scottk/nDPId
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/nDPId.git synced 2025-10-29 09:22:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

Split flow_packets_processed' into flow_src_packets_processed' and `flow_dst_packets_processed'.

Browse Source 
* no use for `flow_avg_l4_payload_len' -> removed
 * test/run_tests.sh does not fail if git-worktree's are used

Signed-off-by: lns <matzeton@googlemail.com>
This commit is contained in:
lns
2022-08-15 18:24:47 +02:00
parent 2cb2c86cb5
commit 905545487d
349 changed files with 29078 additions and 29048 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
nDPId-test.c
View File

@@ -279,6 +279,33 @@ error:
return NULL;
}
static enum nDPIsrvd_callback_return update_flow_packets_processed(struct nDPIsrvd_socket * const sock,
struct distributor_flow_user_data * const flow_stats)
{
struct nDPIsrvd_json_token const * const flow_total_packets_processed[FD_COUNT] = {
TOKEN_GET_SZ(sock, "flow_src_packets_processed"), TOKEN_GET_SZ(sock, "flow_dst_packets_processed")};
flow_stats->total_packets_processed = 0;
for (enum nDPId_flow_direction dir = 0; dir < FD_COUNT; ++dir)
{
if (flow_total_packets_processed[dir] != NULL)
{
nDPIsrvd_ull nmb = 0;
if (TOKEN_VALUE_TO_ULL(flow_total_packets_processed[dir], &nmb) != CONVERSION_OK)
{
return CALLBACK_ERROR;
}
if (flow_stats != NULL)
{
flow_stats->total_packets_processed += nmb;
}
}
}
return CALLBACK_OK;
}
static enum nDPIsrvd_callback_return distributor_json_callback(struct nDPIsrvd_socket * const sock,
struct nDPIsrvd_instance * const instance,
struct nDPIsrvd_thread_data * const thread_data,
@@ -373,6 +400,11 @@ static enum nDPIsrvd_callback_return distributor_json_callback(struct nDPIsrvd_s
global_stats->cur_idle_flows++;
global_stats->flow_end_count++;
thread_stats->flow_end_count++;
if (update_flow_packets_processed(sock, flow_stats) != CALLBACK_OK)
{
return CALLBACK_ERROR;
}
}
if (TOKEN_VALUE_EQUALS_SZ(flow_event_name, "idle") != 0)
{
@@ -380,6 +412,11 @@ static enum nDPIsrvd_callback_return distributor_json_callback(struct nDPIsrvd_s
global_stats->cur_idle_flows++;
global_stats->flow_idle_count++;
thread_stats->flow_idle_count++;
if (update_flow_packets_processed(sock, flow_stats) != CALLBACK_OK)
{
return CALLBACK_ERROR;
}
}
if (TOKEN_VALUE_EQUALS_SZ(flow_event_name, "detected") != 0)
{
@@ -420,23 +457,6 @@ static enum nDPIsrvd_callback_return distributor_json_callback(struct nDPIsrvd_s
return CALLBACK_ERROR;
}
struct nDPIsrvd_json_token const * const flow_total_packets_processed =
TOKEN_GET_SZ(sock, "flow_packets_processed");
if (flow_total_packets_processed != NULL)
{
nDPIsrvd_ull nmb = 0;
if (TOKEN_VALUE_TO_ULL(flow_total_packets_processed, &nmb) != CONVERSION_OK)
{
return CALLBACK_ERROR;
}
if (flow_stats != NULL)
{
flow_stats->total_packets_processed = nmb;
}
}
struct nDPIsrvd_json_token const * const flow_total_l4_payload_len =
TOKEN_GET_SZ(sock, "flow_tot_l4_payload_len");

28
nDPId.c
View File

@@ -95,6 +95,13 @@ enum nDPId_flow_state
FS_COUNT
};
enum nDPId_flow_direction
{
FD_SRC2DST = 0,
FD_DST2SRC = 1,
FD_COUNT
};
/*
* Minimal per-flow information required for flow mgmt and timeout handling.
*/
@@ -127,7 +134,7 @@ struct nDPId_flow_extended
uint16_t min_l4_payload_len;
uint16_t max_l4_payload_len;
unsigned long long int packets_processed;
unsigned long long int packets_processed[FD_COUNT];
uint64_t first_seen;
uint64_t last_flow_update;
@@ -1886,7 +1893,8 @@ static void jsonize_flow(struct nDPId_workflow * const workflow, struct nDPId_fl
ndpi_serialize_string_string(&workflow->ndpi_serializer,
"flow_state",
flow_state_name_table[flow_ext->flow_basic.state]);
ndpi_serialize_string_uint64(&workflow->ndpi_serializer, "flow_packets_processed", flow_ext->packets_processed);
ndpi_serialize_string_uint64(&workflow->ndpi_serializer, "flow_src_packets_processed", flow_ext->packets_processed[FD_SRC2DST]);
ndpi_serialize_string_uint64(&workflow->ndpi_serializer, "flow_dst_packets_processed", flow_ext->packets_processed[FD_DST2SRC]);
ndpi_serialize_string_uint64(&workflow->ndpi_serializer, "flow_first_seen", flow_ext->first_seen);
ndpi_serialize_string_uint64(&workflow->ndpi_serializer, "flow_last_seen", flow_ext->flow_basic.last_seen);
ndpi_serialize_string_uint64(&workflow->ndpi_serializer,
@@ -1895,11 +1903,6 @@ static void jsonize_flow(struct nDPId_workflow * const workflow, struct nDPId_fl
ndpi_serialize_string_uint64(&workflow->ndpi_serializer, "flow_min_l4_payload_len", flow_ext->min_l4_payload_len);
ndpi_serialize_string_uint64(&workflow->ndpi_serializer, "flow_max_l4_payload_len", flow_ext->max_l4_payload_len);
ndpi_serialize_string_uint64(&workflow->ndpi_serializer, "flow_tot_l4_payload_len", flow_ext->total_l4_payload_len);
ndpi_serialize_string_uint64(&workflow->ndpi_serializer,
"flow_avg_l4_payload_len",
(flow_ext->packets_processed > 0
? flow_ext->total_l4_payload_len / flow_ext->packets_processed
: 0));
ndpi_serialize_string_uint32(&workflow->ndpi_serializer, "midstream", flow_ext->flow_basic.tcp_is_midstream_flow);
ndpi_serialize_string_uint64(&workflow->ndpi_serializer, "thread_ts_msec", workflow->last_thread_time);
}
@@ -2195,7 +2198,7 @@ static void jsonize_packet_event(struct nDPId_reader_thread * const reader_threa
reader_thread->array_index);
return;
}
if (flow_ext->packets_processed > nDPId_options.max_packets_per_flow_to_send)
if (flow_ext->packets_processed[FD_SRC2DST] + flow_ext->packets_processed[FD_DST2SRC] > nDPId_options.max_packets_per_flow_to_send)
{
return;
}
@@ -2216,7 +2219,7 @@ static void jsonize_packet_event(struct nDPId_reader_thread * const reader_threa
if (event == PACKET_EVENT_PAYLOAD_FLOW)
{
ndpi_serialize_string_uint64(&workflow->ndpi_serializer, "flow_id", flow_ext->flow_id);
ndpi_serialize_string_uint64(&workflow->ndpi_serializer, "flow_packet_id", flow_ext->packets_processed);
ndpi_serialize_string_uint64(&workflow->ndpi_serializer, "flow_packet_id", flow_ext->packets_processed[FD_SRC2DST] + flow_ext->packets_processed[FD_DST2SRC]);
ndpi_serialize_string_uint64(&workflow->ndpi_serializer, "flow_last_seen", flow_ext->flow_basic.last_seen);
ndpi_serialize_string_uint64(&workflow->ndpi_serializer,
"flow_idle_time",
@@ -3067,6 +3070,7 @@ static void ndpi_process_packet(uint8_t * const args,
struct nDPId_reader_thread * const reader_thread = (struct nDPId_reader_thread *)args;
struct nDPId_workflow * workflow;
struct nDPId_flow_basic flow_basic = {};
enum nDPId_flow_direction direction;
size_t hashed_index;
void * tree_result;
@@ -3373,9 +3377,12 @@ static void ndpi_process_packet(uint8_t * const args,
flow_basic.hashval += flow_basic.l4_protocol + flow_basic.src_port + flow_basic.dst_port;
hashed_index = flow_basic.hashval % workflow->max_active_flows;
direction = FD_SRC2DST;
tree_result = ndpi_tfind(&flow_basic, &workflow->ndpi_flows_active[hashed_index], ndpi_workflow_node_cmp);
if (tree_result == NULL)
{
direction = FD_DST2SRC;
/* flow not found in btree: switch src <-> dst and try to find it again */
uint64_t orig_src_ip[2] = {flow_basic.src.v6.ip[0], flow_basic.src.v6.ip[1]};
uint64_t orig_dst_ip[2] = {flow_basic.dst.v6.ip[0], flow_basic.dst.v6.ip[1]};
@@ -3402,6 +3409,7 @@ static void ndpi_process_packet(uint8_t * const args,
if (tree_result == NULL)
{
/* flow still not found, must be new or midstream */
direction = FD_SRC2DST;
union nDPId_ip const * netmask = NULL;
union nDPId_ip const * subnet = NULL;
@@ -3581,7 +3589,7 @@ static void ndpi_process_packet(uint8_t * const args,
}
}
flow_to_process->flow_extended.packets_processed++;
flow_to_process->flow_extended.packets_processed[direction]++;
flow_to_process->flow_extended.total_l4_payload_len += l4_payload_len;
workflow->packets_processed++;
workflow->total_l4_payload_len += l4_payload_len;

16
schema/flow_event_schema.json
View File

@@ -9,14 +9,14 @@
"flow_event_name",
"flow_id",
"flow_state",
"flow_packets_processed",
"flow_src_packets_processed",
"flow_dst_packets_processed",
"flow_first_seen",
"flow_last_seen",
"flow_idle_time",
"flow_min_l4_payload_len",
"flow_max_l4_payload_len",
"flow_tot_l4_payload_len",
"flow_avg_l4_payload_len",
"l3_proto",
"l4_proto",
"midstream",
@@ -98,8 +98,13 @@
"minimum": 0,
"maximum": 292
},
"flow_packets_processed": {
"type": "number"
"flow_src_packets_processed": {
"type": "number",
"minimum": 0
},
"flow_dst_packets_processed": {
"type": "number",
"minimum": 0
},
"flow_max_packets": {
"type": "number",
@@ -126,9 +131,6 @@
"flow_tot_l4_payload_len": {
"type": "number"
},
"flow_avg_l4_payload_len": {
"type": "number"
},
"l3_proto": {
"type": "string",
"enum": [

