmNvbSIsICJycnR5cGUiOiAiQSIsICJyY29kZSI6ICJOT0VSUk9SIiwgImFuc3c="}
00562{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":89,"source":"syslog.pcap","alias":"nDPId-test","packets-captured":89,"packets-processed":82,"total-skipped-flows":0,"total-l4-payload-len":11419,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":0,"total-updates":10,"current-active-flows":1,"total-active-flows":17,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":124,"global_ts_usec":1646781267422628}
00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":89,"source":"syslog.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646781267422628,"flow_src_last_pkt_time":1646781267422628,"flow_dst_last_pkt_time":1646781267422628,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":91,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":91,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":91,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646781267422628,"l3_proto":"ip4","src_ip":"10.94.232.21","dst_ip":"10.94.150.21","src_port":57374,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -146,6 +146,6 @@
~~ total memory freed........: 6072253 bytes
~~ total allocations/frees...: 121782/121782
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 184 chars
~~ json string min len.......: 277 chars
~~ json string max len.......: 2202 chars
~~ json string avg len.......: 1187 chars
~~ json string avg len.......: 1233 chars

84
test/results/teams.pcap.out
View File

@@ -3,20 +3,20 @@
00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"teams.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041672419153,"flow_src_last_pkt_time":1587041672419153,"flow_dst_last_pkt_time":1587041672419153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":279,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":279,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041672419153,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00877{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"teams.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1587041672419153,"flow_dst_last_pkt_time":1587041672419153,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"thread_ts_usec":1587041672419153,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzES1AAEARZ+TAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGABgr52AAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"}
00937{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"teams.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041672419153,"flow_src_last_pkt_time":1587041672419153,"flow_dst_last_pkt_time":1587041672419153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":279,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":279,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041672419153,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"tl-sg116e","dhcp": {"fingerprint":"1,3","class_ident":"TL-SG116E"}}}
00182{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1587041672611330}
00282{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1587041672611330,"packet_id":2,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1587041672611330}
00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":2,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041672419153,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00750{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"teams.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041673094451,"flow_src_last_pkt_time":1587041673094451,"flow_dst_last_pkt_time":1587041673094451,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1587041673094451,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"149.154.167.91","src_port":58533,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"teams.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1587041673094451,"flow_dst_last_pkt_time":1587041673094451,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041673094451,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGPCDAqAEGlZqnW+SlAbsZTPC7DAoX94ARECZ4MwAAAQEICjCEirAtAPMf"}
00185{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":4,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_usec":1587041673412435}
00285{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1587041673412435,"packet_id":4,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_usec":1587041673412435}
00358{"packet_event_id":1,"packet_event_name":"packet","packet_id":4,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041673094451,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00182{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":5,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1587041673611235}
00282{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":3,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1587041673611235,"packet_id":5,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1587041673611235}
00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":5,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041673094451,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00182{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":6,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1587041674611244}
00282{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":4,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1587041674611244,"packet_id":6,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1587041674611244}
00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":6,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041673094451,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"teams.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1587041675216685,"flow_dst_last_pkt_time":1587041673094451,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041675216685,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGPCDAqAEGlZqnW+SlAbsZTPC7DAoX94ARECZv6wAAAQEICjCEkvgtAPMf"}
00185{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":8,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_usec":1587041675409077}
00285{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":5,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1587041675409077,"packet_id":8,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_usec":1587041675409077}
00358{"packet_event_id":1,"packet_event_name":"packet","packet_id":8,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041675216685,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00182{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":9,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1587041675611218}
00282{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":6,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1587041675611218,"packet_id":9,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1587041675611218}
00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":9,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041675216685,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00749{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"teams.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041675997451,"flow_src_last_pkt_time":1587041675997451,"flow_dst_last_pkt_time":1587041675997451,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041675997451,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60813,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"teams.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1587041675997451,"flow_dst_last_pkt_time":1587041675997451,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_usec":1587041675997451,"pkt":"EBMx8Tl2KDc3AG3ICABFAABPKfkAAP8RDk3AqAEGwKgBAe2NADUAO4czzp0BAAABAAAAAAAAFHNreXBlZGF0YXByZGNvbG5ldTA0CGNsb3VkYXBwA25ldAAAAQAB"}
@@ -37,7 +37,7 @@
01944{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":47,"source":"teams.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1587041676435900,"flow_src_last_pkt_time":1587041676535873,"flow_dst_last_pkt_time":1587041676535853,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":258,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":757,"flow_dst_tot_l4_payload_len":10509,"midstream":0,"thread_ts_usec":1587041676535873,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":2,"avg":6449.2,"max":29755,"stddev":8827.8,"var":77930416.0,"ent":3.7,"data": [12466,12563,1399,13862,1628,233,14289,254,250,114,2,99,4851,16541,1120,12847,339,301,11408,365,232,23032,26,11077,443,29285,29755,471,122,15,537]},"pktlen": {"min":40,"avg":393.9,"max":1492,"stddev":548.1,"var":300365.6,"ent":3.9,"data": [64,52,40,250,46,1492,1492,40,1492,40,1492,257,40,198,46,366,40,109,40,133,78,298,78,46,40,46,556,40,1492,1492,671,40]},"bins": {"c_to_s": [10,1,1,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,1,1,0,0,0,1,0,0,0,1,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1,0,1,0,0,0,0,1,1,0,1,1,0,1,1,1,0],"entropies": [4.365527153,4.946223736,4.521928787,5.447622776,4.609350681,7.356091499,7.445232391,4.680641174,7.544306755,4.571928501,7.621133804,7.081102371,4.630641460,6.624766827,4.609350681,7.169972897,4.680641174,6.030838013,4.630641460,6.150182247,5.105917454,7.025798798,5.428217888,4.565872192,4.680641174,4.565872192,7.556540489,4.680641174,7.827769756,7.840335846,7.703694820,4.680641174]}}
01383{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":47,"source":"teams.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1587041676435900,"flow_src_last_pkt_time":1587041676535873,"flow_dst_last_pkt_time":1587041676535853,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":258,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":757,"flow_dst_tot_l4_payload_len":10509,"midstream":0,"thread_ts_usec":1587041676535873,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"0f14538e1c9070becdad7739c67d6363","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=teams.microsoft.com","alpn":"h2,http\/1.1","fingerprint":"68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E"}}}
01709{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":59,"source":"teams.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1587041676362386,"flow_src_last_pkt_time":1587041676545644,"flow_dst_last_pkt_time":1587041676545713,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041676545713,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60532,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}}}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":64,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1587041676611249}
00283{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":7,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1587041676611249,"packet_id":64,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1587041676611249}
00348{"packet_event_id":1,"packet_event_name":"packet","packet_id":64,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041676592590,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00747{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"teams.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041676612882,"flow_src_last_pkt_time":1587041676612882,"flow_dst_last_pkt_time":1587041676612882,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041676612882,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.5","src_port":60534,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"teams.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1587041676612882,"flow_dst_last_pkt_time":1587041676612882,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041676612882,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGR4fAqAEGKH4JBex2AbukS07pAAAAALAC\/\/+ZfQAAAgQFtAEDAwUBAQgKMISYYwAAAAAEAgAA"}
@@ -62,10 +62,10 @@
01937{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":219,"source":"teams.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1587041677243705,"flow_src_last_pkt_time":1587041677297348,"flow_dst_last_pkt_time":1587041677349666,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":3034,"flow_dst_tot_l4_payload_len":8925,"midstream":0,"thread_ts_usec":1587041677349666,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":3,"avg":5148.5,"max":50397,"stddev":9740.5,"var":94877928.0,"ent":3.3,"data": [11421,11522,225,11256,2751,92,13830,124,124,124,3,141,4803,15532,11803,1342,15,233,10,306,235,4,56,10886,31,10351,1699,244,14,50397,30]},"pktlen": {"min":40,"avg":416.0,"max":1492,"stddev":569.7,"var":324516.5,"ent":3.8,"data": [64,52,40,254,46,1492,1492,40,1492,40,1492,257,40,198,46,133,366,109,40,40,78,1480,1047,124,46,78,40,46,46,46,1492,1055]},"bins": {"c_to_s": [8,1,2,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0],"s_to_c": [7,1,1,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,0,1,1,0,0,0,0,0,0,1,1,0,1,1,1,1,1],"entropies": [4.396777153,4.893245220,4.571928501,5.470339298,4.549461365,7.348021507,7.445699215,4.680641174,7.531925678,4.571928501,7.607865810,7.056878567,4.680641174,6.474961758,4.505983353,6.083388805,7.209881783,5.879484177,4.680641174,4.630641460,5.102818012,7.881052494,7.824805737,6.119441986,4.457919598,5.412868977,4.630641460,4.565872192,4.565871716,4.522393703,7.843515396,7.832207680]}}
01385{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":219,"source":"teams.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1587041677243705,"flow_src_last_pkt_time":1587041677297348,"flow_dst_last_pkt_time":1587041677349666,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":3034,"flow_dst_tot_l4_payload_len":8925,"midstream":0,"thread_ts_usec":1587041677349666,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"teams.microsoft.com","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"0f14538e1c9070becdad7739c67d6363","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=teams.microsoft.com","alpn":"h2,http\/1.1","fingerprint":"68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E"}}}
00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":403,"source":"teams.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1587041677380886,"flow_dst_last_pkt_time":1587041673094451,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041677380886,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGPCzAqAEGlZqnW+SlAbsZTPC8DAoX91AUECaMmwAA"}
00187{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":607,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_usec":1587041677408485}
00287{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":8,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1587041677408485,"packet_id":607,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_usec":1587041677408485}
00360{"packet_event_id":1,"packet_event_name":"packet","packet_id":607,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041677401264,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00879{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":608,"source":"teams.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1587041677422728,"flow_dst_last_pkt_time":1587041672419153,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"thread_ts_usec":1587041677422728,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzES5AAEARZ+PAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGADtdrMEAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"}
00184{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":617,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1587041677611261}
00284{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":9,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1587041677611261,"packet_id":617,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1587041677611261}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":617,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041677424406,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00750{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":618,"source":"teams.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041678029919,"flow_src_last_pkt_time":1587041678029919,"flow_dst_last_pkt_time":1587041678029919,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041678029919,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60537,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":618,"source":"teams.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1587041678029919,"flow_dst_last_pkt_time":1587041678029919,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041678029919,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIex5Abv0H+uOAAAAALAC\/\/9XkAAAAgQFtAEDAwUBAQgKMISdwwAAAAAEAgAA"}
@@ -73,7 +73,7 @@
00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":620,"source":"teams.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1587041678074233,"flow_dst_last_pkt_time":1587041678074133,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041678074233,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIex5Abv0H+uPO2V4UYAQEAlydQAAAQEICjCEne9hEv\/b"}
01178{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":621,"source":"teams.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041678029919,"flow_src_last_pkt_time":1587041678074525,"flow_dst_last_pkt_time":1587041678074133,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041678074525,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60537,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
01710{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":625,"source":"teams.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1587041678029919,"flow_src_last_pkt_time":1587041678120910,"flow_dst_last_pkt_time":1587041678120987,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041678120987,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60537,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}}}
00184{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":644,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1587041678611338}
00285{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":10,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1587041678611338,"packet_id":644,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1587041678611338}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":644,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041678303901,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":645,"source":"teams.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041679059584,"flow_src_last_pkt_time":1587041679059584,"flow_dst_last_pkt_time":1587041679059584,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041679059584,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":64046,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":645,"source":"teams.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1587041679059584,"flow_dst_last_pkt_time":1587041679059584,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"thread_ts_usec":1587041679059584,"pkt":"EBMx8Tl2KDc3AG3ICABFAABFmxQAAP8RnTvAqAEGwKgBAfouADUAMTs\/p0sBAAABAAAAAAAAAWIHX2Rucy1zZARfdWRwBG50b3ADb3JnAAAMAAE="}
@@ -84,9 +84,9 @@
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":647,"source":"teams.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041679280885,"flow_src_last_pkt_time":1587041679280885,"flow_dst_last_pkt_time":1587041679280885,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":485,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":485,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":485,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041679280885,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01151{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":647,"source":"teams.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1587041679280885,"flow_dst_last_pkt_time":1587041679280885,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":527,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":527,"pkt_l4_len":493,"thread_ts_usec":1587041679280885,"pkt":"\/\/\/\/\/\/\/\/KDc3AG3ICABFAAIBMegAAEARwq7AqAEGwKgB\/0RcRFwB7bcHeyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAxMzMzNTg3NDkxMjE4NDQ1MzM1NDE0MzUyMjUyODU2OTU0NjIxMiwgImRpc3BsYXluYW1lIjogIiIsICJuYW1lc3BhY2VzIjogWzI3NTAzNzA1NjAsIDc4NTI2NjE3NywgMTUyNjI2MzA0NSwgMjg1MjE2MDcsIDE0ODE5MzM3LCA0NTE0NzI2NTgsIDczNjM0MTUyOCwgOTM4ODEzODQ5LCAxMjY3Njk1MTA5LCA1NDQwNDA3MDcyLCA1ODM0NDk5NiwgOTk2MzA2MjE1LCA1MzAzMzAxMjQ4LCA0MDU2NDYyNTkyLCA3MDUzNjI3MTg0LCAxNTIyMTc3NTg3LCAxNDIxMTE0Mzk5LCAxMjUyMTE2NDI5LCA5OTQ2OTc3MywgNzA3OTYzNjY4OCwgMTc2OTY0MzA3LCAxMjU1NDA1NjYsIDEwNDc0MjgxODksIDQ3MTYxOTAwNDgsIDU0NjcxNjMwODgsIDExOTUwNDQwNzEsIDk2ODUzMjI0LCAxNzYwOTk2MywgNjQ3ODMwMzQ0MCwgNTExNzA2NjQyLCA2Mjk3OTU1MTg0LCAxNDE1NjIwMzUwXX0="}
00867{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":647,"source":"teams.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041679280885,"flow_src_last_pkt_time":1587041679280885,"flow_dst_last_pkt_time":1587041679280885,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":485,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":485,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":485,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041679280885,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
00187{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":648,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_usec":1587041679406816}
00288{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":11,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1587041679406816,"packet_id":648,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_usec":1587041679406816}
00360{"packet_event_id":1,"packet_event_name":"packet","packet_id":648,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041679280885,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00184{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":649,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1587041679611289}
00285{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":12,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1587041679611289,"packet_id":649,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1587041679611289}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":649,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041679280885,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":650,"source":"teams.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1587041680062816,"flow_dst_last_pkt_time":1587041679059584,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"thread_ts_usec":1587041680062816,"pkt":"EBMx8Tl2KDc3AG3ICABFAABFhq8AAP8RsaDAqAEGwKgBAfouADUAMTs\/p0sBAAABAAAAAAAAAWIHX2Rucy1zZARfdWRwBG50b3ADb3JnAAAMAAE="}
00623{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":651,"source":"teams.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_src_last_pkt_time":1587041680062816,"flow_dst_last_pkt_time":1587041680074798,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":136,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":136,"pkt_l4_len":102,"thread_ts_usec":1587041680074798,"pkt":"KDc3AG3IEBMx8Tl2CABFAAB61LQAAEARImfAqAEBwKgBBgA1+i4AZgAAp0uBgwABAAAAAQAAAWIHX2Rucy1zZARfdWRwBG50b3ADb3JnAAAMAAHAGwAGAAEAAAA7ACkFZG5zZG\/AGwpwb3N0bWFzdGVywBt4ZvNkAACowAAAHCAAJOoAAAACWA=="}
@@ -99,16 +99,16 @@
00849{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":665,"source":"teams.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041680294054,"flow_src_last_pkt_time":1587041680294054,"flow_dst_last_pkt_time":1587041680294054,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1587041680294054,"l3_proto":"ip4","src_ip":"93.62.150.157","dst_ip":"192.168.1.6","src_port":443,"dst_port":60512,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":666,"source":"teams.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_src_last_pkt_time":1587041680294054,"flow_dst_last_pkt_time":1587041680294170,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041680294170,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGhUbAqAEGXT6WnexgAbuQjkveAAAAAFAEAAAvzgAA"}
02003{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":667,"source":"teams.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_src_last_pkt_time":1587041680294649,"flow_dst_last_pkt_time":1587041680294170,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":1156,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1156,"pkt_l4_len":1122,"thread_ts_usec":1587041680294649,"pkt":"KDc3AG3IEBMx8Tl2CABFAAR2CTRAAHEGRsRdPpadwKgBBgG77GBJd2aIkI5L3oAY\/\/v9PwAAAQEICsJ1bW4wg\/kbFwMDBD0AAAAAAAAABm9iu+t9XgqZR4s0F3BUPHh3OFodjBrwIjhJ5jzUDrtlDVli1SVxk270m+gEbse5EGdXD2tQPqX+uNfx4B7otIIyfqifH2S\/KFxGyKDkumEYrUX2hsTy4AvsIXg77ggsd77nUCYIUkr9Dcu1K8XBBisxPpHT+zWCDZADIu9GEbXV2\/9sowiGe8yrlpVrokOfQ1DpsHmZowwlG7Bi36UFm+L5Z6cwifqjKB8bGHxJp5qTVRJD\/elikR43sBRzkZfcKqYDSp7JYzhK3QKUfc6m5GUQ5dfnLhv5nlfAs74UtmJ5EyjXuAHe9YxanSSvzzG4JMTWGAY5tTjjtYwpZihFAGx52HToq2O+CpcbwPHV1TLQUDbT2yGJc7gM1GLG5aFGzYu4CebCnnBl2NsUqq80dM5DZBgWZFtSy9z2NYnNFnXM\/L50k82dbGP\/hbFfCNFMS6BvXhwvqUQidPN2cRmVwTsWXaFgKlMTAFoatWZ\/LRmGoWBdnNparAnK8NJzgtzGWejWpNSxsXZQ1NSy\/4QwWmZ1aiyH3lAZfsyIjqYBH478mZLwQeLwCsFzK39ybhvc8awbkRiAIoeLHCDrqRPBNhP62oMKfuuybYfQO5cgeLBcoVWj4YmTHvVqXUaiIJM0ecCweYrE28c1bMOuRYrnD6X5H1vOaut8zUARe+SwmWED1FAd9+LaLocuQm5mzrdNkB6aXE4s0lhsnmXfrvdjFstoXCwJT0nh7ITIpoT2HCapxHTDXopSW+f6iqr0aTti5yh8nUUMgZZ++9jn1o3T3lmRclm9+mgQdUUmHkA3dQCgvlVHN9ZAWzkNyqS56Hs+VXyhIUgDoTONh43ut\/yBnqLWJ6HXKcI6qe1ntdtXyoQyjYZpSOnm2uYp+6WFP8eztjtGexEu6hDqMx2fyQv\/mVl0auJxOvVANURsh9C6cu1LRWqw8SukcmJhO9ptW5iUNYclFK0BRMa7HDoqgqFCccb2WkU4sxDCVFF52CIMR33VkffteHiI9\/NgTNgZERM3tobFzsdXrDpRRXLWDage6O7fLzs8m9hERZCv46Exgndu8ho3VvbFCaZyMsnBpC0\/L6igC1xzLSs2ksZSkx5L9Q7VhMaHlPusEBUMQJ5uA6CkdGrw0a3GiTrkSUGJIGKC7WyL+yh36GZcaflqIrfqPpArwHS0O6hsLRU\/2t+Pwt19umaYcC7QuLOwfSwEr1PxrFtzW1mzlNCKarl0LmPBlPWyV5JfN4y4C1aRVZ7yV7\/4iclnIrddqAkiXdgSc+ai4OnXQhk4fgmfh+Ar5gfpmM8U2v\/X345bEZszWOszb+cdvmzW47cwiYheg59HkuZ4TWUwEFRrPkd047noDz+bhfvXLMYNCStN2XWEGpRFtvI8rpdiTmvHc7+aKDQSaaH8jzVNbso1cSOHqJjXtpeD+vrVfOMXgQ=="}
00184{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":669,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1587041680611341}
00285{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":13,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1587041680611341,"packet_id":669,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1587041680611341}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":669,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041680294680,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":850,"source":"teams.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041681218709,"flow_src_last_pkt_time":1587041681218709,"flow_dst_last_pkt_time":1587041681218709,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681218709,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":56634,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":850,"source":"teams.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":1587041681218709,"flow_dst_last_pkt_time":1587041681218709,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1587041681218709,"pkt":"EBMx8Tl2KDc3AG3ICABFAABLUFkAAP8R5\/DAqAEGwKgBAd06ADUANyl9Kf0BAAABAAAAAAAAB2NhcHRpdmUFYXBwbGUDY29tB2VkZ2VrZXkDbmV0AAABAAE="}
01005{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":850,"source":"teams.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041681218709,"flow_src_last_pkt_time":1587041681218709,"flow_dst_last_pkt_time":1587041681218709,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681218709,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":56634,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":30,"category":"ConnCheck","hostname":"captive.apple.com.edgekey.net","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
00630{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":851,"source":"teams.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":1587041681218709,"flow_dst_last_pkt_time":1587041681248693,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1587041681248693,"pkt":"KDc3AG3IEBMx8Tl2CABFAACAqEJAADkRFdPAqAEBwKgBBgA13ToAbAAAKf2BgAABAAIAAAAAB2NhcHRpdmUFYXBwbGUDY29tB2VkZ2VrZXkDbmV0AAABAAHADAAFAAEAAADSABkFZTcyNzkFZHNjZTkKYWthbWFpZWRnZcAmwDsAAQABAAAAFAAEFzKeWA=="}
01022{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":851,"source":"teams.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041681218709,"flow_src_last_pkt_time":1587041681218709,"flow_dst_last_pkt_time":1587041681248693,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":100,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":100,"midstream":0,"thread_ts_usec":1587041681248693,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":56634,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":30,"category":"ConnCheck","hostname":"captive.apple.com.edgekey.net","dns": {"num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"23.50.158.88"}}}
00187{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":853,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_usec":1587041681407197}
00288{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":14,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1587041681407197,"packet_id":853,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_usec":1587041681407197}
00360{"packet_event_id":1,"packet_event_name":"packet","packet_id":853,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041681401604,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00184{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":864,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1587041681611328}
00285{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":15,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1587041681611328,"packet_id":864,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1587041681611328}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":864,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041681458450,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":865,"source":"teams.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041681714331,"flow_src_last_pkt_time":1587041681714331,"flow_dst_last_pkt_time":1587041681714331,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681714331,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":865,"source":"teams.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1587041681714331,"flow_dst_last_pkt_time":1587041681714331,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"thread_ts_usec":1587041681714331,"pkt":"EBMx8Tl2KDc3AG3ICABFAABCnaYAAP8RmqzAqAEGwKgBAcdZADUALvSsiC0BAAABAAAAAAAABmV1LWFwaQNhc20Fc2t5cGUDY29tAAABAAE="}
@@ -173,7 +173,7 @@
00881{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1159,"source":"teams.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1587041682440956,"flow_dst_last_pkt_time":1587041672419153,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"thread_ts_usec":1587041682440956,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzES9AAEARZ+LAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGAHT\/ICoAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"}
01099{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1160,"source":"teams.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1587041682376166,"flow_src_last_pkt_time":1587041682423900,"flow_dst_last_pkt_time":1587041682467714,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":236,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":236,"flow_dst_tot_l4_payload_len":1452,"midstream":0,"thread_ts_usec":1587041682467714,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.76.48","src_port":60544,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"northeurope.notifications.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}}
01712{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1185,"source":"teams.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1587041682369801,"flow_src_last_pkt_time":1587041682557246,"flow_dst_last_pkt_time":1587041682557307,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041682557307,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60543,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}}}
00185{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1189,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1587041682611214}
00286{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":16,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1587041682611214,"packet_id":1189,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1587041682611214}
00350{"packet_event_id":1,"packet_event_name":"packet","packet_id":1189,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041682598222,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1193,"source":"teams.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682668456,"flow_src_last_pkt_time":1587041682668456,"flow_dst_last_pkt_time":1587041682668456,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682668456,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57530,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1193,"source":"teams.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_src_last_pkt_time":1587041682668456,"flow_dst_last_pkt_time":1587041682668456,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":100,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":100,"pkt_l4_len":66,"thread_ts_usec":1587041682668456,"pkt":"EBMx8Tl2KDc3AG3ICABFAABW2rQAAP8RXYrAqAEGwKgBAeC6ADUAQqKILzcBAAABAAAAAAAACHByZXNlbmNlCHNlcnZpY2VzA3NmYg50cmFmZmljbWFuYWdlcgNuZXQAAAEAAQ=="}
@@ -215,12 +215,8 @@
00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1493,"source":"teams.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_src_last_pkt_time":1587041683333389,"flow_dst_last_pkt_time":1587041683378966,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041683378966,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8VAJAAGwGd3g0ck0hwKgBBgG77IQbiSB\/F+H6CKASIABpjQAAAgQFoAEDAwgEAggKYR77TDCEshI="}
00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1494,"source":"teams.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_src_last_pkt_time":1587041683379074,"flow_dst_last_pkt_time":1587041683378966,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041683379074,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyEAbsX4foIG4kggIAQEAmoEAAAAQEICjCEsj9hHvtM"}
01180{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1495,"source":"teams.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041683333389,"flow_src_last_pkt_time":1587041683379360,"flow_dst_last_pkt_time":1587041683378966,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041683379360,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60548,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
00188{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1499,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_usec":1587041683406443}
00361{"packet_event_id":1,"packet_event_name":"packet","packet_id":1499,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041683396534,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
01712{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1503,"source":"teams.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1587041683333389,"flow_src_last_pkt_time":1587041683430891,"flow_dst_last_pkt_time":1587041683431072,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041683431072,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60548,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}}}
02106{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1516,"source":"teams.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1587041683186164,"flow_src_last_pkt_time":1587041683511604,"flow_dst_last_pkt_time":1587041683511700,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2582,"flow_dst_tot_l4_payload_len":7792,"midstream":0,"thread_ts_usec":1587041683511700,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.88.59","src_port":60547,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":2,"avg":20999.2,"max":115070,"stddev":31123.6,"var":968681216.0,"ent":3.5,"data": [34191,34298,279,36871,33,36580,20,190,171,120,2,98,1011,12039,309,36028,22727,226,163,129,10387,10298,599,557,77127,91684,7,49137,80440,115070,185]},"pktlen": {"min":52,"avg":377.2,"max":1492,"stddev":521.7,"var":272149.2,"ent":3.9,"data": [64,60,52,273,1492,1492,64,52,1492,52,1492,302,52,178,145,533,103,52,121,52,90,90,52,414,52,52,1480,247,52,227,52,1139]},"bins": {"c_to_s": [11,1,1,1,0,0,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [3,2,1,0,0,1,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,1,1,0,0,0,0,1,0,1,0,0,1,0,1,0,1,0,0,1,1,0,1],"entropies": [4.278468132,5.100120544,4.678913116,5.492300034,7.395298958,7.335471153,4.813810349,4.784870625,7.534573555,4.736229897,7.601704121,7.355720520,4.823332310,6.256767273,6.195283890,7.525622368,5.556344509,4.861793995,6.029422760,4.861793995,5.382391453,5.548377514,4.823332310,7.376307011,4.861793995,5.063529015,7.847518921,6.993651390,4.986605644,6.825597286,4.731892109,7.799232483]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}}
00185{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1533,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1587041683611241}
00350{"packet_event_id":1,"packet_event_name":"packet","packet_id":1533,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041683605577,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1685,"source":"teams.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041684291077,"flow_src_last_pkt_time":1587041684291077,"flow_dst_last_pkt_time":1587041684291077,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041684291077,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":59403,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1685,"source":"teams.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_src_last_pkt_time":1587041684291077,"flow_dst_last_pkt_time":1587041684291077,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"thread_ts_usec":1587041684291077,"pkt":"EBMx8Tl2KDc3AG3ICABFAABC19sAAP8RYHfAqAEGwKgBAegLADUALnZLN+4BAAABAAAAAAAACXN1YnN0cmF0ZQZvZmZpY2UDY29tAAABAAE="}
01018{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1685,"source":"teams.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041684291077,"flow_src_last_pkt_time":1587041684291077,"flow_dst_last_pkt_time":1587041684291077,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041684291077,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":59403,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft365","proto_id":"5.219","encrypted":0,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"substrate.office.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
@@ -234,8 +230,6 @@
01897{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1722,"source":"teams.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1587041684306115,"flow_src_last_pkt_time":1587041684362150,"flow_dst_last_pkt_time":1587041684362335,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":4396,"midstream":0,"thread_ts_usec":1587041684362335,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"substrate.office.com","tls": {"version":"TLSv1.2","server_names":"outlook.office.com,attachment.outlook.office.net,attachment.outlook.officeppe.net,bookings.office.com,delve.office.com,edge.outlook.office365.com,edgesdf.outlook.com,img.delve.office.com,outlook.live.com,outlook-sdf.live.com,outlook-sdf.office.com,sdfedge-pilot.outlook.com,substrate.office.com,substrate-sdf.office.com,afd-k-acdc-direct.office.com,beta-sdf.yammer.com,teams-sdf.yammer.com,beta.yammer.com,teams.yammer.com,attachments.office.net,attachments-sdf.office.net,afd-k.office.com,afd-k-sdf.office.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"a66ea560599a2f5c89eec8c3a0d69cee","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert Cloud Services CA-1","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Outlook.office.com","alpn":"h2,http\/1.1","fingerprint":"AA:D3:F5:66:06:48:AA:F8:8E:9B:79:D6:7F:1D:53:EA:3F:97:03:A2"}}}
01962{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1751,"source":"teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1587041682144166,"flow_src_last_pkt_time":1587041684314927,"flow_dst_last_pkt_time":1587041684501131,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":521,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1329,"flow_dst_tot_l4_payload_len":7087,"midstream":0,"thread_ts_usec":1587041684501131,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":3,"avg":146055.7,"max":2009785,"stddev":489503.9,"var":239614050304.0,"ent":1.7,"data": [12667,12766,154,12385,2459,251,14879,502,529,250,3,817,4854,17134,1376,20,13097,4,249,321,136,11841,14,11155,108,621,112917,113684,1998116,2009785,174632]},"pktlen": {"min":40,"avg":305.2,"max":1492,"stddev":468.1,"var":219152.8,"ent":3.8,"data": [64,52,40,257,46,1492,1492,40,1492,40,1492,181,40,198,46,366,109,40,40,133,78,561,46,78,40,46,46,440,40,342,46,345]},"bins": {"c_to_s": [9,1,1,0,1,0,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,1,1,0,1,0,0,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1,1,0,0,0,0,0,1,1,0,1,1,1,0,0,1,1],"entropies": [4.396777153,4.984685421,4.571928501,5.492863178,4.462504387,7.269914627,7.475378990,4.630641460,7.477076530,4.571928501,7.667408466,6.767431736,4.680641174,6.542833328,4.505983353,7.221371651,5.957443714,4.630641460,4.630640984,6.221683502,5.214766979,7.578815937,4.414441109,5.396905422,4.571928501,4.457919598,4.522393703,7.482207775,4.680641174,7.242818356,4.478915691,7.266457558]}}
01436{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1751,"source":"teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1587041682144166,"flow_src_last_pkt_time":1587041684314927,"flow_dst_last_pkt_time":1587041684501131,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":521,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1329,"flow_dst_tot_l4_payload_len":7087,"midstream":0,"thread_ts_usec":1587041684501131,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.config.teams.microsoft.com,config.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"0f14538e1c9070becdad7739c67d6363","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=config.teams.microsoft.com","alpn":"h2,http\/1.1","fingerprint":"B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA"}}}
00185{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1753,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1587041684611243}
00350{"packet_event_id":1,"packet_event_name":"packet","packet_id":1753,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041684501226,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
01948{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1756,"source":"teams.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1587041684306115,"flow_src_last_pkt_time":1587041684950374,"flow_dst_last_pkt_time":1587041684410372,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":3472,"flow_dst_tot_l4_payload_len":5797,"midstream":0,"thread_ts_usec":1587041684950374,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":1,"avg":24145.7,"max":539594,"stddev":94604.1,"var":8949939200.0,"ent":1.9,"data": [11504,11610,262,11878,32500,90,44163,247,1,223,3839,7741,325,72,14634,1492,13,4159,11,266,6513,474,6734,4309,9884,14215,10718,10725,539594,6,314]},"pktlen": {"min":40,"avg":331.5,"max":1492,"stddev":473.5,"var":224192.2,"ent":3.9,"data": [64,52,40,251,46,1492,1492,40,1492,80,40,198,133,578,172,46,366,109,40,40,78,46,78,40,46,689,40,359,40,1480,694,248]},"bins": {"c_to_s": [9,1,1,0,2,0,2,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0],"s_to_c": [5,2,1,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,1,1,0,1,1,0,0,0,0,0,1,1,1,0,0,0,1,1,0,1,1,0,1,0,0,0,0],"entropies": [4.428027153,4.893245220,4.521928310,5.397158146,4.505983353,6.671830177,7.464404583,4.630641460,7.577803612,5.737496376,4.680641174,6.516131401,6.154890537,7.647973537,6.500202656,4.505983353,7.196300030,5.817581654,4.611769199,4.561769485,5.250086308,4.457919598,5.392898560,4.630641460,4.522393227,7.690679073,4.680641174,7.335716724,4.680641174,7.846065521,7.720572472,6.957527637]}}
01901{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1756,"source":"teams.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1587041684306115,"flow_src_last_pkt_time":1587041684950374,"flow_dst_last_pkt_time":1587041684410372,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":3472,"flow_dst_tot_l4_payload_len":5797,"midstream":0,"thread_ts_usec":1587041684950374,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"substrate.office.com","tls": {"version":"TLSv1.2","server_names":"outlook.office.com,attachment.outlook.office.net,attachment.outlook.officeppe.net,bookings.office.com,delve.office.com,edge.outlook.office365.com,edgesdf.outlook.com,img.delve.office.com,outlook.live.com,outlook-sdf.live.com,outlook-sdf.office.com,sdfedge-pilot.outlook.com,substrate.office.com,substrate-sdf.office.com,afd-k-acdc-direct.office.com,beta-sdf.yammer.com,teams-sdf.yammer.com,beta.yammer.com,teams.yammer.com,attachments.office.net,attachments-sdf.office.net,afd-k.office.com,afd-k-sdf.office.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"a66ea560599a2f5c89eec8c3a0d69cee","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert Cloud Services CA-1","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Outlook.office.com","alpn":"h2,http\/1.1","fingerprint":"AA:D3:F5:66:06:48:AA:F8:8E:9B:79:D6:7F:1D:53:EA:3F:97:03:A2"}}}
00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1775,"source":"teams.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041685090830,"flow_src_last_pkt_time":1587041685090830,"flow_dst_last_pkt_time":1587041685090830,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685090830,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":61245,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -297,13 +291,9 @@
01126{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1846,"source":"teams.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1587041685251950,"flow_src_last_pkt_time":1587041685281210,"flow_dst_last_pkt_time":1587041685312634,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":246,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1587041685312634,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.7","src_port":60556,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"login.microsoftonline.com","tls": {"version":"TLSv1.2","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}}
01712{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1864,"source":"teams.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1587041685232231,"flow_src_last_pkt_time":1587041685327559,"flow_dst_last_pkt_time":1587041685327736,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041685327736,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60552,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}}}
01712{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1874,"source":"teams.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1587041685248604,"flow_src_last_pkt_time":1587041685350807,"flow_dst_last_pkt_time":1587041685350857,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":190,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":190,"flow_dst_tot_l4_payload_len":6079,"midstream":0,"thread_ts_usec":1587041685350857,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60555,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"986571066668055ae9481cb84fda634a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}}}
00188{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1897,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_usec":1587041685406369}
00361{"packet_event_id":1,"packet_event_name":"packet","packet_id":1897,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041685403983,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
01587{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1908,"source":"teams.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1587041685106192,"flow_src_last_pkt_time":1587041685420065,"flow_dst_last_pkt_time":1587041685420103,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":203,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":203,"flow_dst_tot_l4_payload_len":5962,"midstream":0,"thread_ts_usec":1587041685420103,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.15.45","src_port":60551,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"trouter2-asse-a.trouter.teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.trouter.teams.microsoft.com,go.trouter.io,*.drip.trouter.io,*.dc.trouter.io","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"986571066668055ae9481cb84fda634a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 2","subjectDN":"CN=*.trouter.teams.microsoft.com","fingerprint":"DD:24:DF:0E:F3:63:CC:10:B5:03:CF:34:EB:A5:14:8B:97:90:9B:D4"}}}
01964{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1936,"source":"teams.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1587041685240465,"flow_src_last_pkt_time":1587041685469669,"flow_dst_last_pkt_time":1587041685469973,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1082,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1426,"flow_dst_tot_l4_payload_len":15976,"midstream":0,"thread_ts_usec":1587041685469973,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":3,"avg":14797.2,"max":153955,"stddev":35697.7,"var":1274323968.0,"ent":2.8,"data": [12903,12995,473,12371,1988,1502,15362,129,134,115,3,85,21608,33026,11480,11732,109,11784,570,13396,140399,715,153955,248,230,250,250,503,25,129,243]},"pktlen": {"min":40,"avg":585.7,"max":1492,"stddev":671.4,"var":450756.0,"ent":4.0,"data": [64,52,40,226,46,1492,1492,40,1492,40,1492,168,40,147,46,91,46,91,40,1122,46,1492,1492,40,1317,40,1492,1492,40,40,1492,1492]},"bins": {"c_to_s": [10,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,10,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,0,1,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1],"entropies": [4.365527153,4.878727913,4.471928596,5.502106190,4.402616024,7.277978420,7.489027023,4.630640984,7.478912354,4.521928310,7.663036823,6.686788082,4.630640984,6.493359089,4.462505341,5.681205750,4.462504864,5.560394764,4.580641270,7.802004814,4.565872192,7.879904747,7.863986492,4.580641270,7.860152721,4.580640793,7.874552727,7.850657463,4.580641270,4.471928596,7.869473934,7.878328800]}}
01552{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1936,"source":"teams.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1587041685240465,"flow_src_last_pkt_time":1587041685469669,"flow_dst_last_pkt_time":1587041685469973,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1082,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1426,"flow_dst_tot_l4_payload_len":15976,"midstream":0,"thread_ts_usec":1587041685469973,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.config.teams.microsoft.com,config.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"7d8fd34fdb13a7fff30d5a52846b6c4c","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=config.teams.microsoft.com","fingerprint":"B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA"}}}
00185{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1979,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1587041685611278}