1226
test/results/1kxun.pcap.out
View File

File diff suppressed because one or more lines are too long

10
test/results/443-chrome.pcap.out
View File

@@ -1,9 +1,9 @@
00461{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"443-chrome.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00550{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"443-chrome.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1581109434258}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"443-chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1581109434258,"flow_last_seen":1581109434258,"flow_idle_time":7580000,"flow_min_l4_payload_len":1440,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1440,"flow_avg_l4_payload_len":1440,"midstream":1,"thread_ts_msec":1581109434258,"l3_proto":"ip4","src_ip":"178.62.197.130","dst_ip":"192.168.1.13","src_port":443,"dst_port":53059,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"443-chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1581109434258,"flow_last_seen":1581109434258,"flow_idle_time":7580000,"flow_min_l4_payload_len":1440,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1440,"midstream":1,"thread_ts_msec":1581109434258,"l3_proto":"ip4","src_ip":"178.62.197.130","dst_ip":"192.168.1.13","src_port":443,"dst_port":53059,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
02424{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"443-chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1581109434258,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":1581109434258,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUL9xAADQG19GyPsWCwKgBDQG7z0OMwKr+Oj0RjoAQAfVXrQAAAQEICiUvy0seKwePAbBkhQkGDSwXAwMFJB7ULkZYT314CXk9r8PlYJygP344H6B+ItT1QydBOUTT\/6D31GPVzKtOQjSVxhbT8njy8fnLCF03csGz4\/Y1RkgUVmI84ERVBP7zbdzqFVMxHmkRU4146\/GYpGt09JudxRaBFBE6RH99GaIPOIBgIxL+lVzyEaqTle8b2ooKlmYXANwIghY6MzW7vfR0m2NAd4\/mImO8\/LyUCeGK0r\/puyNRW7lwQQMAmHKJdbXl9VyEWyHoVGg2V7UztPOOS9FaOf7PI0qXcHmQjpNhC3tUdKXBoA5lr9L4gV9TtzI0jsGqvB9N6GFz+qcMvQNu9oMflyIYBhNXeC+wMS3iHkbmb6YjZ1BITgZEep9Fizk45i3xCMymSmOsda0ujEX4jtgvxVvAdOobavQSODmvW7nF0r5t9e88tMuzTz7+vTqoOaJn4Q5qSGioRtcVHnLq2LNPOuGgbZaLvf8nOa3F\/fTzsfVgOnrof2PK7x6zJRR4iLtFUyiyV0abVTIHELfIYnSCf71pFYSlMWF1kbosbMAxw+8gDHb28maLs7wPXvpNMwUQmC5zWPLwG8e+Pf\/3nur0wrn5EOul2L1tr2PBCGM7nQJnzz+Ftab4qAnCKKMUrufRAVhXA6Ue6CMSRLYliOxzGRgmHVxorbbpx87m7XMCx1xGrv\/+sMpgjOYFPN80vjeb9Ar4xkocVQgWuuKpaWdNDznMzFzG0+H1ekKy8mE\/Y4uj8aty0rTxx\/RK0gYF2CUtsmGNskEzCWUbq5MAqcp05SHkAJHGGJeLVJYaWPvGXbFa5QHn9poomy6DBa+Zu\/J+olJwYCoT+frN77wk+XmgZEGX8LeovmjP4s1R+UbEFUsUMksh6m15XB\/oDSc43HBC0ZN2fBl+EVSpfPjbG\/eOyIfLCt5fbBfnhNgvommX5LE+2Hk1er+ly1V3Bk3SksoPHjYC3atFWwOW8i0ksy3cnSr3r7urFNldk3MU3+jnEXfTimw+aCW1vRMowhmfm8PlgjcufRfy+KbXvWvcglQ5SIZzkHbMTgRIVTH0rnzAvQa5V3qwPK10Uoz7qDIouhn\/mb\/ZISHF6mBR\/IXvmgdDxCQjDF0pzdpHGlijQnscX9IYmuALydf\/N95pDI1Ksot3SwlV+ToeoAcOu03ffeX9ZWtpGReoSSLBreVK2S9eOKb7ts0O5zIIo7KsqQiv\/vBgScz8WXOWpxQ\/yJVR5ay52w6EYcainLIU7Xbc\/tjzrhulig3U\/8LJroIUx7FTN+1M\/XXQgxU1xPwXfZVd2BCyLjPf3LnCxXwnRvsKpAN+jMhuodhLSF7CgHqc20YiiLhRoKoX9HTNFjjp4NCVuyybqoR14grCEsHZOU2qhA+8BZe5VlL7unSunUXcr1PeN9gM5Jq4MVqPdpyzDhvJpSxU3Hx+L1u56H6J0VrRo\/R6fO225uB9ZADFU\/E9+rLvS3XjVihQI4Xj3oV8Yz2DHOUB7myCSIfri88nrYevcoAQbwAgIH3ZuvMVV+F7spgWZOgjijLQs9AFYfhIg77XK7GhiJW4kT1GNIqN\/59u+gIdPmDuGurVucPbruilLRCDIsr+53Us+irmCwo\/E2YPbk4a0f3NX0k+rNo92g1D9wTfG3QFRXLoBVDcr2q9BeW0PVJsavNUQM+jFbQkjfp93AvyPnmEBcWXIT002jYiClr1Y1\/emkCZ90t5YN1lLX5fUvWWgwvQ8NqFZ2zWMZciPkbKDA3g3Y+AskVzW3FFBLqR77\/aXs+9FwMDBSQUQnjU3ptBoEOyx5s5g6C1C+gxkfWLgzLDV66R77tBk395nAfOwKbaxf02lWN9Kl7ER9qk1HP5doNJPo83hbomHGy3aIU4qtqfnGI\/DWje6wuZoh6zDMTlo3NI6IL\/slMBsWm6kBIHkYOp"}
00648{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1,"source":"443-chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1581109434258,"flow_last_seen":1581109434258,"flow_idle_time":7580000,"flow_min_l4_payload_len":1440,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1440,"flow_avg_l4_payload_len":1440,"midstream":1,"thread_ts_msec":1581109434258,"l3_proto":"ip4","src_ip":"178.62.197.130","dst_ip":"192.168.1.13","src_port":443,"dst_port":53059,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"443-chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1581109434258,"flow_last_seen":1581109434258,"flow_idle_time":7580000,"flow_min_l4_payload_len":1440,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1440,"flow_avg_l4_payload_len":1440,"midstream":1,"thread_ts_msec":1581109434258,"l3_proto":"ip4","src_ip":"178.62.197.130","dst_ip":"192.168.1.13","src_port":443,"dst_port":53059,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00652{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1,"source":"443-chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1581109434258,"flow_last_seen":1581109434258,"flow_idle_time":7580000,"flow_min_l4_payload_len":1440,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1440,"midstream":1,"thread_ts_msec":1581109434258,"l3_proto":"ip4","src_ip":"178.62.197.130","dst_ip":"192.168.1.13","src_port":443,"dst_port":53059,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
00596{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"443-chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1581109434258,"flow_last_seen":1581109434258,"flow_idle_time":7580000,"flow_min_l4_payload_len":1440,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1440,"midstream":1,"thread_ts_msec":1581109434258,"l3_proto":"ip4","src_ip":"178.62.197.130","dst_ip":"192.168.1.13","src_port":443,"dst_port":53059,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00555{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"443-chrome.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":1440,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_msec":1581109434258}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 1/1
@@ -13,8 +13,8 @@
~~ total active/idle flows...: 1/1
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6005154 bytes
~~ total memory freed........: 6005154 bytes
~~ total memory allocated....: 6005162 bytes
~~ total memory freed........: 6005162 bytes
~~ total allocations/frees...: 120878/120878
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 466 chars

18
test/results/443-curl.pcap.out
View File

@@ -1,13 +1,13 @@
00459{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"443-curl.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00548{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"443-curl.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1581113120474}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1581113120474,"flow_last_seen":1581113120474,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1581113120474,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1581113120474,"flow_last_seen":1581113120474,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1581113120474,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1581113120474,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1581113120474,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGAULAqAENsj7FgtjjAbvMd3aVAAAAALAC\/\/97wQAAAgQFtAEDAwUBAQgKHmJFtwAAAAAEAgAA"}
00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1581113120512,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1581113120512,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGDUayPsWCwKgBDQG72OOPktF9zHd2lqAS\/oj9JgAAAgQFrAQCCAolaAqTHmJFtwEDAwc="}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1581113120513,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1581113120513,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGAU7AqAENsj7FgtjjAbvMd3aWj5LRfoAQECwaIgAAAQEICh5iRd0laAqT"}
00841{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1581113120474,"flow_last_seen":1581113120522,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1581113120522,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00897{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1581113120474,"flow_last_seen":1581113120563,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1581113120563,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
01099{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1581113120474,"flow_last_seen":1581113120564,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3397,"flow_avg_l4_payload_len":485,"midstream":0,"thread_ts_msec":1581113120564,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","server_names":"www.ntop.org","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=www.ntop.org","alpn":"h2,http\/1.1","fingerprint":"DB:A7:E4:3E:6D:BB:21:AB:68:47:35:E8:0B:8F:15:DF:DB:C7:C9:6F"}}
00685{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":109,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":109,"flow_first_seen":1581113120474,"flow_last_seen":1581113121570,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":66816,"flow_avg_l4_payload_len":612,"midstream":0,"thread_ts_msec":1581113121570,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"}}
00846{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1581113120474,"flow_last_seen":1581113120522,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"midstream":0,"thread_ts_msec":1581113120522,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00902{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1581113120474,"flow_last_seen":1581113120563,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"midstream":0,"thread_ts_msec":1581113120563,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
01104{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1581113120474,"flow_last_seen":1581113120564,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3397,"midstream":0,"thread_ts_msec":1581113120564,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","server_names":"www.ntop.org","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=www.ntop.org","alpn":"h2,http\/1.1","fingerprint":"DB:A7:E4:3E:6D:BB:21:AB:68:47:35:E8:0B:8F:15:DF:DB:C7:C9:6F"}}
00690{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":109,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":51,"flow_dst_packets_processed":58,"flow_first_seen":1581113120474,"flow_last_seen":1581113121570,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":66816,"midstream":0,"thread_ts_msec":1581113121570,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"}}
00561{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":109,"source":"443-curl.pcap","alias":"nDPId-test","packets-captured":109,"packets-processed":109,"total-skipped-flows":0,"total-l4-payload-len":66816,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_msec":1581113121570}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 109/109
@@ -17,10 +17,10 @@
~~ total active/idle flows...: 1/1
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6011154 bytes
~~ total memory freed........: 6011154 bytes
~~ total memory allocated....: 6011162 bytes
~~ total memory freed........: 6011162 bytes
~~ total allocations/frees...: 120991/120991
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 464 chars
~~ json string max len.......: 1104 chars
~~ json string avg len.......: 765 chars
~~ json string max len.......: 1109 chars
~~ json string avg len.......: 767 chars

18
test/results/443-firefox.pcap.out
View File

@@ -1,13 +1,13 @@
00462{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"443-firefox.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00551{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"443-firefox.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1581109488041}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1581109488041,"flow_last_seen":1581109488041,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1581109488041,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1581109488041,"flow_last_seen":1581109488041,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1581109488041,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1581109488041,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1581109488041,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGAULAqAENsj7Fgs9oAbstYO2oAAAAALAC\/\/8dyQAAAgQFtAEDAwUBAQgKHivVZQAAAAAEAgAA"}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1581109488079,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1581109488079,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGDUayPsWCwKgBDQG7z2h4KhDzLWDtqaAS\/ojkXQAAAgQFrAQCCAolMJ2OHivVZQEDAwc="}
00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1581109488079,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1581109488079,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGAU7AqAENsj7Fgs9oAbstYO2peCoQ9IAQECwBWgAAAQEICh4r1YolMJ2O"}
00901{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1581109488041,"flow_last_seen":1581109488081,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1581109488081,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00963{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1581109488041,"flow_last_seen":1581109488123,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1581109488123,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"3653a20186a5b490426131a611e01992","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01165{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1581109488041,"flow_last_seen":1581109488123,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3397,"flow_avg_l4_payload_len":485,"midstream":0,"thread_ts_msec":1581109488123,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","server_names":"www.ntop.org","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"3653a20186a5b490426131a611e01992","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=www.ntop.org","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"DB:A7:E4:3E:6D:BB:21:AB:68:47:35:E8:0B:8F:15:DF:DB:C7:C9:6F"}}
00689{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":667,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":667,"flow_first_seen":1581109488041,"flow_last_seen":1581109496480,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":414073,"flow_avg_l4_payload_len":620,"midstream":0,"thread_ts_msec":1581109496480,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"}}
00906{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1581109488041,"flow_last_seen":1581109488081,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"midstream":0,"thread_ts_msec":1581109488081,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00968{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1581109488041,"flow_last_seen":1581109488123,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"midstream":0,"thread_ts_msec":1581109488123,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"3653a20186a5b490426131a611e01992","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01170{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1581109488041,"flow_last_seen":1581109488123,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3397,"midstream":0,"thread_ts_msec":1581109488123,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","server_names":"www.ntop.org","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"3653a20186a5b490426131a611e01992","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=www.ntop.org","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"DB:A7:E4:3E:6D:BB:21:AB:68:47:35:E8:0B:8F:15:DF:DB:C7:C9:6F"}}
00696{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":667,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":316,"flow_dst_packets_processed":351,"flow_first_seen":1581109488041,"flow_last_seen":1581109496480,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":414073,"midstream":0,"thread_ts_msec":1581109496480,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"}}
00565{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":667,"source":"443-firefox.pcap","alias":"nDPId-test","packets-captured":667,"packets-processed":667,"total-skipped-flows":0,"total-l4-payload-len":414073,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_msec":1581109496480}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 667/667
@@ -17,10 +17,10 @@
~~ total active/idle flows...: 1/1
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6027390 bytes
~~ total memory freed........: 6027390 bytes
~~ total memory allocated....: 6027398 bytes
~~ total memory freed........: 6027398 bytes
~~ total allocations/frees...: 121550/121550
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 467 chars
~~ json string max len.......: 1170 chars
~~ json string avg len.......: 798 chars
~~ json string max len.......: 1175 chars
~~ json string avg len.......: 801 chars