00350{"packet_event_id":1,"packet_event_name":"packet","packet_id":1979,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041685546646,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2018,"source":"teams.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041685984732,"flow_src_last_pkt_time":1587041685984732,"flow_dst_last_pkt_time":1587041685984732,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685984732,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2018,"source":"teams.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_src_last_pkt_time":1587041685984732,"flow_dst_last_pkt_time":1587041685984732,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041685984732,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGghTAqAEGNHHChOyNAbtKVk3bAAAAALAC\/\/8LQAAAAgQFtAEDAwUBAQgKMIS8GgAAAAAEAgAA"}
00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2019,"source":"teams.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_src_last_pkt_time":1587041685984732,"flow_dst_last_pkt_time":1587041685996890,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041685996890,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0TQBAAHUGACA0ccKEwKgBBgG77I3LqgPISlZN3IAS\/\/9gggAAAgQFoAEDAwgBAQQC"}
@@ -317,8 +307,6 @@
01180{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2046,"source":"teams.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041686239545,"flow_src_last_pkt_time":1587041686288562,"flow_dst_last_pkt_time":1587041686288146,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041686288562,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60559,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
01194{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2047,"source":"teams.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1587041686239545,"flow_src_last_pkt_time":1587041686288562,"flow_dst_last_pkt_time":1587041686339149,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1587041686339149,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60559,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
02239{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2074,"source":"teams.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1587041686239545,"flow_src_last_pkt_time":1587041686542441,"flow_dst_last_pkt_time":1587041686541501,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":14115,"flow_dst_tot_l4_payload_len":4699,"midstream":0,"thread_ts_usec":1587041686542441,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60559,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":2,"avg":19511.4,"max":52987,"stddev":22191.7,"var":492470496.0,"ent":3.9,"data": [48601,48710,307,51003,89,50699,16,253,253,1686,49778,48144,1391,5,2,50498,49101,4,2,3,37233,37219,5,11525,11515,965,36039,15972,52987,736,111]},"pktlen": {"min":52,"avg":640.9,"max":1492,"stddev":667.9,"var":446080.7,"ent":4.1,"data": [64,60,52,258,1492,1492,64,52,1375,52,145,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,52,985,52,52,497,52,83,52]},"bins": {"c_to_s": [9,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0],"s_to_c": [6,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,1,0,1,1,1,0,0,0],"entropies": [4.396777153,5.256567955,4.923395157,6.033491611,7.275527000,7.277948856,5.071470261,4.945419312,7.645617962,4.976373672,5.915142536,5.707202435,4.976374149,7.861220360,7.878036976,7.850315571,5.131024837,7.877380371,7.857055187,7.886486053,7.876827240,5.169486523,7.849795818,7.874622822,5.078045845,7.791067600,5.131024837,5.207948208,7.563468933,5.053297043,5.290699482,4.969671726]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud"}}
00185{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2076,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1587041686611252}
00350{"packet_event_id":1,"packet_event_name":"packet","packet_id":2076,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041686589907,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2077,"source":"teams.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041686659283,"flow_src_last_pkt_time":1587041686659283,"flow_dst_last_pkt_time":1587041686659283,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041686659283,"l3_proto":"ip4","src_ip":"192.168.1.112","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2077,"source":"teams.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_src_last_pkt_time":1587041686659283,"flow_dst_last_pkt_time":1587041686659283,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1587041686659283,"pkt":"\/\/\/\/\/\/\/\/jP5XIzfkCABFAABE9p0AAEAR\/0vAqAFwwKgB\/+EV4RUAME6OU3BvdFVkcDBE2bWZ25IvowABAADKIN8ICP0NzlEBuCwq6R7jWIhweQ=="}
00867{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2077,"source":"teams.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041686659283,"flow_src_last_pkt_time":1587041686659283,"flow_dst_last_pkt_time":1587041686659283,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041686659283,"l3_proto":"ip4","src_ip":"192.168.1.112","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Spotify","proto_id":"156","encrypted":1,"breed":"Acceptable","category_id":25,"category":"Music"}}
@@ -336,8 +324,6 @@
00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2196,"source":"teams.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041687370480,"flow_src_last_pkt_time":1587041687370480,"flow_dst_last_pkt_time":1587041687370480,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687370480,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":54069,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2196,"source":"teams.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_src_last_pkt_time":1587041687370480,"flow_dst_last_pkt_time":1587041687370480,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"thread_ts_usec":1587041687370480,"pkt":"EBMx8Tl2KDc3AG3ICABFAABF06EAAP8RZK7AqAEGwKgBAdM1ADUAMUK+cAQBAAABAAAAAAAAA2FwaQ9taWNyb3NvZnRzdHJlYW0DY29tAAABAAE="}
00998{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2196,"source":"teams.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041687370480,"flow_src_last_pkt_time":1587041687370480,"flow_dst_last_pkt_time":1587041687370480,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687370480,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":54069,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"api.microsoftstream.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
00188{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2198,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_usec":1587041687412781}
00361{"packet_event_id":1,"packet_event_name":"packet","packet_id":2198,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041687382278,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00792{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2201,"source":"teams.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_src_last_pkt_time":1587041687370480,"flow_dst_last_pkt_time":1587041687435320,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"thread_ts_usec":1587041687435320,"pkt":"KDc3AG3IEBMx8Tl2CABFAAD6rblAADkRD+LAqAEBwKgBBgA10zUA5gAAcASBgAABAAYAAAAAA2FwaQ9taWNyb3NvZnRzdHJlYW0DY29tAAABAAHADAAFAAEAAAe+AB8DYXBpBnN0cmVhbQ50cmFmZmljbWFuYWdlcgNuZXQAwDUABQABAAAAPAAJBmV1d2UtMcAMwGAABQABAAAEVQANCmV1d2UtMS1hcGnAQMB1AAUAAQAAACkACwhldXdlLTEtMcAMwI4ABQABAAAAwQApHWFtcy1ldXdlLTEtaG9zLWFwaWdhdGV3YXktMS0xCGNsb3VkYXBwwE\/ApQABAAEAAAANAARoKLuX"}
01017{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2201,"source":"teams.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041687370480,"flow_src_last_pkt_time":1587041687370480,"flow_dst_last_pkt_time":1587041687435320,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":222,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":222,"midstream":0,"thread_ts_usec":1587041687435320,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":54069,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"api.microsoftstream.com","dns": {"num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"104.40.187.151"}}}
00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2202,"source":"teams.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041687436782,"flow_src_last_pkt_time":1587041687436782,"flow_dst_last_pkt_time":1587041687436782,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687436782,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -346,8 +332,6 @@
00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2204,"source":"teams.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":3,"flow_src_last_pkt_time":1587041687466398,"flow_dst_last_pkt_time":1587041687466298,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041687466398,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGVVbAqAEGaCi7l+ySAbtvi5oJgZblB4AQEAkTrwAAAQEICjCEwbkBuRsf"}
01063{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2205,"source":"teams.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041687436782,"flow_src_last_pkt_time":1587041687466635,"flow_dst_last_pkt_time":1587041687466298,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687466635,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Azure","proto_id":"91.276","encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"api.microsoftstream.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}}
01712{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2226,"source":"teams.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1587041687245112,"flow_src_last_pkt_time":1587041687544052,"flow_dst_last_pkt_time":1587041687544137,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":412,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041687544137,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}}}
00185{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2238,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1587041687611308}
00350{"packet_event_id":1,"packet_event_name":"packet","packet_id":2238,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041687600094,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
02103{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2258,"source":"teams.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1587041687436782,"flow_src_last_pkt_time":1587041687725655,"flow_dst_last_pkt_time":1587041687725568,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1313,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2206,"flow_dst_tot_l4_payload_len":7143,"midstream":0,"thread_ts_usec":1587041687725655,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":3,"avg":18634.2,"max":125561,"stddev":31723.1,"var":1006353792.0,"ent":3.4,"data": [29516,29616,237,45747,220,45693,117,89,54,132,3,86,615,23250,232,30155,31,6115,4,245,22863,22646,1494,1434,2892,30,32749,246,30074,125513,125561]},"pktlen": {"min":52,"avg":345.2,"max":1492,"stddev":499.9,"var":249913.2,"ent":3.9,"data": [64,60,52,266,1492,1492,64,1492,52,52,1492,281,52,145,145,424,103,121,52,52,90,90,52,548,52,1365,135,52,94,52,510,52]},"bins": {"c_to_s": [12,1,3,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0],"s_to_c": [2,3,1,0,0,0,0,1,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,1,1,0,0,0,0,1,1,0,0,0,1,0,1,0,0,0,1,1,0,1,0],"entropies": [4.365527153,5.169149399,4.868495941,5.580047131,7.357915878,7.526344776,4.919355392,7.363313675,4.945419312,4.786791325,7.588277340,7.143245697,4.983880997,5.918394089,6.257330894,7.398386002,5.555244923,6.105889320,4.945419312,4.945419312,5.368302345,5.567127228,4.945419312,7.528010845,4.983880997,7.854734421,6.103594780,5.100070000,5.655968666,4.983880520,7.545987606,4.861793995]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Azure","proto_id":"91.276","encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2259,"source":"teams.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041687731296,"flow_src_last_pkt_time":1587041687731296,"flow_dst_last_pkt_time":1587041687731296,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687731296,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62735,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2259,"source":"teams.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_src_last_pkt_time":1587041687731296,"flow_dst_last_pkt_time":1587041687731296,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1587041687731296,"pkt":"EBMx8Tl2KDc3AG3ICABFAABM83AAAP8RRNjAqAEGwKgBAfUPADUAOAAFY+UBAAABAAAAAAAABmV1bm8tMQNhcGkPbWljcm9zb2Z0c3RyZWFtA2NvbQAAAQAB"}
@@ -361,14 +345,6 @@
00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2265,"source":"teams.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_src_last_pkt_time":1587041687745932,"flow_dst_last_pkt_time":1587041687789261,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041687789261,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8GLFAAGwGRTw0qbp3wKgBBgG77JMQ1B2QYdMMyKASIACACgAAAgQFoAEDAwgEAggKASJ3bTCEwsc="}
00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2266,"source":"teams.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_src_last_pkt_time":1587041687789367,"flow_dst_last_pkt_time":1587041687789261,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041687789367,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGifXAqAEGNKm6d+yTAbth0wzIENQdkYAQEAm+kQAAAQEICjCEwvABIndt"}
01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2267,"source":"teams.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041687745932,"flow_src_last_pkt_time":1587041687789561,"flow_dst_last_pkt_time":1587041687789261,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":221,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":221,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687789561,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.169.186.119","src_port":60563,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Azure","proto_id":"91.276","encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"euno-1.api.microsoftstream.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}}
00185{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2311,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1587041688611359}
00350{"packet_event_id":1,"packet_event_name":"packet","packet_id":2311,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041688190082,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00188{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2313,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_usec":1587041689410919}
00361{"packet_event_id":1,"packet_event_name":"packet","packet_id":2313,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041688190082,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00185{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2314,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1587041689611350}
00350{"packet_event_id":1,"packet_event_name":"packet","packet_id":2314,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041688190082,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00185{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2316,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1587041690611386}
00350{"packet_event_id":1,"packet_event_name":"packet","packet_id":2316,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041688190082,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2317,"source":"teams.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041690880711,"flow_src_last_pkt_time":1587041690880711,"flow_dst_last_pkt_time":1587041690880711,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041690880711,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63930,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2317,"source":"teams.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_src_last_pkt_time":1587041690880711,"flow_dst_last_pkt_time":1587041690880711,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1587041690880711,"pkt":"EBMx8Tl2KDc3AG3ICABFAABSJv0AAP8REUbAqAEGwKgBAfm6ADUAPoc2eGoBAAABAAAAAAAAAmRjE2FwcGxpY2F0aW9uaW5zaWdodHMJbWljcm9zb2Z0A2NvbQAAAQAB"}
01017{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2317,"source":"teams.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041690880711,"flow_src_last_pkt_time":1587041690880711,"flow_dst_last_pkt_time":1587041690880711,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041690880711,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63930,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","proto_id":"5.212","encrypted":0,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"dc.applicationinsights.microsoft.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
@@ -391,26 +367,18 @@
00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2354,"source":"teams.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":3,"flow_src_last_pkt_time":1587041691169076,"flow_dst_last_pkt_time":1587041691168973,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041691169076,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG2JvAqAEGNHJsCOyVAbumbhw+rneBYYAQEAml0QAAAQEICjCE0AhSqiqs"}
01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2355,"source":"teams.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041691149774,"flow_src_last_pkt_time":1587041691169247,"flow_dst_last_pkt_time":1587041691168973,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":222,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":222,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041691169247,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.108.8","src_port":60565,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"emea.ng.msg.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}}
01085{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2356,"source":"teams.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1587041691149774,"flow_src_last_pkt_time":1587041691169247,"flow_dst_last_pkt_time":1587041691190981,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":222,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":222,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1587041691190981,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.108.8","src_port":60565,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"emea.ng.msg.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}}
00188{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2416,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_usec":1587041691410839}
00361{"packet_event_id":1,"packet_event_name":"packet","packet_id":2416,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041691399733,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
02105{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2417,"source":"teams.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1587041691149774,"flow_src_last_pkt_time":1587041691305451,"flow_dst_last_pkt_time":1587041691582252,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":994,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2028,"flow_dst_tot_l4_payload_len":8121,"midstream":0,"thread_ts_usec":1587041691582252,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.108.8","src_port":60565,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":3,"avg":18972.7,"max":276869,"stddev":49493.9,"var":2449644032.0,"ent":2.9,"data": [19199,19302,171,22008,34,21827,18,184,203,246,14,193,1070,12295,280,19893,29,6313,3,603,11971,11399,1472,1415,54998,62106,42,25528,33,18437,276869]},"pktlen": {"min":52,"avg":370.2,"max":1492,"stddev":512.1,"var":262257.7,"ent":3.9,"data": [64,60,52,274,1492,1492,64,52,1492,52,1492,471,52,178,145,525,103,121,52,52,90,90,52,511,52,52,1046,134,52,94,52,1335]},"bins": {"c_to_s": [11,1,2,1,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,3,1,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,1,1,0,0,0,0,1,1,0,0,0,1,0,1,0,1,0,0,1,1,0,1],"entropies": [4.396777153,5.256567478,4.923395634,5.577177048,7.100010395,7.346216679,4.975505829,4.976374149,7.520713806,4.854287148,7.591184139,7.492725372,4.937912464,6.281796932,6.325607300,7.565563679,5.628156662,5.942033768,4.976374149,4.937912464,5.421134472,5.660066128,5.014835358,7.536164761,4.976373672,5.169486523,7.784315586,6.192806721,5.169486523,5.596017838,5.014835358,7.848025322]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}}
00185{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2419,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1587041691611256}
00350{"packet_event_id":1,"packet_event_name":"packet","packet_id":2419,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041691582349,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
02106{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2430,"source":"teams.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1587041682376166,"flow_src_last_pkt_time":1587041682938651,"flow_dst_last_pkt_time":1587041692001418,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1060,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":2113,"flow_dst_tot_l4_payload_len":7396,"midstream":0,"thread_ts_usec":1587041692001418,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.76.48","src_port":60544,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":2,"avg":328636.7,"max":8978171,"stddev":1582353.1,"var":2503841415168.0,"ent":0.8,"data": [47150,47228,506,44398,29,43913,16,46,186,124,2,213,4,4433,9743,291,46519,32116,477,409,98,18910,1378,20235,62883,403234,424977,8978171,32,9,7]},"pktlen": {"min":40,"avg":339.2,"max":1492,"stddev":486.1,"var":236250.5,"ent":3.9,"data": [64,52,40,276,1492,1492,52,40,40,1492,1492,309,40,40,198,133,568,91,40,109,40,78,46,409,40,46,1100,46,411,415,86,78]},"bins": {"c_to_s": [10,1,1,0,1,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,3,1,0,0,0,0,0,1,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,0,0,0,1,1,1,0,0,0,0,0,1,0,1,0,0,1,1,0,1,0,1,1,1,1,1],"entropies": [4.334277153,4.946223736,4.571928501,5.576080799,7.377434731,7.334023952,4.748329639,4.630640984,4.571928501,7.530410290,7.590536594,7.109602451,4.680641174,4.630641460,6.484649181,6.111595631,7.563093662,5.442209721,4.630641460,5.902398109,4.630641460,5.214766979,4.462505341,7.402733803,4.680641174,4.505983353,7.828750610,4.609350681,7.428915024,7.453095436,5.564571857,5.463537216]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}}
00760{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2438,"source":"teams.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041692528594,"flow_src_last_pkt_time":1587041692528594,"flow_dst_last_pkt_time":1587041692528594,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":120,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1587041692528594,"l3_proto":"ip4","src_ip":"151.11.50.139","dst_ip":"192.168.1.6","src_port":2222,"dst_port":54750,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2438,"source":"teams.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_src_last_pkt_time":1587041692528594,"flow_dst_last_pkt_time":1587041692528594,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_usec":1587041692528594,"pkt":"KDc3AG3IEBMx8Tl2CABFAACscMtAADIGTDyXCzKLwKgBBgiu1d6yibcLw8sjj4AYAfWSMAAAAQEICnMgXuAwhCbwdBDZH1X2LNSHenV0XPT5UOuNQPq3DAtDODIIsZ4L3xE8W9ceOtMh\/taRn1i3oYCG\/lk5DiXu3JH7RFT8gb0ANFHp9LfVVHPD+A0sB0\/WJaUdO\/QQPvH9sYa9nCylNS5SUfWnuhHHtKPL+2Ql1DSrQI\/KjFfe6Sr3"}
00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2439,"source":"teams.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_src_last_pkt_time":1587041692528594,"flow_dst_last_pkt_time":1587041692528684,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041692528684,"pkt":"EBMx8Tl2KDc3AG3ICABFSAA0AABAAEAGrzfAqAEGlwsyi9XeCK7DyyOPsom3g4AQD\/zTvAAAAQEICjCE1UVzIF7g"}
00627{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2440,"source":"teams.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":3,"flow_src_last_pkt_time":1587041692528594,"flow_dst_last_pkt_time":1587041692528752,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1587041692528752,"pkt":"EBMx8Tl2KDc3AG3ICABFSAB8AABAAEAGru\/AqAEGlwsyi9XeCK7DyyOPsom3g4AYEADukgAAAQEICjCE1UVzIF7g5AplDBJ5jEkO1U2Mpra9\/PbG6UC\/FVXGQ5pEnr4zSbP3LnLXhdyZOGgH9qsJLTZHLgDXKr5t+q9K3Mvbm5JFapBhK16BH5zD"}
00185{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2442,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1587041692611278}
00350{"packet_event_id":1,"packet_event_name":"packet","packet_id":2442,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041692578366,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00755{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2443,"source":"teams.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041692808980,"flow_src_last_pkt_time":1587041692808980,"flow_dst_last_pkt_time":1587041692808980,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041692808980,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2443,"source":"teams.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_src_last_pkt_time":1587041692808980,"flow_dst_last_pkt_time":1587041692808980,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041692808980,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+gHAqAEGp2PXpOyWEVIVrX6QAAAAALAC\/\/9dQAAAAgQFtAEDAwUBAQgKMITWWwAAAAAEAgAA"}
00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2444,"source":"teams.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_src_last_pkt_time":1587041692808980,"flow_dst_last_pkt_time":1587041692880898,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041692880898,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGBganY9ekwKgBBhFS7JY0lYWJFa1+kaAS\/ohhIwAAAgQFrAQCCAoTeUD2MITWWwEDAwc="}
00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2445,"source":"teams.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":3,"flow_src_last_pkt_time":1587041692880999,"flow_dst_last_pkt_time":1587041692880898,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041692880999,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+g3AqAEGp2PXpOyWEVIVrX6RNJWFioAQECx9\/QAAAQEICjCE1qITeUD2"}