18
test/results/443-git.pcap.out
View File

@@ -1,13 +1,13 @@
00458{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"443-git.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00547{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"443-git.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1581113657633}
00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1581113657633,"flow_last_seen":1581113657633,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1581113657633,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1581113657633,"flow_last_seen":1581113657633,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1581113657633,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1581113657633,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1581113657633,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGeqzAqAENjFJyBNnAAbv0\/p5\/AAAAALAC\/\/+NzAAAAgQFtAEDAwUBAQgKHmpbwAAAAAAEAgAA"}
00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1581113657744,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1581113657744,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIGiLCMUnIEwKgBDQG72cCAzdDM9P6egKASb0C\/0wAAAgQFnAQCCAoOCxAaHmpbwAEDAwo="}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1581113657744,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1581113657744,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGerjAqAENjFJyBNnAAbv0\/p6AgM3QzYAQECpNNAAAAQEICh5qXC0OCxAa"}
00847{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1581113657633,"flow_last_seen":1581113657751,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1581113657751,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Github","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"github.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
00903{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1581113657633,"flow_last_seen":1581113657863,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1424,"flow_tot_l4_payload_len":1941,"flow_avg_l4_payload_len":388,"midstream":0,"thread_ts_msec":1581113657863,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Github","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"github.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
01207{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1581113657633,"flow_last_seen":1581113657863,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1424,"flow_tot_l4_payload_len":4067,"flow_avg_l4_payload_len":581,"midstream":0,"thread_ts_msec":1581113657863,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Github","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"github.com","server_names":"github.com,www.github.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=GitHub, Inc., CN=github.com","alpn":"http\/1.1","fingerprint":"CA:06:F5:6B:25:8B:7A:0D:4F:2B:05:47:09:39:47:86:51:15:19:84"}}
00694{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":70,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":70,"flow_first_seen":1581113657633,"flow_last_seen":1581113658456,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1424,"flow_tot_l4_payload_len":32585,"flow_avg_l4_payload_len":465,"midstream":0,"thread_ts_msec":1581113658456,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Github","breed":"Acceptable","category":"Collaborative"}}
00852{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1581113657633,"flow_last_seen":1581113657751,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"midstream":0,"thread_ts_msec":1581113657751,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Github","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"github.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
00908{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1581113657633,"flow_last_seen":1581113657863,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1424,"flow_tot_l4_payload_len":1941,"midstream":0,"thread_ts_msec":1581113657863,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Github","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"github.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
01212{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1581113657633,"flow_last_seen":1581113657863,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1424,"flow_tot_l4_payload_len":4067,"midstream":0,"thread_ts_msec":1581113657863,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Github","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"github.com","server_names":"github.com,www.github.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=GitHub, Inc., CN=github.com","alpn":"http\/1.1","fingerprint":"CA:06:F5:6B:25:8B:7A:0D:4F:2B:05:47:09:39:47:86:51:15:19:84"}}
00700{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":70,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":35,"flow_dst_packets_processed":35,"flow_first_seen":1581113657633,"flow_last_seen":1581113658456,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1424,"flow_tot_l4_payload_len":32585,"midstream":0,"thread_ts_msec":1581113658456,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Github","breed":"Acceptable","category":"Collaborative"}}
00557{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":70,"source":"443-git.pcap","alias":"nDPId-test","packets-captured":70,"packets-processed":70,"total-skipped-flows":0,"total-l4-payload-len":32585,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_msec":1581113658456}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 70/70
@@ -17,10 +17,10 @@
~~ total active/idle flows...: 1/1
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6013533 bytes
~~ total memory freed........: 6013533 bytes
~~ total memory allocated....: 6013541 bytes
~~ total memory freed........: 6013541 bytes
~~ total allocations/frees...: 120954/120954
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 463 chars
~~ json string max len.......: 1212 chars
~~ json string avg len.......: 811 chars
~~ json string max len.......: 1217 chars
~~ json string avg len.......: 814 chars

14
test/results/443-opvn.pcap.out
View File

@@ -1,11 +1,11 @@
00459{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"443-opvn.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00548{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"443-opvn.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1581153175528}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1581153175528,"flow_last_seen":1581153175528,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1581153175528,"l3_proto":"ip4","src_ip":"192.168.1.84","dst_ip":"192.12.192.103","src_port":52973,"dst_port":1194,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1581153175528,"flow_last_seen":1581153175528,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1581153175528,"l3_proto":"ip4","src_ip":"192.168.1.84","dst_ip":"192.12.192.103","src_port":52973,"dst_port":1194,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1581153175528,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1581153175528,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+EfAqAFUwAzAZ87tBKpga1quAAAAALAC\/\/\/PlAAAAgQFtAEDAwUBAQgKFg2AOQAAAAAEAgAA"}
00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1581153175550,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1581153175550,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADYGAkzADMBnwKgBVASqzu1gWZU1YGtar6AScSBwigAAAgQFrAQCCAocQO0VFg2AOQEDAwY="}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1581153175550,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1581153175550,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+FPAqAFUwAzAZ87tBKpga1qvYFmVNoAQECwALgAAAQEIChYNgE0cQO0V"}
00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1581153175528,"flow_last_seen":1581153176626,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1581153176626,"l3_proto":"ip4","src_ip":"192.168.1.84","dst_ip":"192.12.192.103","src_port":52973,"dst_port":1194,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"OpenVPN","breed":"Acceptable","category":"VPN"}}
00684{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":46,"source":"443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":46,"flow_first_seen":1581153175528,"flow_last_seen":1581153184491,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":8517,"flow_avg_l4_payload_len":185,"midstream":0,"thread_ts_msec":1581153184491,"l3_proto":"ip4","src_ip":"192.168.1.84","dst_ip":"192.12.192.103","src_port":52973,"dst_port":1194,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"OpenVPN","breed":"Acceptable","category":"VPN"}}
00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1581153175528,"flow_last_seen":1581153176626,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":100,"midstream":0,"thread_ts_msec":1581153176626,"l3_proto":"ip4","src_ip":"192.168.1.84","dst_ip":"192.12.192.103","src_port":52973,"dst_port":1194,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"OpenVPN","breed":"Acceptable","category":"VPN"}}
00690{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":46,"source":"443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":21,"flow_first_seen":1581153175528,"flow_last_seen":1581153184491,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":8517,"midstream":0,"thread_ts_msec":1581153184491,"l3_proto":"ip4","src_ip":"192.168.1.84","dst_ip":"192.12.192.103","src_port":52973,"dst_port":1194,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"OpenVPN","breed":"Acceptable","category":"VPN"}}
00556{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":46,"source":"443-opvn.pcap","alias":"nDPId-test","packets-captured":46,"packets-processed":46,"total-skipped-flows":0,"total-l4-payload-len":8517,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1581153184491}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 46/46
@@ -15,10 +15,10 @@
~~ total active/idle flows...: 1/1
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6006459 bytes
~~ total memory freed........: 6006459 bytes
~~ total memory allocated....: 6006467 bytes
~~ total memory freed........: 6006467 bytes
~~ total allocations/frees...: 120923/120923
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 464 chars
~~ json string max len.......: 689 chars
~~ json string avg len.......: 565 chars
~~ json string max len.......: 695 chars
~~ json string avg len.......: 568 chars

18
test/results/443-safari.pcap.out
View File

@@ -1,13 +1,13 @@
00461{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"443-safari.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00550{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"443-safari.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1581109359601}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1581109359601,"flow_last_seen":1581109359601,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1581109359601,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1581109359601,"flow_last_seen":1581109359601,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1581109359601,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1581109359601,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1581109359601,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGAULAqAENsj7Fgs8nAbvmgoUNAAAAALAC\/\/+6MQAAAgQFtAEDAwUBAQgKHinouAAAAAAEAgAA"}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1581109359639,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1581109359639,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGDUayPsWCwKgBDQG7zyeqmyMX5oKFDqAS\/ogx6QAAAgQFrAQCCAolLqfYHinouAEDAwc="}
00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1581109359639,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1581109359639,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGAU7AqAENsj7Fgs8nAbvmgoUOqpsjGIAQECxO5AAAAQEICh4p6N4lLqfY"}
00878{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1581109359601,"flow_last_seen":1581109359641,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1581109359641,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
00941{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1581109359601,"flow_last_seen":1581109359683,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1673,"flow_avg_l4_payload_len":278,"midstream":0,"thread_ts_msec":1581109359683,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"f9fcb52580329fb6a9b61d7542087b90","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
01143{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1581109359601,"flow_last_seen":1581109359683,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3113,"flow_avg_l4_payload_len":444,"midstream":0,"thread_ts_msec":1581109359683,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","server_names":"www.ntop.org","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"f9fcb52580329fb6a9b61d7542087b90","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=www.ntop.org","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"DB:A7:E4:3E:6D:BB:21:AB:68:47:35:E8:0B:8F:15:DF:DB:C7:C9:6F"}}
00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":41,"flow_first_seen":1581109359601,"flow_last_seen":1581109360696,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":17203,"flow_avg_l4_payload_len":419,"midstream":0,"thread_ts_msec":1581109360696,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"}}
00884{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1581109359601,"flow_last_seen":1581109359641,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"midstream":0,"thread_ts_msec":1581109359641,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
00946{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1581109359601,"flow_last_seen":1581109359683,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1673,"midstream":0,"thread_ts_msec":1581109359683,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"f9fcb52580329fb6a9b61d7542087b90","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
01148{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1581109359601,"flow_last_seen":1581109359683,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3113,"midstream":0,"thread_ts_msec":1581109359683,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","server_names":"www.ntop.org","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"f9fcb52580329fb6a9b61d7542087b90","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=www.ntop.org","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"DB:A7:E4:3E:6D:BB:21:AB:68:47:35:E8:0B:8F:15:DF:DB:C7:C9:6F"}}
00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":20,"flow_first_seen":1581109359601,"flow_last_seen":1581109360696,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":17203,"midstream":0,"thread_ts_msec":1581109360696,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"}}
00560{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":41,"source":"443-safari.pcap","alias":"nDPId-test","packets-captured":41,"packets-processed":41,"total-skipped-flows":0,"total-l4-payload-len":17203,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_msec":1581109360696}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 41/41
@@ -17,10 +17,10 @@
~~ total active/idle flows...: 1/1
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6009212 bytes
~~ total memory freed........: 6009212 bytes
~~ total memory allocated....: 6009220 bytes
~~ total memory freed........: 6009220 bytes
~~ total allocations/frees...: 120923/120923
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 466 chars
~~ json string max len.......: 1148 chars
~~ json string avg len.......: 787 chars
~~ json string max len.......: 1153 chars
~~ json string avg len.......: 789 chars

10
test/results/4in6tunnel.pcap.out
View File

@@ -1,11 +1,11 @@
00461{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"4in6tunnel.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00550{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"4in6tunnel.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1543235434019}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"4in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1543235434019,"flow_last_seen":1543235434019,"flow_idle_time":620000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1543235434019,"l3_proto":"ip6","src_ip":"22e0:1685:eda7:38cc:58bd:f3f1:aa3f:22d8","dst_ip":"344a:ba94:152a:ac34::2a","l4_proto":4,"flow_datalink":1,"flow_max_packets":3}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"4in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1543235434019,"flow_last_seen":1543235434019,"flow_idle_time":620000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"midstream":0,"thread_ts_msec":1543235434019,"l3_proto":"ip6","src_ip":"22e0:1685:eda7:38cc:58bd:f3f1:aa3f:22d8","dst_ip":"344a:ba94:152a:ac34::2a","l4_proto":4,"flow_datalink":1,"flow_max_packets":3}
00593{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"4in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1543235434019,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":154,"pkt_l4_len":52,"thread_ts_msec":1543235434019,"pkt":"AAECunaOAAAASfSHht1gAAAAADQEPyLgFoXtpzjMWL3z8ao\/Itg0SrqUFSqsNAAAAAAAAAAqRQAANHvwQAB\/BqsfwKgAAQoKCgH7xwG73+E+ggAAAACAAv\/\/fqUAAAIEBYQBAwMIAQEEAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"4in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1543235434019,"flow_last_seen":1543235434019,"flow_idle_time":620000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1543235434019,"l3_proto":"ip6","src_ip":"22e0:1685:eda7:38cc:58bd:f3f1:aa3f:22d8","dst_ip":"344a:ba94:152a:ac34::2a","l4_proto":4,"ndpi": {"confidence": {"6":"DPI"},"proto":"IP_in_IP","breed":"Acceptable","category":"Network"}}
00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"4in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1543235434019,"flow_last_seen":1543235434019,"flow_idle_time":620000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"midstream":0,"thread_ts_msec":1543235434019,"l3_proto":"ip6","src_ip":"22e0:1685:eda7:38cc:58bd:f3f1:aa3f:22d8","dst_ip":"344a:ba94:152a:ac34::2a","l4_proto":4,"ndpi": {"confidence": {"6":"DPI"},"proto":"IP_in_IP","breed":"Acceptable","category":"Network"}}
00594{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"4in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1543235434019,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":154,"pkt_l4_len":52,"thread_ts_msec":1543235434019,"pkt":"AAECunaOAAAASfSHht1gAAAAADQEPTRKupQVKqw0AAAAAAAAACoi4BaF7ac4zFi98\/GqPyLYRQAANEufQABhBvlwCgoKAcCoAAEBu\/vHAwzKjt\/hPoOAEv\/\/sQUAAAIEBXgBAwMIAQEEAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00874{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"4in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1543235434019,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":366,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":366,"pkt_l4_len":264,"thread_ts_msec":1543235434019,"pkt":"AAECunaOAAAASfSHht1gAAAAAQgEPyLgFoXtpzjMWL3z8ao\/Itg0SrqUFSqsNAAAAAAAAAAqRQABCHv3QAB\/BqpEwKgAAQoKCgH7xwG73+E+gwMMyo9QGAQA0icAABYDAwDbAQAA1wMDW5uXE0\/QFYUpkWO+HpgF5MI5wT9TQj14SroSH1Zl8oggjz8AALXLO9H2rxfCGsjqy7cU6\/NXDrPxEswgEUGVcfAAJsAswCvAMMAvwCTAI8AowCfACsAJwBTAEwCdAJwAPQA8ADUALwAKAQAAaAAAABEADwAADHd3dy5iaW5nLmNvbQAKAAgABgAdABcAGAALAAIBAAANABQAEgQBBQECAQQDBQMCAwICBgEGAwAjAAAAEAAOAAwCaDIIaHR0cC8xLjEAFwAAABgABgAKAwIBAP8BAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"4in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1543235434019,"flow_last_seen":1543235434019,"flow_idle_time":620000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":1412,"flow_tot_l4_payload_len":1780,"flow_avg_l4_payload_len":445,"midstream":0,"thread_ts_msec":1543235434019,"l3_proto":"ip6","src_ip":"22e0:1685:eda7:38cc:58bd:f3f1:aa3f:22d8","dst_ip":"344a:ba94:152a:ac34::2a","l4_proto":4,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IP_in_IP","breed":"Acceptable","category":"Network"}}
00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"4in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1543235434019,"flow_last_seen":1543235434019,"flow_idle_time":620000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":1412,"flow_tot_l4_payload_len":1780,"midstream":0,"thread_ts_msec":1543235434019,"l3_proto":"ip6","src_ip":"22e0:1685:eda7:38cc:58bd:f3f1:aa3f:22d8","dst_ip":"344a:ba94:152a:ac34::2a","l4_proto":4,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IP_in_IP","breed":"Acceptable","category":"Network"}}
00555{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"4in6tunnel.pcap","alias":"nDPId-test","packets-captured":4,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":1780,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1543235434019}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 4/4
@@ -15,8 +15,8 @@
~~ total active/idle flows...: 1/1
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6003193 bytes
~~ total memory freed........: 6003193 bytes
~~ total memory allocated....: 6003201 bytes
~~ total memory freed........: 6003201 bytes
~~ total allocations/frees...: 120880/120880
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 466 chars

10
test/results/6in4tunnel.pcap.out
View File

@@ -1,11 +1,11 @@
00461{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"6in4tunnel.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00550{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"6in4tunnel.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1444236893450}
00550{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"6in4tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444236893450,"flow_last_seen":1444236893450,"flow_idle_time":620000,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":104,"midstream":0,"thread_ts_msec":1444236893450,"l3_proto":"ip4","src_ip":"174.3.73.24","dst_ip":"184.105.255.26","l4_proto":41,"flow_datalink":1,"flow_max_packets":3}
00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"6in4tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444236893450,"flow_last_seen":1444236893450,"flow_idle_time":620000,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"midstream":0,"thread_ts_msec":1444236893450,"l3_proto":"ip4","src_ip":"174.3.73.24","dst_ip":"184.105.255.26","l4_proto":41,"flow_datalink":1,"flow_max_packets":3}
00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"6in4tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1444236893450,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_msec":1444236893450,"pkt":"ACKQ3jvZAAAkzoE0CABFAAB8tYFAAP8pFzeuA0kYuGn\/GmAAAAAAQDo\/IAEEcB8XAT8+lw7\/\/nNN7CYEqIAAAQAgAAAAAAIksAGAAOC9XY8BWl1OFVYAAAAAqN0GAAAAAAAQERITFBUWFxgZGhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3"}
00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"6in4tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1444236893555,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_msec":1444236893555,"pkt":"AAAkzoE0ACKQ3jvZCABFAAB8xlZAAPgpDWK4af8argNJGGAAAAAAQDo3JgSogAABACAAAAAAAiSwASABBHAfFwE\/PpcO\/\/5zTeyBAN+9XY8BWl1OFVYAAAAAqN0GAAAAAAAQERITFBUWFxgZGhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3"}
00652{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"6in4tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1444236894230,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":200,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":200,"pkt_l4_len":166,"thread_ts_msec":1444236894230,"pkt":"ACKQ3jvZAAAkzoE0CABFAAC6tdFAAP8pFqmuA0kYuGn\/GmAAAAAAfjpAIAEEcB8WAT8AAAAAAAAAAiYEqIAAAQAgAAAAAAIksAEBA9KAAAAAAGAAAAAATgY2JgSogAABACAAAAAAAiSwASABBHAfFwE\/JaMykhb5LOAD4exLUvt9fRlwFpiAGABJEPkAAAEBCAq0MT0ACHX6xhcDAwApoxPniAjxmmXGKxqxVV6nOvla9FPS7Dtl2rRDlmVhpOKK9OFyB\/XihP8="}
00569{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":32,"source":"6in4tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1444236893450,"flow_last_seen":1444236901127,"flow_idle_time":620000,"flow_min_l4_payload_len":72,"flow_max_l4_payload_len":1877,"flow_tot_l4_payload_len":6924,"flow_avg_l4_payload_len":216,"midstream":0,"thread_ts_msec":1444236901127,"l3_proto":"ip4","src_ip":"174.3.73.24","dst_ip":"184.105.255.26","l4_proto":41,"ndpi": {"proto":"Unknown","breed":"Unrated"}}
00607{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"6in4tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":127,"flow_first_seen":1444236893450,"flow_last_seen":1444236915586,"flow_idle_time":620000,"flow_min_l4_payload_len":72,"flow_max_l4_payload_len":1877,"flow_tot_l4_payload_len":35975,"flow_avg_l4_payload_len":283,"midstream":0,"thread_ts_msec":1444236915586,"l3_proto":"ip4","src_ip":"174.3.73.24","dst_ip":"184.105.255.26","l4_proto":41,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Unknown","breed":"Unrated"}}
00575{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":32,"source":"6in4tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1444236893450,"flow_last_seen":1444236901127,"flow_idle_time":620000,"flow_min_l4_payload_len":72,"flow_max_l4_payload_len":1877,"flow_tot_l4_payload_len":6924,"midstream":0,"thread_ts_msec":1444236901127,"l3_proto":"ip4","src_ip":"174.3.73.24","dst_ip":"184.105.255.26","l4_proto":41,"ndpi": {"proto":"Unknown","breed":"Unrated"}}
00612{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"6in4tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":66,"flow_dst_packets_processed":61,"flow_first_seen":1444236893450,"flow_last_seen":1444236915586,"flow_idle_time":620000,"flow_min_l4_payload_len":72,"flow_max_l4_payload_len":1877,"flow_tot_l4_payload_len":35975,"midstream":0,"thread_ts_msec":1444236915586,"l3_proto":"ip4","src_ip":"174.3.73.24","dst_ip":"184.105.255.26","l4_proto":41,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Unknown","breed":"Unrated"}}
00562{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":127,"source":"6in4tunnel.pcap","alias":"nDPId-test","packets-captured":127,"packets-processed":127,"total-skipped-flows":0,"total-l4-payload-len":35975,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1444236915586}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 127/127
@@ -15,8 +15,8 @@
~~ total active/idle flows...: 1/1
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6006760 bytes
~~ total memory freed........: 6006760 bytes
~~ total memory allocated....: 6006768 bytes
~~ total memory freed........: 6006768 bytes
~~ total allocations/frees...: 121003/121003
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 466 chars