01237{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2446,"source":"teams.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041692808980,"flow_src_last_pkt_time":1587041692881339,"flow_dst_last_pkt_time":1587041692880898,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041692881339,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"dati.ntop.org","tls": {"version":"TLSv1.2","ja3":"7120d65624bcd2e02ed4b01388d84cdb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
01295{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2448,"source":"teams.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1587041692808980,"flow_src_last_pkt_time":1587041692881339,"flow_dst_last_pkt_time":1587041692953141,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":152,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":152,"midstream":0,"thread_ts_usec":1587041692953141,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"dati.ntop.org","tls": {"version":"TLSv1.2","ja3":"7120d65624bcd2e02ed4b01388d84cdb","ja3s":"410b9bedaf65dd26c6fe547154d60db4","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
00188{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2463,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_usec":1587041693412749}
00361{"packet_event_id":1,"packet_event_name":"packet","packet_id":2463,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041693383476,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2464,"source":"teams.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693428391,"flow_src_last_pkt_time":1587041693428391,"flow_dst_last_pkt_time":1587041693428391,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":977,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":977,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":977,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693428391,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":51681,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01822{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2464,"source":"teams.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693428391,"flow_dst_last_pkt_time":1587041693428391,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1019,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1019,"pkt_l4_len":985,"thread_ts_usec":1587041693428391,"pkt":"EBMx8Tl2KDc3AG3ICABFAAPt48gAAEART4\/AqAEGNHJNiMnhDZYD2eNwBl3+t6o2WT+OKw\/oTFMopoursiGTBsvvLvg3wuBfZT1pBB1vO2396s1T+U1VujmCqj4L5tMtU2F\/1TQzFXSUlw7M8VMfNQQRkYM68GVjRmInITISf9xExqdFNNQs5RQE95Yd7wUQ0WB34xO5EY6WIo8x\/N\/uDXPR3dWPSffY9Pjxt3AuIhSE\/33TPi9IZfwvBkn0Ytl+OD1doGxH0KzkYpDzBS9hB1dBsT+zr8uYQ4OitShMofb6WewMwiNNfNExsV6iWN3hyOrqzEPoHJ8xMa7bW1q9BLkbd5BDoIOv\/MoJUwfM2rHFjSZuGzr\/wQ6fSJlA+ga+XWQ5cCOxemM862mQg5uhFhBag2VuzDKpysLY0ZCqnKz91R2yhrxoXReoN9yIxCUIquc7SAW\/92cRId8y07O6L1X8x\/aDl3FC0Al6caV7h\/r8ddpLTlDH6yLNlYfOWE7QuJLs4lty891N9hHky+P7SbB6VN0+eXLlpdIKbixmAmCZ1p6\/DFecrkQrfBusU7fCQ0m5UtC7A9xyYw8qrbidfp8KJduef6Xu3BA4D0YD6FFqNyrfEvkjpJ+3rNXlm\/vqN6+pA7Pyjrxbc8hNlLHZHBWyirKyjtN28dUXzlP+LsRPGNdQvqJFK3pV96V25LmYF5yiAGBc2dVjL3CV3I8BZIc1iv9PSXq8u5cmF3NAvFW+ejj0aUJys0KqSuB+SsBchm0XJNdD1T31o3cnzHzdRkPqsYgQxN+TMH4xz2ipnYwRm5mpiVbDbtght4DZhZkINSjZm+P+w6KJ1sJkRZyTcItShxjipY0pc0YcI\/iPO8Kihnfm0h7aZYr8JbNTXfrRfggxMyqgTWxlobhHKsiboGB5nz9mqNXgN5f2w6aCT8Ygr4J\/d\/M8CNiCRT+CKMTqRpDBqIcnsL3KBgSmI2li51fHmCYLknW2Aw3F82bIDyzOvtteFfeZxum8+GIS5JvJh64JDL9hUaT9FEJ6txlWLszG+bg1use4IiVMiF2jfKWFA1eFZRDjiQXrMStv0vPT1Ma73OvVsZAHSptss39ti+ltbCNxC0S+MDiB1jQrFVUZ5nHLM44PsanYQ\/0cpyVO6zbbzjzXTUfs+tAIMkUNPFZtCs1rFpKhkI3NcGs+yvSb4SV1GxhoDHVRpRNuKqFbFinCHp\/37lAaE9HGUTnfhxGhnCIfOfHIUUAT3eHul9H3b0Z8OnLYIK1ZDLQGkd0pzOUxUVHtQtXMulhXsHz7fr\/A21yG\/8b8NgTEX+gU6e+h1l0XisCpHYMfVCMz3mHn3ia\/HdLRjG51YnI="}
00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2480,"source":"teams.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693428391,"flow_dst_last_pkt_time":1587041693474528,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_usec":1587041693474528,"pkt":"KDc3AG3IEBMx8Tl2CABFAABBNJIAAGwR1nE0ck2IwKgBBg2WyeEALeCzAzNiZmY2YTE1LTY4NDEtNDYwNy04YzI3LTllY2ViOWVlZDkzYg=="}
@@ -438,8 +406,6 @@
00787{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2494,"source":"teams.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693597783,"flow_dst_last_pkt_time":1587041693597783,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"thread_ts_usec":1587041693597783,"pkt":"EBMx8Tl2KDc3AG3ICABFAADyLLYAAEARXJfAqAEGNHL6jcNgDZYA3iTJAAMAwiESpEIiL+\/H85JL0bmXJ+QADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAKAlQAIfyDE3U+EjfoAFAAUAk7L+IJ6YNZTBt6\/p32H0UQC3V0AFQAKInJ0Y21lZGlhIgAGADgCAAAkkKDb2wHWGU3iFTe\/yZKgAzJzGvG+3Faa6DvVqwAAAAC\/cbJ2yXgTqN3v61y8eTonekzmPAAIACB+ROZSH0cQpVQPYpCmfWn5X6jy8HHHqFihd3XDn9tzDQ=="}
00952{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2494,"source":"teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041693597783,"flow_dst_last_pkt_time":1587041693597783,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693597783,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Teams","proto_id":"78.250","encrypted":0,"breed":"Safe","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}}
01197{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2495,"source":"teams.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1587041693516414,"flow_src_last_pkt_time":1587041693561676,"flow_dst_last_pkt_time":1587041693608822,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":1452,"midstream":0,"thread_ts_usec":1587041693608822,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"euaz.tr.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
00185{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2510,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1587041693611228}
00350{"packet_event_id":1,"packet_event_name":"packet","packet_id":2510,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041693609281,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00757{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2511,"source":"teams.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693611913,"flow_src_last_pkt_time":1587041693611913,"flow_dst_last_pkt_time":1587041693611913,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693611913,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2511,"source":"teams.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693611913,"flow_dst_last_pkt_time":1587041693611913,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1587041693611913,"pkt":"EBMx8Tl2KDc3AG3ICABFAABgfyMAAEARCrzAqAEGNHL6jcNhDZYATBjuAAMAMCESpELalY8VcoE3uJ+0vVMADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAI="}
00949{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2511,"source":"teams.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693611913,"flow_src_last_pkt_time":1587041693611913,"flow_dst_last_pkt_time":1587041693611913,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693611913,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Teams","proto_id":"78.250","encrypted":0,"breed":"Safe","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":1,"num_binding_requests":0,"num_processed_pkts":0}}}
@@ -483,8 +449,6 @@
00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2638,"source":"teams.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":3,"flow_src_last_pkt_time":1587041694262870,"flow_dst_last_pkt_time":1587041694262764,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041694262870,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAG9yfAqAEGNHJNiOyXAbs8mpancOM\/AVAQIADasgAA"}
01190{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2639,"source":"teams.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041694219802,"flow_src_last_pkt_time":1587041694263191,"flow_dst_last_pkt_time":1587041694262764,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":195,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":195,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041694263191,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":60567,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"api.flightproxy.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
01204{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2641,"source":"teams.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1587041694219802,"flow_src_last_pkt_time":1587041694263191,"flow_dst_last_pkt_time":1587041694308351,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":195,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":195,"flow_dst_tot_l4_payload_len":1452,"midstream":0,"thread_ts_usec":1587041694308351,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":60567,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"api.flightproxy.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
00185{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2658,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1587041694611281}
00350{"packet_event_id":1,"packet_event_name":"packet","packet_id":2658,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041694571700,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00758{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2665,"source":"teams.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278787,"flow_src_last_pkt_time":1587041695278787,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695278787,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00650{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2665,"source":"teams.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_src_last_pkt_time":1587041695278787,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695278787,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMhisAAEARcdvAqAEGwKgABMNgw1UAeNtRAAEAXCESpELGQpqANK6irJWNCoEABgAJbzUvSTpGWTMyAAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUNaR7w6XgHLmtRZxpBWKVkGuwhq2AKAAE+3W4lQ=="}
01082{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2665,"source":"teams.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278787,"flow_src_last_pkt_time":1587041695278787,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695278787,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.Teams","proto_id":"78.250","encrypted":0,"breed":"Safe","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}}
@@ -505,8 +469,6 @@
00864{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2675,"source":"teams.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695381585,"flow_dst_last_pkt_time":1587041693654732,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1587041695381585,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEsXTYAAEARK+HAqAEGNHL6icN0DZYBGMK2AAQA\/CESpEIeamDBSEqcaMKGtFYADwAEcsZLxoAIAAQAAAAGAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8ABEACAABP81dR27NABMAfAABAGghEqRCa6gY9jQ3F4QYLRqEAAYACUpGd2o6K21JdgAAAIAqAAgAAH+KUoZYAIBwAAQAAAAHgDYABAAAAAEAJAAEbv\/4\/4CVAAhb5VsGDC2J+oA3AAQAAAACAAgAFGPigS6EUGSGggUbRbFSk1APqJ0agCgABKpfQ2cACAAguGTqGqFZLfExfohAPRW3NYW9D0LDg15vdpj82BiyuIs="}
00708{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2677,"source":"teams.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":3,"flow_src_last_pkt_time":1587041695381451,"flow_dst_last_pkt_time":1587041695389155,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1587041695389155,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC4fJgAAGwR4O40cvqNwKgBBg2Ww2AApNd+ARUAiMLWdk9T8dgTMFhVlH2+EmsADwAEcsZLxgASAAgAAT\/MXUduzQATAHAAAQBcIRKkQpOT7iqoT5owckEG1gAGAAlGWTMyOm81L0kAAACAKQAIAAB\/7V4FjgCAcAAEAAAAB4A2AAQAAAABACQABG7\/\/f6ANwAEAAAAAgAIABQwsyB\/3AcVNGFmgIYtfHOO0Vm54oAoAAR90b9H"}
00709{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2678,"source":"teams.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":3,"flow_src_last_pkt_time":1587041695381585,"flow_dst_last_pkt_time":1587041695389378,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1587041695389378,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC4VxkAAGwRBnI0cvqJwKgBBg2Ww3QApCdjARUAiE\/LrilDXPJWtp6yDikzcPIADwAEcsZLxgASAAgAAT\/NXUduzQATAHAAAQBcIRKkQlPk9TFAsI2GK+OZoAAGAAkrbUl2OkpGd2oAAACAKQAIAAB\/7V4FjgCAcAAEAAAAB4A2AAQAAAABACQABG7\/\/f6ANwAEAAAAAgAIABQqoNaJl5j6Qph3wmShySpejyG1ZYAoAAR\/OzfK"}
00188{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2681,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_usec":1587041695413161}
00361{"packet_event_id":1,"packet_event_name":"packet","packet_id":2681,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041695407379,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2682,"source":"teams.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695421892,"flow_src_last_pkt_time":1587041695421892,"flow_dst_last_pkt_time":1587041695421892,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695421892,"l3_proto":"ip4","src_ip":"52.114.252.21","dst_ip":"192.168.1.6","src_port":3480,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00665{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2682,"source":"teams.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_src_last_pkt_time":1587041695421892,"flow_dst_last_pkt_time":1587041695421892,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1587041695421892,"pkt":"KDc3AG3IEBMx8Tl2CABFAACYUPwAAGwRCyM0cvwVwKgBBg2Yw3QAhCaSAAEAaCESpEK59F1PLtIJs2rQCYoABgAJK21JdjpKRndqAAAAgCkACAAAf+1eBY4AgHAABAAAAAeANgAEAAAAAQAkAARu\/\/n+gJUACGUfNM4ueRX8gDcABAAAAAIACAAUDNg3puCxSSnyiCvs+zLb4wfWy9WAKAAEDuovdw=="}
01098{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2682,"source":"teams.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695421892,"flow_src_last_pkt_time":1587041695421892,"flow_dst_last_pkt_time":1587041695421892,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695421892,"l3_proto":"ip4","src_ip":"52.114.252.21","dst_ip":"192.168.1.6","src_port":3480,"dst_port":50036,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}}
@@ -518,22 +480,14 @@
02229{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2690,"source":"teams.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1587041693516414,"flow_src_last_pkt_time":1587041693824623,"flow_dst_last_pkt_time":1587041695435566,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":477,"flow_dst_tot_l4_payload_len":6361,"midstream":0,"thread_ts_usec":1587041695435566,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":1,"avg":71850.4,"max":1566873,"stddev":274680.6,"var":75449425920.0,"ent":1.9,"data": [44968,45079,183,47440,47249,164,13,124,2,107,17,104,3,107,2,120,2,1,8026,8,35,52434,1246,45626,48613,92238,43679,69083,272,113543,1566873]},"pktlen": {"min":40,"avg":256.9,"max":1492,"stddev":427.0,"var":182315.3,"ent":3.7,"data": [64,52,40,227,1492,52,1492,588,52,52,1492,588,52,40,588,166,40,40,40,147,46,85,46,91,40,141,224,40,71,40,46,46]},"bins": {"c_to_s": [15,1,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,0,1,1,0,0,1,1,0,0,1,1,0,0,0,0,0,0,1,1,0,0,1,0,0,0,1,1],"entropies": [4.396777153,4.946223736,4.453056812,5.436062336,7.472877979,4.624014378,7.357961178,6.174726009,4.707639694,4.669178009,7.651301384,7.035131931,4.669178009,4.492897511,7.576755524,6.572272301,4.384184361,4.492897511,4.492897034,6.376044750,4.495644569,5.773638725,4.565871716,5.388861179,4.561769009,6.442826271,6.864662647,4.511769295,5.438062191,4.384184361,4.565872192,4.565872192]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}}
00650{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2696,"source":"teams.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695586059,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695586059,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMZh4AAEARkejAqAEGwKgABMNgw1UAeNtRAAEAXCESpELGQpqANK6irJWNCoEABgAJbzUvSTpGWTMyAAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUNaR7w6XgHLmtRZxpBWKVkGuwhq2AKAAE+3W4lQ=="}
00652{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2697,"source":"teams.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695586146,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695586146,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMyucAAEARLR\/AqAEGwKgABMN0w2QAeBWjAAEAXCESpEJMnOcpR8XuRjfgdwcABgAJSkZ3ajorbUl2AAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUZBvpMZrPL2uguq2xDA1A6CBjF+2AKAAEncV\/3g=="}
00185{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2699,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1587041695611288}
00350{"packet_event_id":1,"packet_event_name":"packet","packet_id":2699,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041695591686,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00650{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2701,"source":"teams.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":3,"flow_src_last_pkt_time":1587041695890424,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695890424,"pkt":"EBMx8Tl2KDc3AG3ICABFAACM6boAAEARDkzAqAEGwKgABMNgw1UAeNtRAAEAXCESpELGQpqANK6irJWNCoEABgAJbzUvSTpGWTMyAAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUNaR7w6XgHLmtRZxpBWKVkGuwhq2AKAAE+3W4lQ=="}
00651{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2702,"source":"teams.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":3,"flow_src_last_pkt_time":1587041695890513,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695890513,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMMbQAAEARxlLAqAEGwKgABMN0w2QAeBWjAAEAXCESpEJMnOcpR8XuRjfgdwcABgAJSkZ3ajorbUl2AAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUZBvpMZrPL2uguq2xDA1A6CBjF+2AKAAEncV\/3g=="}
00185{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2715,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1587041696611304}
00350{"packet_event_id":1,"packet_event_name":"packet","packet_id":2715,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041696574201,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2730,"source":"teams.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041697061972,"flow_src_last_pkt_time":1587041697061972,"flow_dst_last_pkt_time":1587041697061972,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041697061972,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60568,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2730,"source":"teams.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_src_last_pkt_time":1587041697061972,"flow_dst_last_pkt_time":1587041697061972,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041697061972,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGxpHAqAEGKE+KKeyYAbtVmTcwAAAAALAC\/\/8wcwAAAgQFtAEDAwUBAQgKMITmwQAAAAAEAgAA"}
00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2731,"source":"teams.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":2,"flow_src_last_pkt_time":1587041697061972,"flow_dst_last_pkt_time":1587041697091344,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041697091344,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8X+VAAG4GOLAoT4opwKgBBgG77Jhhqm+9VZk3MaASIADeAQAAAgQFoAEDAwgEAggKC\/ZmGDCE5sE="}
00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2732,"source":"teams.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":3,"flow_src_last_pkt_time":1587041697091452,"flow_dst_last_pkt_time":1587041697091344,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041697091452,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGxp3AqAEGKE+KKeyYAbtVmTcxYapvvoAQEAkclQAAAQEICjCE5t4L9mYY"}
01092{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2733,"source":"teams.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041697061972,"flow_src_last_pkt_time":1587041697092026,"flow_dst_last_pkt_time":1587041697091344,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041697092026,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60568,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Azure","proto_id":"91.276","encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"gate.hockeyapp.net","tls": {"version":"TLSv1.2","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}}
01106{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2734,"source":"teams.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1587041697061972,"flow_src_last_pkt_time":1587041697092026,"flow_dst_last_pkt_time":1587041697123566,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1587041697123566,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60568,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Azure","proto_id":"91.276","encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"gate.hockeyapp.net","tls": {"version":"TLSv1.2","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}}
00188{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2753,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_usec":1587041697412826}
00361{"packet_event_id":1,"packet_event_name":"packet","packet_id":2753,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041697244908,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00185{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2761,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1587041697611318}
00350{"packet_event_id":1,"packet_event_name":"packet","packet_id":2761,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041697604150,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00724{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2767,"source":"teams.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041697660621,"flow_src_last_pkt_time":1587041697660621,"flow_dst_last_pkt_time":1587041697660621,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041697660621,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2767,"source":"teams.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_src_last_pkt_time":1587041697660621,"flow_dst_last_pkt_time":1587041697660621,"flow_idle_time":140000000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1587041697660621,"pkt":"KDc3AG3IEBMx8Tl2CABFoAA40fgAADUBJWpdR27NwKgBBgMDcCsAAAAARQAASh2AAAAyEd1gwKgBBl1Hbs3DdD\/NADaJWQ=="}
00849{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2767,"source":"teams.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041697660621,"flow_src_last_pkt_time":1587041697660621,"flow_dst_last_pkt_time":1587041697660621,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041697660621,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","l4_proto":"icmp","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":4.321296}}
@@ -625,7 +579,7 @@
00909{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041694221137,"flow_src_last_pkt_time":1587041694221137,"flow_dst_last_pkt_time":1587041694234511,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":134,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":134,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60837,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","encrypted":0,"breed":"Safe","category_id":15,"category":"Collaborative"}}
00920{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1587041687436782,"flow_src_last_pkt_time":1587041687725655,"flow_dst_last_pkt_time":1587041687725568,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1313,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2206,"flow_dst_tot_l4_payload_len":7143,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Azure","proto_id":"91.276","encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
00909{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041685093044,"flow_src_last_pkt_time":1587041685093044,"flow_dst_last_pkt_time":1587041685127636,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":53,"flow_dst_max_l4_payload_len":174,"flow_src_tot_l4_payload_len":53,"flow_dst_tot_l4_payload_len":174,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":50653,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","encrypted":0,"breed":"Safe","category_id":15,"category":"Collaborative"}}
00571{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","packets-captured":2817,"packets-processed":2775,"total-skipped-flows":0,"total-l4-payload-len":1327851,"total-not-detected-flows":1,"total-guessed-flows":2,"total-detected-flows":80,"total-detection-updates":64,"total-updates":0,"current-active-flows":0,"total-active-flows":83,"total-idle-flows":83,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":628,"global_ts_usec":1587041698021081}
00571{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","packets-captured":2817,"packets-processed":2775,"total-skipped-flows":0,"total-l4-payload-len":1327851,"total-not-detected-flows":1,"total-guessed-flows":2,"total-detected-flows":80,"total-detection-updates":64,"total-updates":0,"current-active-flows":0,"total-active-flows":83,"total-idle-flows":83,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":582,"global_ts_usec":1587041698021081}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 2817/2775
~~ skipped flows.............: 0
@@ -638,6 +592,6 @@
~~ total memory freed........: 7189420 bytes
~~ total allocations/frees...: 125561/125561
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 187 chars
~~ json string min len.......: 287 chars
~~ json string max len.......: 2286 chars
~~ json string avg len.......: 1236 chars
~~ json string avg len.......: 1286 chars

10
test/results/tls_invalid_reads.pcap.out
View File

@@ -12,11 +12,11 @@
00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1421985541772794,"flow_dst_last_pkt_time":1421985541772794,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"thread_ts_usec":1421985541772794,"pkt":"AAOf2SAhEFbKCIWJCABFAAAyM2VAAH8GFrhKUKBjQ9lNHAy6AbvQcb+g7Sa+J1AY\/QKZOwAlAAMBAAUBAAABAQ=="}
01037{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1252380859868541,"flow_src_last_pkt_time":1252380859943054,"flow_dst_last_pkt_time":1252380859942787,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":102,"flow_dst_max_l4_payload_len":851,"flow_src_tot_l4_payload_len":102,"flow_dst_tot_l4_payload_len":1329,"midstream":0,"thread_ts_usec":1421985541772794,"l3_proto":"ip4","src_ip":"192.168.10.101","dst_ip":"206.33.61.113","src_port":3967,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00566{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":10,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","packets-captured":10,"packets-processed":9,"total-skipped-flows":0,"total-l4-payload-len":1441,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_usec":1544035479538596}