20
test/results/6in6tunnel.pcap.out
View File

@@ -1,13 +1,13 @@
00461{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"6in6tunnel.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00550{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"6in6tunnel.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1335197872162}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"6in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1335197872162,"flow_last_seen":1335197872162,"flow_idle_time":620000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1335197872162,"l3_proto":"ip6","src_ip":"2001:4f8:4:7:2e0:81ff:fe52:ffff","dst_ip":"2001:4f8:4:7:2e0:81ff:fe52:9a6b","l4_proto":41,"flow_datalink":1,"flow_max_packets":3}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"6in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1335197872162,"flow_last_seen":1335197872162,"flow_idle_time":620000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"midstream":0,"thread_ts_msec":1335197872162,"l3_proto":"ip6","src_ip":"2001:4f8:4:7:2e0:81ff:fe52:ffff","dst_ip":"2001:4f8:4:7:2e0:81ff:fe52:9a6b","l4_proto":41,"flow_datalink":1,"flow_max_packets":3}
00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"6in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1335197872162,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":106,"pkt_l4_len":52,"thread_ts_msec":1335197872162,"pkt":"\/\/\/\/\/\/\/\/AAAAAAAAht1gAAAAADQpQCABBPgABAAHAuCB\/\/5S\/\/8gAQT4AAQABwLggf\/+UpprYAAAAAAMEUDerQAAAAAAAAAAAAAAAL7vyv4AAAAAAAAAAAAAAAC6vnUwMsgADIPSWFhYWA=="}
00541{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"6in6tunnel.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1335197872164,"flow_last_seen":1335197872164,"flow_idle_time":620000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1335197872164,"l3_proto":"ip6","src_ip":"feed::beef","dst_ip":"feed::cafe","l4_proto":41,"flow_datalink":1,"flow_max_packets":3}
00547{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"6in6tunnel.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1335197872164,"flow_last_seen":1335197872164,"flow_idle_time":620000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"midstream":0,"thread_ts_msec":1335197872164,"l3_proto":"ip6","src_ip":"feed::beef","dst_ip":"feed::cafe","l4_proto":41,"flow_datalink":1,"flow_max_packets":3}
00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"6in6tunnel.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1335197872164,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":106,"pkt_l4_len":52,"thread_ts_msec":1335197872164,"pkt":"\/\/\/\/\/\/\/\/AAAAAAAAht1gAAAAADQpQP7tAAAAAAAAAAAAAAAAvu\/+7QAAAAAAAAAAAAAAAMr+YAAAAAAMEUDerQAAAAAAAAAAAAAAAL7vyv4AAAAAAAAAAAAAAAC6vnUwMsgADIHQWVlZWQ=="}
00599{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2,"source":"6in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1335197872162,"flow_last_seen":1335197872162,"flow_idle_time":620000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1335197872164,"l3_proto":"ip6","src_ip":"2001:4f8:4:7:2e0:81ff:fe52:ffff","dst_ip":"2001:4f8:4:7:2e0:81ff:fe52:9a6b","l4_proto":41,"ndpi": {"proto":"Unknown","breed":"Unrated"}}
00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"6in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1335197872162,"flow_last_seen":1335197872162,"flow_idle_time":620000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1335197872164,"l3_proto":"ip6","src_ip":"2001:4f8:4:7:2e0:81ff:fe52:ffff","dst_ip":"2001:4f8:4:7:2e0:81ff:fe52:9a6b","l4_proto":41,"flow_datalink":1,"flow_max_packets":3}
00557{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2,"source":"6in6tunnel.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1335197872164,"flow_last_seen":1335197872164,"flow_idle_time":620000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1335197872164,"l3_proto":"ip6","src_ip":"feed::beef","dst_ip":"feed::cafe","l4_proto":41,"ndpi": {"proto":"Unknown","breed":"Unrated"}}
00542{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"6in6tunnel.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1335197872164,"flow_last_seen":1335197872164,"flow_idle_time":620000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1335197872164,"l3_proto":"ip6","src_ip":"feed::beef","dst_ip":"feed::cafe","l4_proto":41,"flow_datalink":1,"flow_max_packets":3}
00605{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2,"source":"6in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1335197872162,"flow_last_seen":1335197872162,"flow_idle_time":620000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"midstream":0,"thread_ts_msec":1335197872164,"l3_proto":"ip6","src_ip":"2001:4f8:4:7:2e0:81ff:fe52:ffff","dst_ip":"2001:4f8:4:7:2e0:81ff:fe52:9a6b","l4_proto":41,"ndpi": {"proto":"Unknown","breed":"Unrated"}}
00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"6in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1335197872162,"flow_last_seen":1335197872162,"flow_idle_time":620000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"midstream":0,"thread_ts_msec":1335197872164,"l3_proto":"ip6","src_ip":"2001:4f8:4:7:2e0:81ff:fe52:ffff","dst_ip":"2001:4f8:4:7:2e0:81ff:fe52:9a6b","l4_proto":41,"flow_datalink":1,"flow_max_packets":3}
00563{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2,"source":"6in6tunnel.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1335197872164,"flow_last_seen":1335197872164,"flow_idle_time":620000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"midstream":0,"thread_ts_msec":1335197872164,"l3_proto":"ip6","src_ip":"feed::beef","dst_ip":"feed::cafe","l4_proto":41,"ndpi": {"proto":"Unknown","breed":"Unrated"}}
00548{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"6in6tunnel.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1335197872164,"flow_last_seen":1335197872164,"flow_idle_time":620000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"midstream":0,"thread_ts_msec":1335197872164,"l3_proto":"ip6","src_ip":"feed::beef","dst_ip":"feed::cafe","l4_proto":41,"flow_datalink":1,"flow_max_packets":3}
00555{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"6in6tunnel.pcap","alias":"nDPId-test","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":104,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_msec":1335197872164}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 2/2
@@ -17,10 +17,10 @@
~~ total active/idle flows...: 2/2
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6004195 bytes
~~ total memory freed........: 6004195 bytes
~~ total memory allocated....: 6004211 bytes
~~ total memory freed........: 6004211 bytes
~~ total allocations/frees...: 120882/120882
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 466 chars
~~ json string max len.......: 604 chars
~~ json string avg len.......: 534 chars
~~ json string max len.......: 610 chars
~~ json string avg len.......: 537 chars

14
test/results/BGP_Cisco_hdlc_slarp.pcap.out
View File

@@ -1,11 +1,11 @@
00471{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00560{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1445156939131}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1445156939131,"flow_last_seen":1445156939131,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1445156939131,"l3_proto":"ip4","src_ip":"100.16.1.2","dst_ip":"100.16.1.1","src_port":18324,"dst_port":179,"l4_proto":"tcp","flow_datalink":9,"flow_max_packets":3}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1445156939131,"flow_last_seen":1445156939131,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1445156939131,"l3_proto":"ip4","src_ip":"100.16.1.2","dst_ip":"100.16.1.1","src_port":18324,"dst_port":179,"l4_proto":"tcp","flow_datalink":9,"flow_max_packets":3}
00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1445156939131,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":48,"pkt_l4_len":24,"thread_ts_msec":1445156939131,"pkt":"DwAIAEXAACz4kkAAAQa2VmQQAQJkEAEBR5QAs7zqddEAAAAAYAJAABMAAAACBAW0"}
00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1445156939145,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":48,"pkt_l4_len":24,"thread_ts_msec":1445156939145,"pkt":"DwAIAEXAACyvfwAAAQY\/amQQAQFkEAECALNHlBlZ03+86nXSYBJAACYWAAACBAW0"}
00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1445156939152,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":44,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":44,"pkt_l4_len":20,"thread_ts_msec":1445156939152,"pkt":"DwAIAEXAACj4k0AAAQa2WWQQAQJkEAEBR5QAs7zqddIZWdOAUBBAAD3TAAA="}
00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1445156939131,"flow_last_seen":1445156939152,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":57,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1445156939152,"l3_proto":"ip4","src_ip":"100.16.1.2","dst_ip":"100.16.1.1","src_port":18324,"dst_port":179,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"BGP","breed":"Acceptable","category":"Network"}}
00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":14,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1445156939131,"flow_last_seen":1445156989230,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":151,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1445156989230,"l3_proto":"ip4","src_ip":"100.16.1.2","dst_ip":"100.16.1.1","src_port":18324,"dst_port":179,"l4_proto":"tcp","flow_datalink":9,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"BGP","breed":"Acceptable","category":"Network"}}
00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1445156939131,"flow_last_seen":1445156939152,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":57,"midstream":0,"thread_ts_msec":1445156939152,"l3_proto":"ip4","src_ip":"100.16.1.2","dst_ip":"100.16.1.1","src_port":18324,"dst_port":179,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"BGP","breed":"Acceptable","category":"Network"}}
00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":14,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1445156939131,"flow_last_seen":1445156989230,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":151,"flow_tot_l4_payload_len":345,"midstream":0,"thread_ts_msec":1445156989230,"l3_proto":"ip4","src_ip":"100.16.1.2","dst_ip":"100.16.1.1","src_port":18324,"dst_port":179,"l4_proto":"tcp","flow_datalink":9,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"BGP","breed":"Acceptable","category":"Network"}}
00567{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","packets-captured":14,"packets-processed":14,"total-skipped-flows":0,"total-l4-payload-len":345,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1445156989230}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 14/14
@@ -15,10 +15,10 @@
~~ total active/idle flows...: 1/1
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6003483 bytes
~~ total memory freed........: 6003483 bytes
~~ total memory allocated....: 6003491 bytes
~~ total memory freed........: 6003491 bytes
~~ total allocations/frees...: 120890/120890
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 453 chars
~~ json string max len.......: 692 chars
~~ json string avg len.......: 561 chars
~~ json string max len.......: 697 chars
~~ json string avg len.......: 565 chars

14
test/results/BGP_redist.pcap.out
View File

@@ -2,10 +2,10 @@
00550{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"BGP_redist.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1256636836167}
00187{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":104,"packet_id":1,"source":"BGP_redist.pcap","alias":"nDPId-test","protocol":34887,"global_ts_msec":1256636836167}
00503{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"BGP_redist.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":163,"pkt_type":34887,"pkt_l3_offset":4,"pkt_l4_offset":0,"pkt_len":163,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"DwCIRwABLf5FwACbk8xAAP8G2sQCAgICBAQEBACz+C\/VqGxJPJL2UFAYP7QOoQAA\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/wBzAgAAAFxAAQECQAIAgAQEAAAAVkAFBAAAAGTAECAAAgBkAAAEVwAFAAAAAQIAgAAAAAAAAwCAAawQAgEAAIAOIQABgAwAAAAAAAAAAAICAgIAeAABkQAAAGQAAABkqgAAAA=="}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"BGP_redist.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1256636836167,"flow_last_seen":1256636836167,"flow_idle_time":7580000,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":115,"flow_avg_l4_payload_len":115,"midstream":1,"thread_ts_msec":1256636836167,"l3_proto":"ip4","src_ip":"2.2.2.2","dst_ip":"5.5.5.5","src_port":179,"dst_port":49433,"l4_proto":"tcp","flow_datalink":104,"flow_max_packets":3}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"BGP_redist.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1256636836167,"flow_last_seen":1256636836167,"flow_idle_time":7580000,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":115,"midstream":1,"thread_ts_msec":1256636836167,"l3_proto":"ip4","src_ip":"2.2.2.2","dst_ip":"5.5.5.5","src_port":179,"dst_port":49433,"l4_proto":"tcp","flow_datalink":104,"flow_max_packets":3}
00618{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"BGP_redist.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1256636836167,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":159,"pkt_l4_len":135,"thread_ts_msec":1256636836167,"pkt":"DwAIAEXAAJv\/w0AA\/gZtywICAgIFBQUFALPBGWeqNFC\/WbBkUBg\/x6y+AAD\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/AHMCAAAAXEABAQJAAgCABAQAAABWQAUEAAAAZMAQIAACAGQAAARXAAUAAAABAgCAAAAAAAADAIABrBACAQAAgA4hAAGADAAAAAAAAAAAAgICAgB4AAGRAAAAZAAAAGSqAAAA"}
00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"BGP_redist.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1256636836167,"flow_last_seen":1256636836167,"flow_idle_time":7580000,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":115,"flow_avg_l4_payload_len":115,"midstream":1,"thread_ts_msec":1256636836167,"l3_proto":"ip4","src_ip":"2.2.2.2","dst_ip":"5.5.5.5","src_port":179,"dst_port":49433,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"BGP","breed":"Acceptable","category":"Network"}}
00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"BGP_redist.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1256636836167,"flow_last_seen":1256636836167,"flow_idle_time":7580000,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":115,"flow_avg_l4_payload_len":115,"midstream":1,"thread_ts_msec":1256636836167,"l3_proto":"ip4","src_ip":"2.2.2.2","dst_ip":"5.5.5.5","src_port":179,"dst_port":49433,"l4_proto":"tcp","flow_datalink":104,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"BGP","breed":"Acceptable","category":"Network"}}
00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"BGP_redist.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1256636836167,"flow_last_seen":1256636836167,"flow_idle_time":7580000,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":115,"midstream":1,"thread_ts_msec":1256636836167,"l3_proto":"ip4","src_ip":"2.2.2.2","dst_ip":"5.5.5.5","src_port":179,"dst_port":49433,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"BGP","breed":"Acceptable","category":"Network"}}
00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"BGP_redist.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1256636836167,"flow_last_seen":1256636836167,"flow_idle_time":7580000,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":115,"midstream":1,"thread_ts_msec":1256636836167,"l3_proto":"ip4","src_ip":"2.2.2.2","dst_ip":"5.5.5.5","src_port":179,"dst_port":49433,"l4_proto":"tcp","flow_datalink":104,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"BGP","breed":"Acceptable","category":"Network"}}
00554{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"BGP_redist.pcap","alias":"nDPId-test","packets-captured":2,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":115,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1256636836167}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 2/1
@@ -15,10 +15,10 @@
~~ total active/idle flows...: 1/1
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6003106 bytes
~~ total memory freed........: 6003106 bytes
~~ total memory allocated....: 6003114 bytes
~~ total memory freed........: 6003114 bytes
~~ total allocations/frees...: 120877/120877
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 192 chars
~~ json string max len.......: 679 chars
~~ json string avg len.......: 427 chars
~~ json string max len.......: 684 chars
~~ json string avg len.......: 429 chars