00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":10,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1544035479538596}
00298{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1544035479538596,"packet_id":10,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1544035479538596}
00452{"packet_event_id":1,"packet_event_name":"packet","packet_id":10,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":118,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":118,"pkt_l4_len":0,"thread_ts_usec":1421985541772794,"pkt":"AAAAAAAFYAgQGhx\/gQBsn4EAYAIIAEVoAGDVegAA\/xG3XAruJEAK7vQxCGgIaABMAAAw\/wA8B+zklkUAADyx3UAAQAbcAwq\/ixE23eAt5LgBu\/kVfJ4AAAAAoAL\/\/3GmAAACBAW0BAIICgAUzUMAAAAAAQMDBg=="}
00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":11,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1544035479721867}
00298{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1544035479721867,"packet_id":11,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1544035479721867}
00447{"packet_event_id":1,"packet_event_name":"packet","packet_id":11,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":118,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":118,"pkt_l4_len":0,"thread_ts_usec":1421985541772794,"pkt":"AAAAAAAFYAgQGhx\/gQAMn4EAAAIIAEVoAGBxLwAAOxHfqAru9DEK7iRACGgIaABMAAAw\/wA8AABhskUAADwAAEAA5Abp4Dbd4C0Kv4sRAbvkuBpaSBv5FXyfoBJxILDEAAACBAV4BAIICh1e0BYAFM1DAQMDCA=="}
00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":12,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1544035479768404}
00298{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":3,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1544035479768404,"packet_id":12,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1544035479768404}
00726{"packet_event_id":1,"packet_event_name":"packet","packet_id":12,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":324,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":324,"pkt_l4_len":0,"thread_ts_usec":1421985541772794,"pkt":"AAAAAAAFYAgQGhx\/gQBsn4EAYAIIAEVoAS7V9AAA\/xG2FAruJEAK7vQxCGgIaAEaAAAw\/wEKB+zklkUAAOux30AAQAbbUgq\/ixE23eAt5LgBu\/kVfJ8aWkgcgBgFWRb9AAABAQgKABTNax1e0BYWAwEAsgEAAK4DA+Jfj3VZ7Se+llOF2hoK\/0SOWa4JB8kGoFPipHXr6zI3AAAowCvALMAvwDAAngCfwAnACsATwBQAMwA5wAfAEQCcAJ0ALwA1AAUA\/wEAAF0AAAAWABQAABFlLmNyYXNobHl0aWNzLmNvbQAXAAAAIwAAAA0AFgAUBgEGAwUBBQMEAQQDAwEDAwIBAgMAEAALuImlL1Y1GeVflD5H40\/GlDV3w0Q4eHATzs15UMvq3bDFbT9WBxf4WY7WsXHZhuEm\/fgNJZccyFnwUKMb"}
00882{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":12,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1421985541772794,"flow_src_last_pkt_time":1421985541772794,"flow_dst_last_pkt_time":1421985541772794,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":10,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":10,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":10,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1421985541772794,"l3_proto":"ip4","src_ip":"74.80.160.99","dst_ip":"67.217.77.28","src_port":3258,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.GoTo","proto_id":"91.293","encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
00765{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1421985541772794,"flow_src_last_pkt_time":1421985541772794,"flow_dst_last_pkt_time":1421985541772794,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":10,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":10,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":10,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1421985541772794,"l3_proto":"ip4","src_ip":"74.80.160.99","dst_ip":"67.217.77.28","src_port":3258,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -33,6 +33,6 @@
~~ total memory freed........: 6043948 bytes
~~ total allocations/frees...: 121512/121512
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 203 chars
~~ json string min len.......: 303 chars
~~ json string max len.......: 1156 chars
~~ json string avg len.......: 679 chars
~~ json string avg len.......: 729 chars

290
test/results/tor.pcap.out
View File

@@ -1,10 +1,10 @@
00483{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tor.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":3265032704,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
00546{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"tor.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1383821660212806}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821660212806}
00280{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1383821660212806,"packet_id":1,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821660212806}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383821660212806,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821662212866}
00280{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1383821662212866,"packet_id":2,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821662212866}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383821660212806,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":3,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821664212868}
00280{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":3,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1383821664212868,"packet_id":3,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821664212868}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":3,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383821660212806,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00749{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1383821665420161,"flow_src_last_pkt_time":1383821665420161,"flow_dst_last_pkt_time":1383821665420161,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383821665420161,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51110,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1383821665420161,"flow_dst_last_pkt_time":1383821665420161,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1383821665420161,"pkt":"UlQA2EYhUlQAWul3CABFAAA0A15AAIAGe0DAqAH8W49d8semAbvp\/8nSAAAAAIACIABVtgAAAgQFtAEDAwgBAQQC"}
@@ -12,7 +12,7 @@
00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1383821665491486,"flow_dst_last_pkt_time":1383821665491157,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1383821665491486,"pkt":"UlQA2EYhUlQAWul3CABFAAAoA19AAIAGe0vAqAH8W49d8semAbvp\/8nT+Fm4\/VAQAQAEIgAAAAAAAAAA"}
01143{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1383821665420161,"flow_src_last_pkt_time":1383821665498155,"flow_dst_last_pkt_time":1383821665491157,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":215,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":215,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383821665498155,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51110,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.ct7ctrgb6cr7.com","tls": {"version":"TLSv1","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
01358{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":9,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1383821665420161,"flow_src_last_pkt_time":1383821665498155,"flow_dst_last_pkt_time":1383821665606254,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":215,"flow_dst_max_l4_payload_len":748,"flow_src_tot_l4_payload_len":215,"flow_dst_tot_l4_payload_len":748,"midstream":0,"thread_ts_usec":1383821665606254,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51110,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.ct7ctrgb6cr7.com","tls": {"version":"TLSv1","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.xkgk7fdx362yyyxib.com","subjectDN":"CN=www.g6ghvisevf3ibuu5.net","fingerprint":"94:F9:FF:E2:7F:DB:1F:B8:19:65:20:6F:F6:DE:B6:A5:D5:AF:14:C7"}}}
00181{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":25,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821666212873}
00281{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":4,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1383821666212873,"packet_id":25,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821666212873}
00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":25,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383821666164055,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00748{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1383821666407384,"flow_src_last_pkt_time":1383821666407384,"flow_dst_last_pkt_time":1383821666407384,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383821666407384,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"46.59.52.31","src_port":51111,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1383821666407384,"flow_dst_last_pkt_time":1383821666407384,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1383821666407384,"pkt":"UlQA2EYhUlQAWul3CABFAAA0A2hAAIAG0l3AqAH8Ljs0H8enAbvpjJYYAAAAAIACIADhCQAAAgQFtAEDAwgBAQQC"}
@@ -20,7 +20,7 @@
00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1383821666481792,"flow_dst_last_pkt_time":1383821666480751,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1383821666481792,"pkt":"UlQA2EYhUlQAWul3CABFAAAoA2lAAIAG0mjAqAH8Ljs0H8enAbvpjJYZMTT2fVAQAQAZGwAAAAAAAAAA"}
01394{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1383821666407384,"flow_src_last_pkt_time":1383821666482149,"flow_dst_last_pkt_time":1383821666480751,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":222,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":222,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383821666482149,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"46.59.52.31","src_port":51111,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"TLS.Tor","proto_id":"91.163","encrypted":1,"breed":"Potentially Dangerous","category_id":2,"category":"VPN","hostname":"www.e6r5p57kbafwrxj3plz.com","tls": {"version":"TLSv1","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
01609{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":32,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1383821666407384,"flow_src_last_pkt_time":1383821666482149,"flow_dst_last_pkt_time":1383821666558024,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":222,"flow_dst_max_l4_payload_len":749,"flow_src_tot_l4_payload_len":222,"flow_dst_tot_l4_payload_len":749,"midstream":0,"thread_ts_usec":1383821666558024,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"46.59.52.31","src_port":51111,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"TLS.Tor","proto_id":"91.163","encrypted":1,"breed":"Potentially Dangerous","category_id":2,"category":"VPN","hostname":"www.e6r5p57kbafwrxj3plz.com","tls": {"version":"TLSv1","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.gmvuy6mtjbxevwo3w.com","subjectDN":"CN=www.bpcau5b3haif5els.net","fingerprint":"3A:B1:8A:6F:C3:F6:41:ED:77:D5:40:C3:85:79:8B:62:46:BC:65:9C"}}}
00181{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":55,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821668212884}
00281{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":5,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1383821668212884,"packet_id":55,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821668212884}
00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":55,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383821668066805,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00749{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1383821668403824,"flow_src_last_pkt_time":1383821668403824,"flow_dst_last_pkt_time":1383821668403824,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383821668403824,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51112,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1383821668403824,"flow_dst_last_pkt_time":1383821668403824,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1383821668403824,"pkt":"UlQA2EYhUlQAWul3CABFAAA0A3VAAIAGx5DAqAH8JuVGNceoAbuUs9YxAAAAAIACIADrCAAAAgQFtAEDAwgBAQQC"}
@@ -28,144 +28,48 @@
00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1383821668548030,"flow_dst_last_pkt_time":1383821668547648,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1383821668548030,"pkt":"UlQA2EYhUlQAWul3CABFAAAoA3ZAAIAGx5vAqAH8JuVGNceoAbuUs9YyhA0RIVAQAQC1nQAAAAAAAAAA"}
01397{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1383821668403824,"flow_src_last_pkt_time":1383821668548416,"flow_dst_last_pkt_time":1383821668547648,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":224,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":224,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383821668548416,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51112,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"TLS.Tor","proto_id":"91.163","encrypted":1,"breed":"Potentially Dangerous","category_id":2,"category":"VPN","hostname":"www.q4cyamnc6mtokjurvdclt.com","tls": {"version":"TLSv1","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
01605{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":63,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1383821668403824,"flow_src_last_pkt_time":1383821668548416,"flow_dst_last_pkt_time":1383821668700468,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":224,"flow_dst_max_l4_payload_len":929,"flow_src_tot_l4_payload_len":224,"flow_dst_tot_l4_payload_len":929,"midstream":0,"thread_ts_usec":1383821668700468,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51112,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"TLS.Tor","proto_id":"91.163","encrypted":1,"breed":"Potentially Dangerous","category_id":2,"category":"VPN","hostname":"www.q4cyamnc6mtokjurvdclt.com","tls": {"version":"TLSv1","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"e1691a31bfe345d2692da75636ddfb00","unsafe_cipher":0,"cipher":"TLS_DHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"CN=www.gg562izcxdvqdk.com","subjectDN":"CN=www.fcsyvnlemwxv5p.net","fingerprint":"C1:93:18:2C:A3:1D:AC:5F:C7:DE:17:8A:4E:B1:E8:13:BB:08:73:3A"}}}
00181{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":80,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821670213310}
00281{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":6,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1383821670213310,"packet_id":80,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821670213310}
00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":80,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383821669834523,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00181{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":83,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821672213282}
00281{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":7,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1383821672213282,"packet_id":83,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821672213282}
00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":83,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383821669834523,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00755{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":86,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1383821673254958,"flow_src_last_pkt_time":1383821673254958,"flow_dst_last_pkt_time":1383821673254958,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":144,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383821673254958,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00691{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1383821673254958,"flow_dst_last_pkt_time":1383821673254958,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_usec":1383821673254958,"pkt":"\/\/\/\/\/\/\/\/UlQAwqwfCABFAACsAABAAEARtfDAqAEBwKgB\/0RcRFwAmDDeeyJob3N0X2ludCI6IDY3Njg3OTk3NiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICI2NzY4Nzk5NzYiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsxNjc4NDEyMTYsIDE4MTA4Mzk2OCwgMTgxMDgwMzI0LCAyOTU0NDE3M119"}
00863{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1383821673254958,"flow_src_last_pkt_time":1383821673254958,"flow_dst_last_pkt_time":1383821673254958,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":144,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383821673254958,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
00181{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":87,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821674212949}
00281{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":8,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1383821674212949,"packet_id":87,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821674212949}
00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":87,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383821673254958,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00181{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":88,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821676212885}
00281{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":9,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1383821676212885,"packet_id":88,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821676212885}
00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":88,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383821673254958,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00181{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":89,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821678212925}
00282{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":10,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1383821678212925,"packet_id":89,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821678212925}
00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":89,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383821673254958,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00181{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":90,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821680212883}
00282{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":11,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1383821680212883,"packet_id":90,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821680212883}
00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":90,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383821673254958,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00181{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":91,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821682212886}
00282{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":12,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1383821682212886,"packet_id":91,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821682212886}
00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":91,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383821673254958,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00181{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":92,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821684212907}
00282{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":13,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1383821684212907,"packet_id":92,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821684212907}
00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":92,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383821673254958,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00181{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":93,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821686212924}
00282{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":14,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1383821686212924,"packet_id":93,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821686212924}
00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":93,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383821673254958,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00181{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":94,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821688212902}
00282{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":15,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1383821688212902,"packet_id":94,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821688212902}
00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":94,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383821673254958,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00181{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":95,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821690212928}
00282{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":16,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1383821690212928,"packet_id":95,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821690212928}
00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":95,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383821673254958,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00181{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":96,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821692212907}
00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":96,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383821673254958,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":97,"source":"tor.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1383821693159821,"flow_src_last_pkt_time":1383821693159821,"flow_dst_last_pkt_time":1383821693159821,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":210,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":210,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":210,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383821693159821,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00779{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"tor.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1383821693159821,"flow_dst_last_pkt_time":1383821693159821,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":252,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":252,"pkt_l4_len":218,"thread_ts_usec":1383821693159821,"pkt":"\/\/\/\/\/\/\/\/UlQAWul3CABFAADuA4EAAIARsTLAqAH8wKgB\/wCKAIoA2itVEQLJT8CoAfwAigDEAAAgRUZFT0VFRUpFQkVPQ05GQUVEQ0FDQUNBQ0FDQUNBQUEAIEFCQUNGUEZQRU5GREVDRkNFUEZIRkRFRkZQRlBBQ0FCAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAKgAAAAAAAAAAAOgDAAAAAAAAAAAqAFYAAwABAAEAAgA7AFxNQUlMU0xPVFxCUk9XU0UADACguw0AV09SS0dST1VQAAAAAAAAAAMKABAAgP4HAABFTkRJQU4tUEMA"}
01011{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":97,"source":"tor.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1383821693159821,"flow_src_last_pkt_time":1383821693159821,"flow_dst_last_pkt_time":1383821693159821,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":210,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":210,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":210,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383821693159821,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"endian-pc"}}
00181{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":98,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821694212894}
00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":98,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383821693159821,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00181{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":99,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821696212907}
00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":99,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383821693159821,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00182{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":100,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821698212898}
00348{"packet_event_id":1,"packet_event_name":"packet","packet_id":100,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383821693159821,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00182{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":101,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821700216949}
00348{"packet_event_id":1,"packet_event_name":"packet","packet_id":101,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383821693159821,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00182{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":102,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821702213488}
00348{"packet_event_id":1,"packet_event_name":"packet","packet_id":102,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383821693159821,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00692{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1383821703288336,"flow_dst_last_pkt_time":1383821673254958,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_usec":1383821703288336,"pkt":"\/\/\/\/\/\/\/\/UlQAwqwfCABFAACsAABAAEARtfDAqAEBwKgB\/0RcRFwAmDDeeyJob3N0X2ludCI6IDY3Njg3OTk3NiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICI2NzY4Nzk5NzYiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsxNjc4NDEyMTYsIDE4MTA4Mzk2OCwgMTgxMDgwMzI0LCAyOTU0NDE3M119"}
00182{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":111,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821704212955}
00348{"packet_event_id":1,"packet_event_name":"packet","packet_id":111,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383821703723048,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
02526{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":117,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1383821668403824,"flow_src_last_pkt_time":1383821704424659,"flow_dst_last_pkt_time":1383821704566665,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":586,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":4598,"flow_dst_tot_l4_payload_len":5464,"midstream":0,"thread_ts_usec":1383821704566665,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51112,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":113,"avg":2328505.8,"max":31166013,"stddev":7549668.5,"var":56997495963648.0,"ent":1.9,"data": [143824,144206,386,152663,157,159633,171698,164686,190851,113,190713,627,185098,185495,145105,5747,151688,184201,104686,289985,146556,2535956,2930532,30770666,31166013,871,147027,185685,696487,885191,147130]},"pktlen": {"min":40,"avg":355.8,"max":1500,"stddev":354.9,"var":125974.5,"ent":4.3,"data": [52,52,46,264,40,969,238,99,114,1500,126,46,626,40,626,40,626,626,40,626,626,40,626,46,626,40,626,626,40,626,626,40]},"bins": {"c_to_s": [4,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [9,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,1,0,0,1,0,1,1,0,1,1,0,1,1,0,0,1,1,0,1,1,0,1],"entropies": [4.463158131,4.830034256,4.398030758,5.447000027,4.784183979,7.571198463,6.865525723,5.932188988,6.092850685,7.880095005,6.536722183,4.338141918,7.694956303,4.765311718,7.651318550,4.834183693,7.635929585,7.668802738,4.680641174,7.700941086,7.633764267,4.834183693,7.670955658,4.311074257,7.633520603,4.630640984,7.649660587,7.669915199,4.784183979,7.648267269,7.643295765,4.684184074]},"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"TLS.Tor","proto_id":"91.163","encrypted":1,"breed":"Potentially Dangerous","category_id":2,"category":"VPN"}}
02276{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":124,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1383821665420161,"flow_src_last_pkt_time":1383821704889950,"flow_dst_last_pkt_time":1383821704958016,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":586,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":3939,"flow_dst_tot_l4_payload_len":9093,"midstream":0,"thread_ts_usec":1383821704958016,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51110,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":120,"avg":2548633.8,"max":37995839,"stddev":9273754.0,"var":86002509021184.0,"ent":1.4,"data": [70996,71325,6669,104314,10783,112643,88567,84606,73691,120,73665,754,108431,107711,67797,2260,74630,103567,101811,113368,368689,686539,37720424,37995839,68191,67504,104050,189003,360821,68695,181]},"pktlen": {"min":40,"avg":448.8,"max":1500,"stddev":476.2,"var":226793.4,"ent":4.2,"data": [52,52,46,255,40,788,174,99,114,1500,142,46,626,40,626,40,626,626,626,626,40,626,46,626,40,626,40,626,1500,46,1500,1500]},"bins": {"c_to_s": [5,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,1,0,0,1,0,1,1,0,1,0,1,1,0,0,1,0,1,1,1,0,1,1],"entropies": [4.540081501,4.945419312,4.484987259,5.397112370,4.884183884,7.396267891,6.599942207,5.960015774,6.090528011,7.870100975,6.529747963,4.484987259,7.677678108,4.884183884,7.605023384,4.884183884,7.649974346,7.648893833,7.709483624,7.672764301,4.834183693,7.653419495,4.441509247,7.662259102,4.884183884,7.661063194,4.884183884,7.656208992,7.855939388,4.484987259,7.873313904,7.885534286]},"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00182{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":156,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821706213267}
00348{"packet_event_id":1,"packet_event_name":"packet","packet_id":156,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383821706194070,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00182{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":185,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821708213145}
00348{"packet_event_id":1,"packet_event_name":"packet","packet_id":185,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383821708161244,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00182{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":202,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821710212920}
00348{"packet_event_id":1,"packet_event_name":"packet","packet_id":202,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383821709736596,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00182{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":203,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821712212949}
00348{"packet_event_id":1,"packet_event_name":"packet","packet_id":203,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383821709736596,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00182{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":214,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821714212940}
00348{"packet_event_id":1,"packet_event_name":"packet","packet_id":214,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383821713855554,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00182{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":215,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821716213464}
00348{"packet_event_id":1,"packet_event_name":"packet","packet_id":215,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383821713855554,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00182{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":220,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821718212953}
00348{"packet_event_id":1,"packet_event_name":"packet","packet_id":220,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383821716551362,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00182{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":221,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821720213004}
00348{"packet_event_id":1,"packet_event_name":"packet","packet_id":221,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383821716551362,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00182{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":222,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821722213011}
00348{"packet_event_id":1,"packet_event_name":"packet","packet_id":222,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383821716551362,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00182{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":227,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821724212938}
00348{"packet_event_id":1,"packet_event_name":"packet","packet_id":227,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383821723995239,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00182{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":232,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821726212962}
00348{"packet_event_id":1,"packet_event_name":"packet","packet_id":232,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383821725008865,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00182{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":271,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821728213042}
00348{"packet_event_id":1,"packet_event_name":"packet","packet_id":271,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383821728040828,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00182{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":356,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821730212988}
00348{"packet_event_id":1,"packet_event_name":"packet","packet_id":356,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383821730181680,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00182{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":541,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821732212991}
00348{"packet_event_id":1,"packet_event_name":"packet","packet_id":541,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383821732198673,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00692{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":650,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1383821733324487,"flow_dst_last_pkt_time":1383821673254958,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_usec":1383821733324487,"pkt":"\/\/\/\/\/\/\/\/UlQAwqwfCABFAACsAABAAEARtfDAqAEBwKgB\/0RcRFwAmDDeeyJob3N0X2ludCI6IDY3Njg3OTk3NiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICI2NzY4Nzk5NzYiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsxNjc4NDEyMTYsIDE4MTA4Mzk2OCwgMTgxMDgwMzI0LCAyOTU0NDE3M119"}
00905{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":656,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1383821673254958,"flow_src_last_pkt_time":1383821733324487,"flow_dst_last_pkt_time":1383821673254958,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":144,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":432,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383821733485713,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
00182{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":671,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821734213076}
00348{"packet_event_id":1,"packet_event_name":"packet","packet_id":671,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383821734087251,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00750{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":673,"source":"tor.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1383821734359648,"flow_src_last_pkt_time":1383821734359648,"flow_dst_last_pkt_time":1383821734359648,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1383821734359648,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"157.56.30.46","src_port":51104,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":673,"source":"tor.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1383821734359648,"flow_dst_last_pkt_time":1383821734359648,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1383821734359648,"pkt":"UlQA2EYhUlQAWul3CABFAAAoBE1AAIAGeHjAqAH8nTgeLsegAbuzcgvfGiCX\/lAUAAD2+QAAAAAAAAAA"}
00182{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":690,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821736213187}
00348{"packet_event_id":1,"packet_event_name":"packet","packet_id":690,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383821736176748,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00182{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":755,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821738213238}
00348{"packet_event_id":1,"packet_event_name":"packet","packet_id":755,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383821738213098,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00182{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":806,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821740212998}
00348{"packet_event_id":1,"packet_event_name":"packet","packet_id":806,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383821740176369,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00182{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":828,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821742213016}
00348{"packet_event_id":1,"packet_event_name":"packet","packet_id":828,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383821741917672,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
01030{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":842,"source":"tor.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1383821693159821,"flow_src_last_pkt_time":1383821693159821,"flow_dst_last_pkt_time":1383821693159821,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":210,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":210,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":210,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383821743527179,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","encrypted":0,"breed":"Dangerous","category_id":18,"category":"System"}}
00182{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":848,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821744213025}
00348{"packet_event_id":1,"packet_event_name":"packet","packet_id":848,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383821744083404,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00182{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":889,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821746213762}
00348{"packet_event_id":1,"packet_event_name":"packet","packet_id":889,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383821746178912,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1027,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821748212997}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":1027,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383821748103193,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1054,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821750212972}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":1054,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383821750028641,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1069,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821752213197}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":1069,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383821752032692,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1074,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821754213011}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":1074,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383821752949522,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1093,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821756213011}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":1093,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383821756147514,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1106,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821758213236}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":1106,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383821757892774,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1124,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821760213003}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":1124,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383821760056499,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1204,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821762212987}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":1204,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383821762157897,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1389,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821764213182}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":1389,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383821764094657,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1540,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821766213046}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":1540,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383821766193561,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1709,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821768213010}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":1709,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383821768150900,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1807,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821770213739}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":1807,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383821770180911,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1817,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821772213086}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":1817,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383821771201495,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1818,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821774213020}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":1818,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383821771201495,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
02517{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1820,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1383821666407384,"flow_src_last_pkt_time":1383821774388112,"flow_dst_last_pkt_time":1383821702813857,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":586,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":3946,"flow_dst_tot_l4_payload_len":5300,"midstream":0,"thread_ts_usec":1383821774388112,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"46.59.52.31","src_port":51111,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":90,"avg":4657651.5,"max":71328355,"stddev":14789051.0,"var":218716025389056.0,"ent":1.8,"data": [73367,74408,357,74070,3203,80209,86098,83238,77261,90,76164,838,117183,116350,75240,23977,101877,114494,465564,429267,3455,80828,117031,388775,507320,75910,393949,666205,34353103,34399015,71328355]},"pktlen": {"min":40,"avg":330.6,"max":1500,"stddev":347.1,"var":120444.2,"ent":4.2,"data": [52,52,46,262,40,789,174,99,114,1500,142,46,626,40,626,40,626,626,40,626,40,626,626,40,626,626,40,626,46,626,46,46]},"bins": {"c_to_s": [6,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [8,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,1,0,0,1,0,1,1,0,1,0,1,1,0,1,1,0,1,1,0,1,0,0],"entropies": [4.540081024,4.892440796,4.398030758,5.485852242,4.734183788,7.345484734,6.684501171,5.938382626,6.188065529,7.865236759,6.545697212,4.398030758,7.637940407,4.784183979,7.634158611,4.784183979,7.710437775,7.659512520,4.784183979,7.657443523,4.834184170,7.637063503,7.660885811,4.834184170,7.674984455,7.682085514,4.765312195,7.644844532,4.544876099,7.636578560,4.347350597,4.457919598]},"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"TLS.Tor","proto_id":"91.163","encrypted":1,"breed":"Potentially Dangerous","category_id":2,"category":"VPN"}}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1828,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821776213090}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":1828,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383821774532755,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1829,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821778213143}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":1829,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383821774532755,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1830,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821780213263}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":1830,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383821774532755,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1831,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821782213065}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":1831,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383821774532755,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1832,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821784213182}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":1832,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383821774532755,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1833,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821786213089}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":1833,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383821774532755,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1835,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822124212807}
00283{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1383822124212807,"packet_id":1835,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822124212807}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":1835,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822123915516,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1836,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822126212337}
00283{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1383822126212337,"packet_id":1836,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822126212337}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":1836,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822123915516,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1837,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822128212399}
00283{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":3,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1383822128212399,"packet_id":1837,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822128212399}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":1837,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822123915516,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1840,"source":"tor.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1383822129889928,"flow_src_last_pkt_time":1383822129889928,"flow_dst_last_pkt_time":1383822129889928,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383822129889928,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"212.83.155.250","src_port":51174,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1840,"source":"tor.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1383822129889928,"flow_dst_last_pkt_time":1383822129889928,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1383822129889928,"pkt":"UlQA2EYhUlQAWul3CABFAAA0CJdAAIAGvzrAqAH81FOb+sfmAbsbVwNmAAAAAIACIAAzvwAAAgQFtAEDAwgBAQQC"}
@@ -179,7 +83,7 @@
01389{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1847,"source":"tor.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1383822129897135,"flow_src_last_pkt_time":1383822129972457,"flow_dst_last_pkt_time":1383822129961527,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":213,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":213,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383822129972457,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51175,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"TLS.Tor","proto_id":"91.163","encrypted":1,"breed":"Potentially Dangerous","category_id":2,"category":"VPN","hostname":"www.gfu7hbxpfp.com","tls": {"version":"TLSv1","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
01351{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1849,"source":"tor.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1383822129889928,"flow_src_last_pkt_time":1383822129965354,"flow_dst_last_pkt_time":1383822130023500,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":209,"flow_dst_max_l4_payload_len":743,"flow_src_tot_l4_payload_len":209,"flow_dst_tot_l4_payload_len":743,"midstream":0,"thread_ts_usec":1383822130023500,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"212.83.155.250","src_port":51174,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.t3i3ru.com","tls": {"version":"TLSv1","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.wohgpas45j6ucw.com","subjectDN":"CN=www.7d43ah2kikrabj.net","fingerprint":"F9:1D:5F:89:8F:D8:58:1E:45:E7:9B:A6:FD:90:95:77:FF:DD:E8:1B"}}}
01604{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1852,"source":"tor.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1383822129897135,"flow_src_last_pkt_time":1383822129972457,"flow_dst_last_pkt_time":1383822130047877,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":213,"flow_dst_max_l4_payload_len":748,"flow_src_tot_l4_payload_len":213,"flow_dst_tot_l4_payload_len":748,"midstream":0,"thread_ts_usec":1383822130047877,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51175,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"TLS.Tor","proto_id":"91.163","encrypted":1,"breed":"Potentially Dangerous","category_id":2,"category":"VPN","hostname":"www.gfu7hbxpfp.com","tls": {"version":"TLSv1","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.xkgk7fdx362yyyxib.com","subjectDN":"CN=www.g6ghvisevf3ibuu5.net","fingerprint":"94:F9:FF:E2:7F:DB:1F:B8:19:65:20:6F:F6:DE:B6:A5:D5:AF:14:C7"}}}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1862,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822130216146}
00283{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":4,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1383822130216146,"packet_id":1862,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822130216146}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":1862,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822130168859,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1888,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1383822130889737,"flow_src_last_pkt_time":1383822130889737,"flow_dst_last_pkt_time":1383822130889737,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383822130889737,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51176,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1888,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1383822130889737,"flow_dst_last_pkt_time":1383822130889737,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1383822130889737,"pkt":"UlQA2EYhUlQAWul3CABFAAA0CK1AAIAGwljAqAH8JuVGNcfoAbv0twffAAAAAIACIABZFwAAAgQFtAEDAwgBAQQC"}
@@ -188,7 +92,7 @@
01140{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1893,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1383822130889737,"flow_src_last_pkt_time":1383822131034778,"flow_dst_last_pkt_time":1383822131033681,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":210,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":210,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383822131034778,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51176,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.jmts2id.com","tls": {"version":"TLSv1","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