194
test/results/EAQ.pcap.out
View File

@@ -1,91 +1,91 @@
00454{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"EAQ.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00543{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"EAQ.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1432820948562}
00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820948562,"flow_last_seen":1432820948562,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1432820948562,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.48","src_port":53497,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820948562,"flow_last_seen":1432820948562,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1432820948562,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.48","src_port":53497,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1432820948562,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1432820948562,"pkt":"ABoRAAACABoRAAABCABFAAA8xb9AAEAGRgEKCAABrcJ3MND5AFA4ezYlAAAAAKACOQisdgAAAgQFtAQCCAoABPOaAAAAAAEDAwQ="}
00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1432820948566,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432820948566,"pkt":"ABoRAAACABoRAAABCABFAAAoAAJAABAGO9OtwncwCggAAQBQ0PnHhMnaOHs2JlAS\/\/+vjAAA"}
00444{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1432820948569,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432820948569,"pkt":"ABoRAAACABoRAAABCABFAAAoxcBAAEAGRhQKCAABrcJ3MND5AFA4ezYmx4TJ21AQOQh2hQAA"}
00874{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820948562,"flow_last_seen":1432820948576,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1432820948576,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.48","src_port":53497,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"},"http": {"hostname":"www.google.com","url":"www.google.com\/","code":0,"content_type":"","user_agent":"test"}}
00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820948836,"flow_last_seen":1432820948836,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1432820948836,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.24","src_port":40467,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00880{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1432820948562,"flow_last_seen":1432820948576,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":100,"midstream":0,"thread_ts_msec":1432820948576,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.48","src_port":53497,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"},"http": {"hostname":"www.google.com","url":"www.google.com\/","code":0,"content_type":"","user_agent":"test"}}
00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820948836,"flow_last_seen":1432820948836,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1432820948836,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.24","src_port":40467,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1432820948836,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1432820948836,"pkt":"ABoRAAACABoRAAABCABFAAA8DwhAAEAG\/NAKCAABrcJ3GJ4TAFBXrfy9AAAAAKACOQj5jgAAAgQFtAQCCAoABPO1AAAAAAEDAwQ="}
00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1432820948837,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432820948837,"pkt":"ABoRAAACABoRAAABCABFAAAoAAZAABAGO+etwncYCggAAQBQnhOoUgNCV638vlAS\/\/\/iigAA"}
00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1432820948844,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432820948844,"pkt":"ABoRAAACABoRAAABCABFAAAoDwlAAEAG\/OMKCAABrcJ3GJ4TAFBXrfy+qFIDQ1AQOQipgwAA"}
00917{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820948836,"flow_last_seen":1432820948845,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1432820948845,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.24","src_port":40467,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"},"http": {"hostname":"www.google.com.br","url":"www.google.com.br\/?gfe_rd=cr&ei=1BxnVcP9OKKk8we50oDAAg","code":0,"content_type":"","user_agent":"test"}}
00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820949586,"flow_last_seen":1432820949586,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432820949586,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.185.138.146","src_port":52257,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00923{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1432820948836,"flow_last_seen":1432820948845,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"midstream":0,"thread_ts_msec":1432820948845,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.24","src_port":40467,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"},"http": {"hostname":"www.google.com.br","url":"www.google.com.br\/?gfe_rd=cr&ei=1BxnVcP9OKKk8we50oDAAg","code":0,"content_type":"","user_agent":"test"}}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820949586,"flow_last_seen":1432820949586,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432820949586,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.185.138.146","src_port":52257,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1432820949586,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1432820949586,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3WwKCAAByLmKkswhF3AAGNX0AAAAAAAADdoAAUsHAACQAA=="}
00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1432820949685,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1432820949685,"pkt":"ABoRAAACABoRAAABCABFAAAsAAxAABARDWHIuYqSCggAARdwzCEAGAX1AAAAAAAADdoAAUsHAABgAA=="}
00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820949685,"flow_last_seen":1432820949685,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432820949685,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.185.125.226","src_port":48890,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820949685,"flow_last_seen":1432820949685,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432820949685,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.185.125.226","src_port":48890,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1432820949685,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1432820949685,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR6hwKCAAByLl94r76F3AAGKD\/AAAAAAAADdoAAZnTAACQAA=="}
00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1432820949735,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1432820949735,"pkt":"ABoRAAACABoRAAABCABFAAAsAA1AABARGhDIuX3iCggAARdwvvoAGND\/AAAAAAAADdoAAZnTAABgAA=="}
00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820949735,"flow_last_seen":1432820949735,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432820949735,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.67","src_port":51569,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820949735,"flow_last_seen":1432820949735,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432820949735,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.67","src_port":51569,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1432820949735,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1432820949735,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR07IKCAAByMKUQ8lxF3AAGL5HAAAAAAAADdoAAlupAACQAA=="}
00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1432820949806,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1432820949806,"pkt":"ABoRAAACABoRAAABCABFAAAsAA5AABARA6XIwpRDCggAARdwyXEAGO5HAAAAAAAADdoAAlupAABgAA=="}
00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820949806,"flow_last_seen":1432820949806,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432820949806,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820949806,"flow_last_seen":1432820949806,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432820949806,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1432820949806,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1432820949806,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR2rMKCAAByMKNQqHeF3AAGGTWAAAAAAAADdoAAuOuAACQAA=="}
00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820950801,"flow_last_seen":1432820950801,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432820950801,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.66","src_port":42620,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820950801,"flow_last_seen":1432820950801,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432820950801,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.66","src_port":42620,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1432820950801,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1432820950801,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR07MKCAAByMKUQqZ8F3AAGJCGAAAAAAAADdoABKxeAACQAA=="}
00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1432820950865,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1432820950865,"pkt":"ABoRAAACABoRAAABCABFAAAsAA9AABARA6XIwpRCCggAARdwpnwAGMCGAAAAAAAADdoABKxeAABgAA=="}
00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820950865,"flow_last_seen":1432820950865,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432820950865,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.68","src_port":43641,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820950865,"flow_last_seen":1432820950865,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432820950865,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.68","src_port":43641,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1432820950865,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1432820950865,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR07EKCAAByMKURKp5F3AAGGvdAAAAAAAADdoABM0IAACQAA=="}
00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1432820950935,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1432820950935,"pkt":"ABoRAAACABoRAAABCABFAAAsABBAABARA6LIwpRECggAARdwqnkAGJvdAAAAAAAADdoABM0IAABgAA=="}
00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":35,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820950935,"flow_last_seen":1432820950935,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432820950935,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":35,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820950935,"flow_last_seen":1432820950935,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432820950935,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1432820950935,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1432820950935,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR2rEKCAAByMKNRId\/F3AAGLKfAAAAAAAADdoABbA\/AACQAA=="}
00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820951932,"flow_last_seen":1432820951932,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432820951932,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820951932,"flow_last_seen":1432820951932,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432820951932,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1432820951932,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1432820951932,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3rIKCAAByMKJQ5k1F3AAGJu8AAAAAAAADdoABbltAACQAA=="}
00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820952931,"flow_last_seen":1432820952931,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432820952931,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820952931,"flow_last_seen":1432820952931,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432820952931,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1432820952931,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1432820952931,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3rMKCAAByMKJQtBqF3AAGDyZAAAAAAAADdoABeFcAACQAA=="}
00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820953931,"flow_last_seen":1432820953931,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432820953931,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820953931,"flow_last_seen":1432820953931,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432820953931,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1432820953931,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1432820953931,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3rEKCAAByMKJROo3F3AAGP9hAAAAAAAADdoABgTEAACQAA=="}
00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820954931,"flow_last_seen":1432820954931,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432820954931,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820954931,"flow_last_seen":1432820954931,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432820954931,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1432820954931,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1432820954931,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR5rIKCAAByMKBQ5RhF3AAGAf9AAAAAAAADdoABloAAACQAA=="}
00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820955933,"flow_last_seen":1432820955933,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432820955933,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820955933,"flow_last_seen":1432820955933,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432820955933,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1432820955933,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1432820955933,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR5rMKCAAByMKBQr4aF3AAGNz1AAAAAAAADdoABltPAACQAA=="}
00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820956931,"flow_last_seen":1432820956931,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432820956931,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820956931,"flow_last_seen":1432820956931,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432820956931,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1432820956931,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1432820956931,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR5rEKCAAByMKBRLpiF3AAGMFvAAAAAAAADdoABnqLAACQAA=="}
00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820957932,"flow_last_seen":1432820957932,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432820957932,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.66","src_port":43979,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820957932,"flow_last_seen":1432820957932,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432820957932,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.66","src_port":43979,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1432820957932,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1432820957932,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR47MKCAAByMKEQqvLF3AAGKK2AAAAAAAADdoABqTdAACQAA=="}
00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1432820957985,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1432820957985,"pkt":"ABoRAAACABoRAAABCABFAAAsABFAABARE6PIwoRCCggAARdwq8sAGNK2AAAAAAAADdoABqTdAABgAA=="}
00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820957985,"flow_last_seen":1432820957985,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432820957985,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820957985,"flow_last_seen":1432820957985,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432820957985,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1432820957985,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1432820957985,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR2rIKCAAByMKNQ72zF3AAGIZAAAAAAAAADdoABqZqAACQAA=="}
00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820958981,"flow_last_seen":1432820958981,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432820958981,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.67","src_port":39185,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820958981,"flow_last_seen":1432820958981,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432820958981,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.67","src_port":39185,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1432820958981,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1432820958981,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR47IKCAAByMKEQ5kRF3AAGEQwAAAAAAAADdoABxYcAACQAA=="}
00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1432820959035,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1432820959035,"pkt":"ABoRAAACABoRAAABCABFAAAsABJAABARE6HIwoRDCggAARdwmREAGHQwAAAAAAAADdoABxYcAABgAA=="}
00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":47,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820959035,"flow_last_seen":1432820959035,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432820959035,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.68","src_port":52726,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":47,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820959035,"flow_last_seen":1432820959035,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432820959035,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.68","src_port":52726,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1432820959035,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1432820959035,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR47EKCAAByMKERM32F3AAGHB\/AAAAAAAADdoAB7TmAACQAA=="}
00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1432820959095,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1432820959095,"pkt":"ABoRAAACABoRAAABCABFAAAsABNAABARE5\/IwoRECggAARdwzfYAGKB\/AAAAAAAADdoAB7TmAABgAA=="}
00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820959095,"flow_last_seen":1432820959095,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432820959095,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820959095,"flow_last_seen":1432820959095,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432820959095,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1432820959095,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1432820959095,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4rMKCAAByMKFQttAF3AAGDoLAAAAAAAADdoAB90SAACQAA=="}
00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820960101,"flow_last_seen":1432820960101,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432820960101,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.67","src_port":57004,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820960101,"flow_last_seen":1432820960101,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432820960101,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.67","src_port":57004,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1432820960101,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1432820960101,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4rIKCAAByMKFQ96sF3AAGBIjAAAAAAAADdoACAGNAACQAA=="}
00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":51,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820961101,"flow_last_seen":1432820961101,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432820961101,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.68","src_port":53059,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":51,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820961101,"flow_last_seen":1432820961101,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432820961101,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.68","src_port":53059,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1432820961101,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1432820961101,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4rEKCAAByMKFRM9DF3AAGAmjAAAAAAAADdoACRl0AACQAA=="}
00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":52,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820962101,"flow_last_seen":1432820962101,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432820962101,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.66","src_port":36552,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":52,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820962101,"flow_last_seen":1432820962101,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432820962101,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.66","src_port":36552,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1432820962101,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1432820962101,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR37MKCAAByMKIQo7IF3AAGEXvAAAAAAAADdoACRqlAACQAA=="}
00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820963101,"flow_last_seen":1432820963101,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432820963101,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.68","src_port":43934,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820963101,"flow_last_seen":1432820963101,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432820963101,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.68","src_port":43934,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1432820963101,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1432820963101,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR37EKCAAByMKIRKueF3AAGMqYAAAAAAAADdoADHkgAACQAA=="}
00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":54,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820964101,"flow_last_seen":1432820964101,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432820964101,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.66","src_port":47346,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":54,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820964101,"flow_last_seen":1432820964101,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432820964101,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.66","src_port":47346,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1432820964101,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1432820964101,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4bMKCAAByMKGQrjyF3AAGL1eAAAAAAAADdoADHsIAACQAA=="}
00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820965101,"flow_last_seen":1432820965101,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432820965101,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.68","src_port":59098,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820965101,"flow_last_seen":1432820965101,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432820965101,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.68","src_port":59098,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1432820965101,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1432820965101,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4bEKCAAByMKGRObaF3AAGI6AAAAAAAAADdoADHv8AACQAA=="}
00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820966101,"flow_last_seen":1432820966101,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432820966101,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.67","src_port":50175,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820966101,"flow_last_seen":1432820966101,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432820966101,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.67","src_port":50175,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1432820966101,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1432820966101,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR0rIKCAAByMKVQ8P\/F3AAGKGGAAAAAAAADdoADHzSAACQAA=="}
00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820967101,"flow_last_seen":1432820967101,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432820967101,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.68","src_port":36577,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820967101,"flow_last_seen":1432820967101,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432820967101,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.68","src_port":36577,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1432820967101,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1432820967101,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR0rEKCAAByMKVRI7hF3AAGNXsAAAAAAAADdoADH2JAACQAA=="}
00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820968101,"flow_last_seen":1432820968101,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432820968101,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.67","src_port":60013,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820968101,"flow_last_seen":1432820968101,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432820968101,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.67","src_port":60013,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1432820968101,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1432820968101,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR37IKCAAByMKIQ+ptF3AAGIaLAAAAAAAADdoADH5fAACQAA=="}
00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820969101,"flow_last_seen":1432820969101,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432820969101,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.66","src_port":33356,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820969101,"flow_last_seen":1432820969101,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432820969101,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.66","src_port":33356,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1432820969101,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1432820969101,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR0rMKCAAByMKVQoJMF3AAGKbHAAAAAAAADdoADrlDAACQAA=="}
00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":60,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820970111,"flow_last_seen":1432820970111,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432820970111,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.67","src_port":40058,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":60,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820970111,"flow_last_seen":1432820970111,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432820970111,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.67","src_port":40058,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1432820970111,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1432820970111,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4bIKCAAByMKGQ5x6F3AAGJpnAAAAAAAADdoADrp0AACQAA=="}
00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1432820971111,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1432820971111,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3WwKCAAByLmKkswhF3AAGNRlAAAAAQAADdsAAUyUAACQAA=="}
00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820949586,"flow_last_seen":1432820971175,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432820971175,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.185.138.146","src_port":52257,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1432820949586,"flow_last_seen":1432820971175,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"midstream":0,"thread_ts_msec":1432820971175,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.185.138.146","src_port":52257,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1432820971175,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1432820971175,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR6hwKCAAByLl94r76F3AAGJ\/qAAAAAQAADdsAAZrmAACQAA=="}
00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820949685,"flow_last_seen":1432820971265,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432820971265,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.185.125.226","src_port":48890,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1432820949685,"flow_last_seen":1432820971265,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"midstream":0,"thread_ts_msec":1432820971265,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.185.125.226","src_port":48890,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1432820971265,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1432820971265,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR07IKCAAByMKUQ8lxF3AAGL1RAAAAAQAADdsAAlydAACQAA=="}
00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820949735,"flow_last_seen":1432820971335,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432820971335,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.67","src_port":51569,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1432820949735,"flow_last_seen":1432820971335,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"midstream":0,"thread_ts_msec":1432820971335,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.67","src_port":51569,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1432820971335,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1432820971335,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR07MKCAAByMKUQqZ8F3AAGKzSAAAAAQAADdsABZAPAACQAA=="}