01348{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1896,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1383822130889737,"flow_src_last_pkt_time":1383822131034778,"flow_dst_last_pkt_time":1383822131220406,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":210,"flow_dst_max_l4_payload_len":929,"flow_src_tot_l4_payload_len":210,"flow_dst_tot_l4_payload_len":929,"midstream":0,"thread_ts_usec":1383822131220406,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51176,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.jmts2id.com","tls": {"version":"TLSv1","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"e1691a31bfe345d2692da75636ddfb00","unsafe_cipher":0,"cipher":"TLS_DHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"CN=www.gg562izcxdvqdk.com","subjectDN":"CN=www.fcsyvnlemwxv5p.net","fingerprint":"C1:93:18:2C:A3:1D:AC:5F:C7:DE:17:8A:4E:B1:E8:13:BB:08:73:3A"}}}
02503{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1918,"source":"tor.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1383822129897135,"flow_src_last_pkt_time":1383822132138706,"flow_dst_last_pkt_time":1383822132203451,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":586,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":4523,"flow_dst_tot_l4_payload_len":5299,"midstream":0,"thread_ts_usec":1383822132203451,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51175,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":146,"avg":146706.0,"max":990883,"stddev":220400.9,"var":48576569344.0,"ent":3.9,"data": [64392,65808,9514,82112,4238,79785,91000,88446,79568,146,78186,925,110026,109380,69120,1548,80197,113582,35660,145791,70785,343658,637547,693937,990883,1625,71983,109022,69049,180072,69902]},"pktlen": {"min":40,"avg":348.2,"max":1500,"stddev":347.1,"var":120448.8,"ent":4.3,"data": [52,52,46,253,40,788,174,99,114,1500,142,46,626,40,626,40,626,626,40,626,626,40,626,46,626,40,626,626,40,626,626,40]},"bins": {"c_to_s": [4,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [9,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,1,0,0,1,0,1,1,0,1,1,0,1,1,0,0,1,1,0,1,1,0,1],"entropies": [4.477674961,4.945419312,4.398030758,5.406278133,4.834183693,7.371150017,6.711827278,5.947438717,6.057762146,7.837278366,6.586953163,4.398030758,7.662993908,4.834183693,7.681317329,4.734183788,7.663327694,7.608054161,4.734183788,7.639224529,7.648303986,4.734183788,7.669913292,4.441509247,7.652542591,4.834183693,7.641192913,7.661419868,4.784183979,7.663778782,7.666988373,4.734183788]},"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"TLS.Tor","proto_id":"91.163","encrypted":1,"breed":"Potentially Dangerous","category_id":2,"category":"VPN"}}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1919,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822132212345}
00283{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":5,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1383822132212345,"packet_id":1919,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822132212345}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":1919,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822132203451,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
02273{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1933,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1383822130889737,"flow_src_last_pkt_time":1383822133768898,"flow_dst_last_pkt_time":1383822133768590,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":586,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":3998,"flow_dst_tot_l4_payload_len":5464,"midstream":0,"thread_ts_usec":1383822133768898,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51176,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":215,"avg":185742.4,"max":755290,"stddev":163607.9,"var":26767544320.0,"ent":4.5,"data": [143944,144327,714,149478,37247,195972,163599,153986,192261,56166,215,255054,2118,152835,143919,143900,44572,192109,147551,608487,755290,145485,149387,149841,132696,281585,155046,87778,477208,367752,127492]},"pktlen": {"min":40,"avg":337.4,"max":1500,"stddev":355.4,"var":126324.2,"ent":4.2,"data": [52,52,46,250,40,969,238,99,114,40,1500,126,46,626,40,626,40,626,626,40,626,626,40,626,40,626,626,40,626,46,626,52]},"bins": {"c_to_s": [5,0,1,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [9,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,1,1,0,0,1,0,1,1,0,1,1,0,1,0,1,1,0,1,1,0,1,0],"entropies": [4.593060017,4.815517426,4.414441109,5.291395664,4.834184170,7.550148964,6.920053005,5.919612408,6.132238388,4.884183884,7.868963718,6.428377628,4.330940247,7.664852619,4.730641365,7.653878212,4.780641079,7.642474174,7.667881489,4.784183979,7.644913673,7.622496128,4.884183884,7.554065228,4.784183979,7.660291672,7.637899399,4.884183884,7.647337437,4.544876099,7.647919655,4.743239880]},"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
01031{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1936,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":62,"flow_dst_packets_processed":79,"flow_first_seen":1383821665420161,"flow_src_last_pkt_time":1383821774457983,"flow_dst_last_pkt_time":1383821774457610,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":19175,"flow_dst_tot_l4_payload_len":41545,"midstream":0,"thread_ts_usec":1383822133787472,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51110,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
@@ -198,173 +102,51 @@
01271{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1936,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":18,"flow_first_seen":1383821666407384,"flow_src_last_pkt_time":1383821774461034,"flow_dst_last_pkt_time":1383821774460689,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":586,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":3946,"flow_dst_tot_l4_payload_len":5300,"midstream":0,"thread_ts_usec":1383822133787472,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"46.59.52.31","src_port":51111,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"TLS.Tor","proto_id":"91.163","encrypted":1,"breed":"Potentially Dangerous","category_id":2,"category":"VPN"}}
01280{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1936,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":580,"flow_dst_packets_processed":996,"flow_first_seen":1383821668403824,"flow_src_last_pkt_time":1383821774532755,"flow_dst_last_pkt_time":1383821774532380,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":112114,"flow_dst_tot_l4_payload_len":1189036,"midstream":0,"thread_ts_usec":1383822133787472,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51112,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"TLS.Tor","proto_id":"91.163","encrypted":1,"breed":"Potentially Dangerous","category_id":2,"category":"VPN"}}
00906{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1936,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1383821673254958,"flow_src_last_pkt_time":1383822123915516,"flow_dst_last_pkt_time":1383821673254958,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":144,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":720,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383822133787472,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1937,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822134212476}
00283{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":6,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1383822134212476,"packet_id":1937,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822134212476}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":1937,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822133931333,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1944,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822136212325}
00283{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":7,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1383822136212325,"packet_id":1944,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822136212325}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":1944,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822134768201,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1945,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822138212314}
00283{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":8,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1383822138212314,"packet_id":1945,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822138212314}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":1945,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822134768201,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1946,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822140212281}
00283{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":9,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1383822140212281,"packet_id":1946,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822140212281}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":1946,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822134768201,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1947,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822142212321}
00284{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":10,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1383822142212321,"packet_id":1947,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822142212321}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":1947,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822134768201,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1948,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822144212343}
00284{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":11,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1383822144212343,"packet_id":1948,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822144212343}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":1948,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822134768201,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1949,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822146212271}
00284{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":12,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1383822146212271,"packet_id":1949,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822146212271}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":1949,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822134768201,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1950,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822148212398}
00284{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":13,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1383822148212398,"packet_id":1950,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822148212398}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":1950,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822134768201,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1951,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822150212222}
00284{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":14,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1383822150212222,"packet_id":1951,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822150212222}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":1951,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822134768201,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1952,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822152212240}
00284{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":15,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1383822152212240,"packet_id":1952,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822152212240}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":1952,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822134768201,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1954,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822154212265}
00284{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":16,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1383822154212265,"packet_id":1954,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822154212265}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":1954,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822153962104,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1955,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822156212208}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":1955,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822153962104,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1956,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822158212282}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":1956,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822153962104,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1957,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822160212204}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":1957,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822153962104,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1958,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822162212265}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":1958,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822153962104,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1959,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822164212767}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":1959,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822153962104,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1960,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822166212188}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":1960,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822153962104,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1961,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822168212323}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":1961,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822153962104,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1975,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822170212297}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":1975,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822170108954,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1986,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822172212681}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":1986,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822172115762,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2022,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822174212393}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":2022,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822174148808,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2042,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822176212178}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":2042,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822175546895,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2058,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822178212214}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":2058,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822178103272,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2061,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822180212131}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":2061,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822179522476,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2066,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822182212191}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":2066,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822180832942,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2068,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822184212229}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":2068,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822184001176,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2069,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822186212454}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":2069,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822184001176,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2070,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822188212408}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":2070,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822184001176,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00907{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2071,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1383821673254958,"flow_src_last_pkt_time":1383822184001176,"flow_dst_last_pkt_time":1383821673254958,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":144,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1008,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383822184001176,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2071,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822190212084}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":2071,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822184001176,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2072,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1383822190886155,"flow_src_last_pkt_time":1383822190886155,"flow_dst_last_pkt_time":1383822190886155,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383822190886155,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"62.210.137.230","src_port":51185,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2072,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1383822190886155,"flow_dst_last_pkt_time":1383822190886155,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1383822190886155,"pkt":"UlQA2EYhUlQAWul3CABFAAA0COtAAIAGZnzAqAH8PtKJ5sfxAbspsDzeAAAAAIACIACTeAAAAgQFtAEDAwgBAQQC"}
00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2073,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1383822190886155,"flow_dst_last_pkt_time":1383822190950538,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1383822190950538,"pkt":"UlQAWul3UlQA2EYhCABFAAA0AABAADEGvmc+0onmwKgB\/AG7x\/Gvhi1nKbA834ASOQidcgAAAgQFtAEBBAIBAwMH"}
00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2074,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_src_last_pkt_time":1383822190951036,"flow_dst_last_pkt_time":1383822190950538,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1383822190951036,"pkt":"UlQA2EYhUlQAWul3CABFAAAoCOxAAIAGZofAqAH8PtKJ5sfxAbspsDzfr4YtaFAQAQAWTQAAAAAAAAAA"}
01151{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2075,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1383822190886155,"flow_src_last_pkt_time":1383822190951387,"flow_dst_last_pkt_time":1383822190950538,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":218,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":218,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383822190951387,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"62.210.137.230","src_port":51185,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.6gyip7tqim7sieb.com","tls": {"version":"TLSv1","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
01357{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2077,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1383822190886155,"flow_src_last_pkt_time":1383822190951387,"flow_dst_last_pkt_time":1383822191037108,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":218,"flow_dst_max_l4_payload_len":740,"flow_src_tot_l4_payload_len":218,"flow_dst_tot_l4_payload_len":740,"midstream":0,"thread_ts_usec":1383822191037108,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"62.210.137.230","src_port":51185,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.6gyip7tqim7sieb.com","tls": {"version":"TLSv1","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.a3uycdf3rn5md.com","subjectDN":"CN=www.l7xvysfnvkb.net","fingerprint":"EE:86:E7:21:36:93:23:30:DB:A0:09:48:55:16:CB:A8:E9:DA:01:D0"}}}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2097,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822192212065}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":2097,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822192034234,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2107,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822194212377}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":2107,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822193390912,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2136,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822196212154}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":2136,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822196160773,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2193,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822198212107}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":2193,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822198129287,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2231,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822200212110}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":2231,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822200128752,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2318,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822202212073}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":2318,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822202193926,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2421,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822204212100}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":2421,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822204195472,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2544,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822206212118}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":2544,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822206019124,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2564,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822208213723}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":2564,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822207793746,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2577,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822210212300}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":2577,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822209488833,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2632,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822212212113}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":2632,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822212140120,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2687,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822214212221}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":2687,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822214082852,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2719,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822216212093}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":2719,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822216211251,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00761{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2745,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1383822217531372,"flow_src_last_pkt_time":1383822217531372,"flow_dst_last_pkt_time":1383822217531372,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":89,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":89,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":89,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383822217531372,"l3_proto":"ip6","src_ip":"fe80::c583:1972:5728:7323","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00642{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2745,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1383822217531372,"flow_dst_last_pkt_time":1383822217531372,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":151,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":151,"pkt_l4_len":97,"thread_ts_usec":1383822217531372,"pkt":"MzMAAQACUlQAWul3ht1gAAAAAGERAf6AAAAAAAAAxYMZclcocyP\/AgAAAAAAAAAAAAAAAQACAiICIwBhDIMBZjPcAAgAAgAAAAEADgABAAEXdNYHUlQAoBS4AAMADA5SVAAAAAAAAAAAAAAnAAsACUVuZGlhbi1QQwAQAA4AAAE3AAhNU0ZUIDUuMAAGAAgAGAAXABEAJw=="}