00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820950801,"flow_last_seen":1432820971405,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432820971405,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.66","src_port":42620,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1432820950801,"flow_last_seen":1432820971405,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"midstream":0,"thread_ts_msec":1432820971405,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.66","src_port":42620,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1432820971406,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1432820971406,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR07EKCAAByMKURKp5F3AAGJfzAAAAAQAADdsABqDuAACQAA=="}
00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820950865,"flow_last_seen":1432820971475,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432820971475,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.68","src_port":43641,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1432820950865,"flow_last_seen":1432820971475,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"midstream":0,"thread_ts_msec":1432820971475,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.68","src_port":43641,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1432820971475,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1432820971475,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR2rMKCAAByMKNQqHeF3AAGIJFAAAAAQAADdwAAsY8AACQAA=="}
00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1432820972471,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1432820972471,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR2rEKCAAByMKNRId\/F3AAGLwmAAAAAQAADdwABaa1AACQAA=="}
00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1432820973471,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1432820973471,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3rIKCAAByMKJQ5k1F3AAGK1eAAAAAQAADdwABafIAACQAA=="}
@@ -95,12 +95,12 @@
00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1432820977471,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1432820977471,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR5rMKCAAByMKBQr4aF3AAGPN5AAAAAQAADdwABkTIAACQAA=="}
00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1432820978471,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1432820978471,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR5rEKCAAByMKBRLpiF3AAGNEoAAAAAQAADdwABmrPAACQAA=="}
00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1432820979471,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1432820979471,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR47MKCAAByMKEQqvLF3AAGLWJAAAAAQAADdwABpIHAACQAA=="}
00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":80,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820957932,"flow_last_seen":1432820979565,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432820979565,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.66","src_port":43979,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":80,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1432820957932,"flow_last_seen":1432820979565,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"midstream":0,"thread_ts_msec":1432820979565,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.66","src_port":43979,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1432820979565,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1432820979565,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR2rIKCAAByMKNQ72zF3AAGJmsAAAAAQAADdwABpL7AACQAA=="}
00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1432820980561,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1432820980561,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR47IKCAAByMKEQ5kRF3AAGFMTAAAAAQAADdwABwc2AACQAA=="}
00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820958981,"flow_last_seen":1432820980615,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432820980615,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.67","src_port":39185,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1432820958981,"flow_last_seen":1432820980615,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"midstream":0,"thread_ts_msec":1432820980615,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.67","src_port":39185,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1432820980615,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1432820980615,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR47EKCAAByMKERM32F3AAGHylAAAAAQAADdwAB6i9AACQAA=="}
00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":85,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820959035,"flow_last_seen":1432820980685,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432820980685,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.68","src_port":52726,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":85,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1432820959035,"flow_last_seen":1432820980685,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"midstream":0,"thread_ts_msec":1432820980685,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.68","src_port":52726,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1432820980685,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1432820980685,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4rMKCAAByMKFQttAF3AAGE3SAAAAAQAADdwAB8lIAACQAA=="}
00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1432820981681,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1432820981681,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4rIKCAAByMKFQ96sF3AAGCMsAAAAAQAADdwAB\/CBAACQAA=="}
00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1432820982681,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1432820982681,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4rEKCAAByMKFRM9DF3AAGCE7AAAAAQAADdwACQHZAACQAA=="}
@@ -134,58 +134,58 @@
00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":132,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":1432821011311,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1432821011311,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR37IKCAAByMKIQ+ptF3AAGKMiAAAAAgAADd4ADGHCAACQAA=="}
00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":1432821012311,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1432821012311,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR0rMKCAAByMKVQoJMF3AAGLfNAAAAAgAADd4ADqg3AACQAA=="}
00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":134,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_last_seen":1432821013311,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1432821013311,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4bIKCAAByMKGQ5x6F3AAGKtOAAAAAgAADd4ADqmHAACQAA=="}
00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":145,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820949806,"flow_last_seen":1432821014655,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821014655,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":146,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820950935,"flow_last_seen":1432821015651,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821015651,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":147,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820951932,"flow_last_seen":1432821016651,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821016651,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":148,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820952931,"flow_last_seen":1432821017651,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821017651,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":149,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820953931,"flow_last_seen":1432821018651,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821018651,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":150,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820954931,"flow_last_seen":1432821019651,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821019651,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820955933,"flow_last_seen":1432821020651,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821020651,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":152,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820956931,"flow_last_seen":1432821021652,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821021652,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":155,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820957985,"flow_last_seen":1432821022695,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821022695,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":160,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820959095,"flow_last_seen":1432821023795,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821023795,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":161,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820960101,"flow_last_seen":1432821024791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821024791,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.67","src_port":57004,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":162,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820962101,"flow_last_seen":1432821025791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821025791,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.66","src_port":36552,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":163,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820961101,"flow_last_seen":1432821026791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821026791,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.68","src_port":53059,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":164,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820963101,"flow_last_seen":1432821027791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821027791,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.68","src_port":43934,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":165,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820964101,"flow_last_seen":1432821028791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821028791,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.66","src_port":47346,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":166,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820965101,"flow_last_seen":1432821029791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821029791,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.68","src_port":59098,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820966101,"flow_last_seen":1432821030791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821030791,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.67","src_port":50175,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":168,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820967101,"flow_last_seen":1432821031791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821031791,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.68","src_port":36577,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":169,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820968101,"flow_last_seen":1432821032791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821032791,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.67","src_port":60013,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":170,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820969101,"flow_last_seen":1432821033791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821033791,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.66","src_port":33356,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820970111,"flow_last_seen":1432821034791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821034791,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.67","src_port":40058,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820957985,"flow_last_seen":1432821044555,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1432820959035,"flow_last_seen":1432821045664,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.68","src_port":52726,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1432820949685,"flow_last_seen":1432821035985,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.185.125.226","src_port":48890,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820955933,"flow_last_seen":1432821042151,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1432820950801,"flow_last_seen":1432821036105,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.66","src_port":42620,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1432820960101,"flow_last_seen":1432821024791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.67","src_port":57004,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1432820962101,"flow_last_seen":1432821025791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.66","src_port":36552,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00808{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1432820948836,"flow_last_seen":1432820949347,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2764,"flow_tot_l4_payload_len":9813,"flow_avg_l4_payload_len":700,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.24","src_port":40467,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"}}
00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1432820965101,"flow_last_seen":1432821029791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.68","src_port":59098,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1432820967101,"flow_last_seen":1432821031791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.68","src_port":36577,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1432820961101,"flow_last_seen":1432821026791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.68","src_port":53059,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820950935,"flow_last_seen":1432821037152,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820952931,"flow_last_seen":1432821039151,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1432820964101,"flow_last_seen":1432821028791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.66","src_port":47346,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1432820958981,"flow_last_seen":1432821045604,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.67","src_port":39185,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820951932,"flow_last_seen":1432821038152,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1432820949735,"flow_last_seen":1432821036045,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.67","src_port":51569,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1432820948562,"flow_last_seen":1432820948767,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":548,"flow_tot_l4_payload_len":648,"flow_avg_l4_payload_len":72,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.48","src_port":53497,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"}}
00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820949806,"flow_last_seen":1432821036155,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820953931,"flow_last_seen":1432821040151,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1432820969101,"flow_last_seen":1432821033791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.66","src_port":33356,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820956931,"flow_last_seen":1432821043151,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1432820968101,"flow_last_seen":1432821032791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.67","src_port":60013,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1432820950865,"flow_last_seen":1432821036155,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.68","src_port":43641,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1432820949586,"flow_last_seen":1432821035895,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.185.138.146","src_port":52257,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820959095,"flow_last_seen":1432821045664,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1432820963101,"flow_last_seen":1432821027791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.68","src_port":43934,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1432820957932,"flow_last_seen":1432821044555,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.66","src_port":43979,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1432820966101,"flow_last_seen":1432821030791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.67","src_port":50175,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820954931,"flow_last_seen":1432821041151,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1432820970111,"flow_last_seen":1432821034791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.67","src_port":40058,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":145,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1432820949806,"flow_last_seen":1432821014655,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"midstream":0,"thread_ts_msec":1432821014655,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":146,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1432820950935,"flow_last_seen":1432821015651,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"midstream":0,"thread_ts_msec":1432821015651,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":147,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1432820951932,"flow_last_seen":1432821016651,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"midstream":0,"thread_ts_msec":1432821016651,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":148,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1432820952931,"flow_last_seen":1432821017651,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"midstream":0,"thread_ts_msec":1432821017651,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":149,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1432820953931,"flow_last_seen":1432821018651,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"midstream":0,"thread_ts_msec":1432821018651,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":150,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1432820954931,"flow_last_seen":1432821019651,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"midstream":0,"thread_ts_msec":1432821019651,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1432820955933,"flow_last_seen":1432821020651,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"midstream":0,"thread_ts_msec":1432821020651,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":152,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1432820956931,"flow_last_seen":1432821021652,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"midstream":0,"thread_ts_msec":1432821021652,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":155,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1432820957985,"flow_last_seen":1432821022695,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"midstream":0,"thread_ts_msec":1432821022695,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":160,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1432820959095,"flow_last_seen":1432821023795,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"midstream":0,"thread_ts_msec":1432821023795,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":161,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1432820960101,"flow_last_seen":1432821024791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"midstream":0,"thread_ts_msec":1432821024791,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.67","src_port":57004,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":162,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1432820962101,"flow_last_seen":1432821025791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"midstream":0,"thread_ts_msec":1432821025791,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.66","src_port":36552,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":163,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1432820961101,"flow_last_seen":1432821026791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"midstream":0,"thread_ts_msec":1432821026791,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.68","src_port":53059,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":164,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1432820963101,"flow_last_seen":1432821027791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"midstream":0,"thread_ts_msec":1432821027791,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.68","src_port":43934,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":165,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1432820964101,"flow_last_seen":1432821028791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"midstream":0,"thread_ts_msec":1432821028791,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.66","src_port":47346,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":166,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1432820965101,"flow_last_seen":1432821029791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"midstream":0,"thread_ts_msec":1432821029791,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.68","src_port":59098,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1432820966101,"flow_last_seen":1432821030791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"midstream":0,"thread_ts_msec":1432821030791,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.67","src_port":50175,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":168,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1432820967101,"flow_last_seen":1432821031791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"midstream":0,"thread_ts_msec":1432821031791,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.68","src_port":36577,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":169,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1432820968101,"flow_last_seen":1432821032791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"midstream":0,"thread_ts_msec":1432821032791,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.67","src_port":60013,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":170,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1432820969101,"flow_last_seen":1432821033791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"midstream":0,"thread_ts_msec":1432821033791,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.66","src_port":33356,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1432820970111,"flow_last_seen":1432821034791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"midstream":0,"thread_ts_msec":1432821034791,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.67","src_port":40058,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1432820957985,"flow_last_seen":1432821044555,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1432820959035,"flow_last_seen":1432821045664,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.68","src_port":52726,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1432820949685,"flow_last_seen":1432821035985,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.185.125.226","src_port":48890,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1432820955933,"flow_last_seen":1432821042151,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1432820950801,"flow_last_seen":1432821036105,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.66","src_port":42620,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1432820960101,"flow_last_seen":1432821024791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.67","src_port":57004,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1432820962101,"flow_last_seen":1432821025791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.66","src_port":36552,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00812{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":6,"flow_first_seen":1432820948836,"flow_last_seen":1432820949347,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2764,"flow_tot_l4_payload_len":9813,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.24","src_port":40467,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"}}
00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1432820965101,"flow_last_seen":1432821029791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.68","src_port":59098,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1432820967101,"flow_last_seen":1432821031791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.68","src_port":36577,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1432820961101,"flow_last_seen":1432821026791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.68","src_port":53059,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1432820950935,"flow_last_seen":1432821037152,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1432820952931,"flow_last_seen":1432821039151,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1432820964101,"flow_last_seen":1432821028791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.66","src_port":47346,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1432820958981,"flow_last_seen":1432821045604,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.67","src_port":39185,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1432820951932,"flow_last_seen":1432821038152,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1432820949735,"flow_last_seen":1432821036045,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.67","src_port":51569,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00810{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1432820948562,"flow_last_seen":1432820948767,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":548,"flow_tot_l4_payload_len":648,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.48","src_port":53497,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"}}
00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1432820949806,"flow_last_seen":1432821036155,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1432820953931,"flow_last_seen":1432821040151,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1432820969101,"flow_last_seen":1432821033791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.66","src_port":33356,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1432820956931,"flow_last_seen":1432821043151,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1432820968101,"flow_last_seen":1432821032791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.67","src_port":60013,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1432820950865,"flow_last_seen":1432821036155,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.68","src_port":43641,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1432820949586,"flow_last_seen":1432821035895,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.185.138.146","src_port":52257,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1432820959095,"flow_last_seen":1432821045664,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1432820963101,"flow_last_seen":1432821027791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.68","src_port":43934,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1432820957932,"flow_last_seen":1432821044555,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.66","src_port":43979,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1432820966101,"flow_last_seen":1432821030791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.67","src_port":50175,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1432820954931,"flow_last_seen":1432821041151,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1432820970111,"flow_last_seen":1432821034791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.67","src_port":40058,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00560{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","packets-captured":197,"packets-processed":197,"total-skipped-flows":0,"total-l4-payload-len":13245,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":31,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":31,"total-idle-flows":31,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":189,"global_ts_msec":1432821045664}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 197/197
@@ -195,10 +195,10 @@
~~ total active/idle flows...: 31/31
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6040725 bytes
~~ total memory freed........: 6040725 bytes
~~ total memory allocated....: 6040973 bytes
~~ total memory freed........: 6040973 bytes
~~ total allocations/frees...: 121201/121201
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 449 chars
~~ json string max len.......: 922 chars
~~ json string avg len.......: 685 chars
~~ json string max len.......: 928 chars
~~ json string avg len.......: 688 chars