00870{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2745,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1383822217531372,"flow_src_last_pkt_time":1383822217531372,"flow_dst_last_pkt_time":1383822217531372,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":89,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":89,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":89,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383822217531372,"l3_proto":"ip6","src_ip":"fe80::c583:1972:5728:7323","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCPV6","proto_id":"103","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2775,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822218212163}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":2775,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822218202168,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00642{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2800,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1383822218758583,"flow_dst_last_pkt_time":1383822217531372,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":151,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":151,"pkt_l4_len":97,"thread_ts_usec":1383822218758583,"pkt":"MzMAAQACUlQAWul3ht1gAAAAAGERAf6AAAAAAAAAxYMZclcocyP\/AgAAAAAAAAAAAAAAAQACAiICIwBhDB8BZjPcAAgAAgBkAAEADgABAAEXdNYHUlQAoBS4AAMADA5SVAAAAAAAAAAAAAAnAAsACUVuZGlhbi1QQwAQAA4AAAE3AAhNU0ZUIDUuMAAGAAgAGAAXABEAJw=="}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2854,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822220212053}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":2854,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822220042872,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00642{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2863,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_src_last_pkt_time":1383822220774203,"flow_dst_last_pkt_time":1383822217531372,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":151,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":151,"pkt_l4_len":97,"thread_ts_usec":1383822220774203,"pkt":"MzMAAQACUlQAWul3ht1gAAAAAGERAf6AAAAAAAAAxYMZclcocyP\/AgAAAAAAAAAAAAAAAQACAiICIwBhC1cBZjPcAAgAAgEsAAEADgABAAEXdNYHUlQAoBS4AAMADA5SVAAAAAAAAAAAAAAnAAsACUVuZGlhbi1QQwAQAA4AAAE3AAhNU0ZUIDUuMAAGAAgAGAAXABEAJw=="}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2882,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822222212047}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":2882,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822222154911,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2936,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822224212144}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":2936,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822224128155,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2965,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822226212245}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":2965,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822226175794,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2976,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822228212061}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":2976,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822227885519,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2988,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822230212115}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":2988,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822230193510,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00907{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2989,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1383821673254958,"flow_src_last_pkt_time":1383822214039100,"flow_dst_last_pkt_time":1383821673254958,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":144,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1152,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383822230193510,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":3004,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822232211971}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":3004,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822232017966,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":3018,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822234211967}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":3018,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822233939561,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":3036,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822236212113}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":3036,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822236183519,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":3128,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822238212085}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":3128,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822238164193,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":3234,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822240212033}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":3234,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822240198709,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":3430,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822242212027}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":3430,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822242141710,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":3494,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822244212056}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":3494,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822244182894,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":3654,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822246212005}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":3654,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822246194755,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":3712,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822248212313}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":3712,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822248153481,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":3717,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822250211939}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":3717,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822248944702,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":3718,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822252211970}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":3718,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822248944702,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":3735,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822254212017}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":3735,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822254127255,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":3752,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822256211970}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":3752,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822255869946,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":3810,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822258212011}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":3810,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822257040376,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":3821,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822260212069}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":3821,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822259716940,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00565{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3822,"source":"tor.pcap","alias":"nDPId-test","packets-captured":3822,"packets-processed":3664,"total-skipped-flows":0,"total-l4-payload-len":2806614,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":10,"total-detection-updates":7,"total-updates":5,"current-active-flows":6,"total-active-flows":11,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":342,"global_ts_usec":1383822260228953}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":3826,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822262211943}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":3826,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822262143775,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":3833,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822264211946}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":3833,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822264155073,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00565{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3822,"source":"tor.pcap","alias":"nDPId-test","packets-captured":3822,"packets-processed":3664,"total-skipped-flows":0,"total-l4-payload-len":2806614,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":10,"total-detection-updates":7,"total-updates":5,"current-active-flows":6,"total-active-flows":11,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":140,"global_ts_usec":1383822260228953}
02272{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":3845,"source":"tor.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1383822129889928,"flow_src_last_pkt_time":1383822265160118,"flow_dst_last_pkt_time":1383822265159585,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":586,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":2761,"flow_dst_tot_l4_payload_len":5864,"midstream":0,"thread_ts_usec":1383822265160118,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"212.83.155.250","src_port":51174,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":319,"avg":8727092.0,"max":72890007,"stddev":22568808.0,"var":509351076823040.0,"ent":2.1,"data": [59390,61607,13819,72120,2062,62909,63545,60042,79423,319,78805,1749,98338,96626,56518,4501,61844,64873,64036,73717,275721,252847,50798,9733,261423,61538274,61491411,72591366,72890007,3990,98034]},"pktlen": {"min":40,"avg":312.0,"max":1500,"stddev":345.9,"var":119666.8,"ent":4.2,"data": [52,52,46,249,40,783,174,99,114,1500,126,46,626,40,626,40,626,626,626,626,626,46,626,52,626,46,626,46,46,40,40,46]},"bins": {"c_to_s": [9,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,1,0,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,0,1,1,0],"entropies": [4.501619816,4.930902481,4.441508770,5.332808495,4.834183693,7.397306919,6.658778667,6.048449516,6.157279968,7.876633167,6.546604156,4.441508770,7.673907757,4.834183693,7.638509750,4.884183884,7.663495541,7.670399189,7.645442486,7.664111614,7.640780926,4.484987259,7.650365353,4.880648136,7.645416737,4.544876099,7.673004150,4.457919598,4.457919598,4.734183788,4.734183788,4.501397610]},"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":3853,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822266211911}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":3853,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822265221448,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":3854,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822268211949}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":3854,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822265221448,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":3855,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822270212244}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":3855,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822265221448,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":3856,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822272211953}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":3856,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822265221448,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00912{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3857,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1383822217531372,"flow_src_last_pkt_time":1383822248944702,"flow_dst_last_pkt_time":1383822217531372,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":89,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":89,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":534,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383822265221448,"l3_proto":"ip6","src_ip":"fe80::c583:1972:5728:7323","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCPV6","proto_id":"103","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":3858,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822274212080}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":3858,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822274144364,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822276211998}
00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822274144364,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
01273{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":21,"flow_first_seen":1383822129897135,"flow_src_last_pkt_time":1383822265221448,"flow_dst_last_pkt_time":1383822265220844,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":586,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":4523,"flow_dst_tot_l4_payload_len":5885,"midstream":0,"thread_ts_usec":1383822274144364,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51175,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"TLS.Tor","proto_id":"91.163","encrypted":1,"breed":"Potentially Dangerous","category_id":2,"category":"VPN"}}
00906{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1383821673254958,"flow_src_last_pkt_time":1383822274144364,"flow_dst_last_pkt_time":1383821673254958,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":144,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383822274144364,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
00910{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1383822217531372,"flow_src_last_pkt_time":1383822248944702,"flow_dst_last_pkt_time":1383822217531372,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":89,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":89,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":534,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383822274144364,"l3_proto":"ip6","src_ip":"fe80::c583:1972:5728:7323","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCPV6","proto_id":"103","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
01030{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":14,"flow_first_seen":1383822190886155,"flow_src_last_pkt_time":1383822265123975,"flow_dst_last_pkt_time":1383822265123334,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":586,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":2770,"flow_dst_tot_l4_payload_len":5259,"midstream":0,"thread_ts_usec":1383822274144364,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"62.210.137.230","src_port":51185,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
01029{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1383822129889928,"flow_src_last_pkt_time":1383822265160118,"flow_dst_last_pkt_time":1383822265159585,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":586,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":2761,"flow_dst_tot_l4_payload_len":5864,"midstream":0,"thread_ts_usec":1383822274144364,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"212.83.155.250","src_port":51174,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
01036{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":693,"flow_dst_packets_processed":1133,"flow_first_seen":1383822130889737,"flow_src_last_pkt_time":1383822265215958,"flow_dst_last_pkt_time":1383822265215370,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":140888,"flow_dst_tot_l4_payload_len":1270708,"midstream":0,"thread_ts_usec":1383822274144364,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51176,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00568{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","packets-captured":3859,"packets-processed":3694,"total-skipped-flows":0,"total-l4-payload-len":2811958,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":10,"total-detection-updates":7,"total-updates":6,"current-active-flows":0,"total-active-flows":11,"total-idle-flows":11,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":367,"global_ts_usec":1383822276211998}
00568{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","packets-captured":3859,"packets-processed":3694,"total-skipped-flows":0,"total-l4-payload-len":2811958,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":10,"total-detection-updates":7,"total-updates":6,"current-active-flows":0,"total-active-flows":11,"total-idle-flows":11,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":149,"global_ts_usec":1383822276211998}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 3859/3694
~~ skipped flows.............: 0
@@ -377,6 +159,6 @@
~~ total memory freed........: 6189705 bytes
~~ total allocations/frees...: 125330/125330
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 185 chars
~~ json string min len.......: 285 chars
~~ json string max len.......: 2531 chars
~~ json string avg len.......: 1358 chars
~~ json string avg len.......: 1408 chars

10
test/results/zoom.pcap.out
View File

@@ -12,7 +12,7 @@
00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"zoom.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1569520466355115,"flow_dst_last_pkt_time":1569520466355017,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569520466355115,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+Z7AqAF1p2PXpNZPEVI+PYNDfog2UoAQECx8vAAAAQEICiWcz4Xh63Ok"}
01276{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"zoom.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569520466316930,"flow_src_last_pkt_time":1569520466355344,"flow_dst_last_pkt_time":1569520466355017,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520466355344,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"167.99.215.164","src_port":54863,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"dati.ntop.org","tls": {"version":"TLSv1.2","ja3":"a795593605a13211941d44505b4d1e39","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
01334{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"zoom.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569520466316930,"flow_src_last_pkt_time":1569520466355344,"flow_dst_last_pkt_time":1569520466392965,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":142,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":142,"midstream":0,"thread_ts_usec":1569520466392965,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"167.99.215.164","src_port":54863,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"dati.ntop.org","tls": {"version":"TLSv1.2","ja3":"a795593605a13211941d44505b4d1e39","ja3s":"dd4b012f7a008e741554bd0a4ed12920","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}}}
00185{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":16,"source":"zoom.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_usec":1569520467785843}
00285{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1569520467785843,"packet_id":16,"source":"zoom.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_usec":1569520467785843}
00358{"packet_event_id":1,"packet_event_name":"packet","packet_id":16,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1569520466531926,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00755{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"zoom.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520467811636,"flow_src_last_pkt_time":1569520467811636,"flow_dst_last_pkt_time":1569520467811636,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569520467811636,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"62.149.152.153","src_port":54341,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"zoom.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1569520467811636,"flow_dst_last_pkt_time":1569520467811636,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"thread_ts_usec":1569520467811636,"pkt":"EBMx8Tl2KDc3AG3ICABFAABjAABAAEAGoUnAqAF1PpWYmdRFA+E5lpAkp\/QQcoAYEABEHgAAAQEICiWc1TCZh0dJFwMDACpAXTQxH2s8yyXvpDmREm16+\/VcNt\/x\/vlsIce1k7D8R+clMelpc+AJPCA="}
@@ -77,7 +77,7 @@
00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"zoom.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1569520469423595,"flow_dst_last_pkt_time":1569520469423595,"flow_idle_time":140000000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1569520469423595,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA4WycAAEABlHPAqAF1ov8mDgMDkd4AAAAARQAAPMGVQAAuEf\/wov8mDsCoAXUNl11fACgAAA=="}
00848{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"zoom.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520469423595,"flow_src_last_pkt_time":1569520469423595,"flow_dst_last_pkt_time":1569520469423595,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520469423595,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","l4_proto":"icmp","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":4.182005}}
00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"zoom.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_src_last_pkt_time":1569520469433729,"flow_dst_last_pkt_time":1569520469423595,"flow_idle_time":140000000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1569520469433729,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA4ZPoAAEABiqDAqAF1ov8mDgMDkd4AAAAARQAAPMGZQAAuEf\/sov8mDsCoAXUNl11fACgAAA=="}
00185{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":90,"source":"zoom.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_usec":1569520469782962}
00285{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1569520469782962,"packet_id":90,"source":"zoom.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_usec":1569520469782962}
00358{"packet_event_id":1,"packet_event_name":"packet","packet_id":90,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1569520469435439,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"zoom.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520469797670,"flow_src_last_pkt_time":1569520469797670,"flow_dst_last_pkt_time":1569520469797670,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":279,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":279,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520469797670,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00878{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"zoom.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1569520469797670,"flow_dst_last_pkt_time":1569520469797670,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"thread_ts_usec":1569520469797670,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzBkxAAEARcsXAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGABIog9sAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"}
@@ -164,7 +164,7 @@
00864{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":386,"source":"zoom.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520471748648,"flow_src_last_pkt_time":1569520471748648,"flow_dst_last_pkt_time":1569520471748648,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":107,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":107,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":107,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520471748648,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":58327,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Zoom","proto_id":"189","encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":395,"source":"zoom.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_src_last_pkt_time":1569520471748648,"flow_dst_last_pkt_time":1569520471780615,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_usec":1569520471780615,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA\/ukJAADURu4xtXqBjwKgBdSJh49cAK4mJAgABfUZNNf\/9ojRJXQ1tO1HolgBaDj4AegAqAAAAAAAAAAA="}
00514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":396,"source":"zoom.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_src_last_pkt_time":1569520471748648,"flow_dst_last_pkt_time":1569520471780643,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":21,"thread_ts_usec":1569520471780643,"pkt":"KDc3AG3IEBMx8Tl2CABFAAApukNAADURu6FtXqBjwKgBdSJh49cAFe6ZAwAAAAF2Ko10AFoOPgAAAAAA"}
00186{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":398,"source":"zoom.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_usec":1569520471784941}
00286{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":3,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1569520471784941,"packet_id":398,"source":"zoom.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_usec":1569520471784941}
00359{"packet_event_id":1,"packet_event_name":"packet","packet_id":398,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1569520471780865,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":425,"source":"zoom.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520471915269,"flow_src_last_pkt_time":1569520471915269,"flow_dst_last_pkt_time":1569520471915269,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":107,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":107,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":107,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520471915269,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":60620,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00638{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"zoom.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_src_last_pkt_time":1569520471915269,"flow_dst_last_pkt_time":1569520471915269,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":149,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":149,"pkt_l4_len":115,"thread_ts_usec":1569520471915269,"pkt":"EBMx8Tl2KDc3AG3ICABFAACHOsEAAEARb8bAqAF1bV6gY+zMImEAcx+TAQACgEJ0mpHOZDa3wq7Yfnt8kAAAAAAAAAACAHoA0QB6ANEAAABAz+pIvn76v2yDYA2gAvW2g1TH36+BBcgmmBwGC4A2voI37csLDeuB1cbZ5dS3SDby7ZAjUH7\/6+f4krtKebNFkQAAAAA="}
@@ -225,6 +225,6 @@
~~ total memory freed........: 6359928 bytes
~~ total allocations/frees...: 122637/122637
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 190 chars
~~ json string min len.......: 290 chars
~~ json string max len.......: 2387 chars
~~ json string avg len.......: 1288 chars
~~ json string avg len.......: 1338 chars

2
utils.c
View File

@@ -357,5 +357,5 @@ char const * get_nDPId_version(void)
#endif
"\n"
"(C) 2020-2022 Toni Uhlig\n"
"Please report BUGs to toni@impl.cc\n";
"Please report any BUG to toni@impl.cc\n";
}