34
test/results/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out
View File

@@ -1,35 +1,35 @@
00479{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00568{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1228468937630}
00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1228468937630,"flow_last_seen":1228468937630,"flow_idle_time":200000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1228468937630,"l3_proto":"ip4","src_ip":"10.35.40.22","dst_ip":"10.23.1.42","src_port":2944,"dst_port":2944,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00601{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1228468937630,"flow_last_seen":1228468937630,"flow_idle_time":200000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"midstream":0,"thread_ts_msec":1228468937630,"l3_proto":"ip4","src_ip":"10.35.40.22","dst_ip":"10.23.1.42","src_port":2944,"dst_port":2944,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1228468937630,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"thread_ts_msec":1228468937630,"pkt":"ABgYesP\/AAFbAAaHCABFAABJQq5AAEARunwKIygWChcBKguAC4AANST+IS8xIDxpTVNTPgpUPTU1NTI4MjcxM3tDPS17QVY9RFMvMS81e0FUe019fX19"}
00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1228468937630,"flow_last_seen":1228468937630,"flow_idle_time":200000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1228468937630,"l3_proto":"ip4","src_ip":"10.35.40.22","dst_ip":"10.23.1.42","src_port":2944,"dst_port":2944,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Megaco","breed":"Acceptable","category":"VoIP"}}
00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1228468937630,"flow_last_seen":1228468937630,"flow_idle_time":200000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"midstream":0,"thread_ts_msec":1228468937630,"l3_proto":"ip4","src_ip":"10.35.40.22","dst_ip":"10.23.1.42","src_port":2944,"dst_port":2944,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Megaco","breed":"Acceptable","category":"VoIP"}}
00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1228468937631,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"thread_ts_msec":1228468937631,"pkt":"ABgYesP\/AAFbAAaHCABFAABJQq9AAEARunsKIygWChcBKguAC4AANSUAIS8xIDxpTVNTPgpUPTU1NTI4MjcxNHtDPSp7QVY9RFMvMS81e0FUe019fX19"}
00792{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1228468937633,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":292,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":292,"pkt_l4_len":258,"thread_ts_msec":1228468937633,"pkt":"AAFbAAaHABgYesP\/CABFaAEWVmoAAD4R54sKFwEqCiMoFguAC4ABAnAeIS8xIFsxMC4yMy4xLjQyXToyOTQ0IFAgPSA1NTUyODI3MTN7IEMgPSAtIHthdj1kcy8xLzUgIHsgbSB7IHRzIHsgc2k9aXYsYmYgPSAgT0ZGICxFUklfVEVSTUlORk8vbGF3X2NvbnY9b2ZmICwgRVJJX1RFUk1JTkZPL2Rldl9zdGF0ZT1Ob3JtICwgRVJJX1RFUk1JTkZPL2Rldl90eXBlPUNFRTEgfSAsc3QgPSAwIHsgbyB7IG1vPWluLFRETUMvRUM9T04gLCBURE1DL0dBSU49MCxyZyA9ICBPRkYgLHJ2ID0gIE9GRiAgfSAgfSAgfSAgfSB9fQ=="}
00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1228468958651,"flow_last_seen":1228468958651,"flow_idle_time":200000,"flow_min_l4_payload_len":877,"flow_max_l4_payload_len":877,"flow_tot_l4_payload_len":877,"flow_avg_l4_payload_len":877,"midstream":0,"thread_ts_msec":1228468958651,"l3_proto":"ip4","src_ip":"10.35.60.72","dst_ip":"10.35.60.100","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00607{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1228468958651,"flow_last_seen":1228468958651,"flow_idle_time":200000,"flow_min_l4_payload_len":877,"flow_max_l4_payload_len":877,"flow_tot_l4_payload_len":877,"midstream":0,"thread_ts_msec":1228468958651,"l3_proto":"ip4","src_ip":"10.35.60.72","dst_ip":"10.35.60.100","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01628{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1228468958651,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":919,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":919,"pkt_l4_len":885,"thread_ts_msec":1228468958651,"pkt":"AAglAXLqABEKVkXQCABFAAOJs6ZAAEAR9ssKIzxICiM8ZBPEE8QDdRkjSU5WSVRFIHNpcDowNjE5NjMxNzctaWtodXVlcDViaTEyM0AxMC4zNS42MC4xMDA6NTA2MDt0cmFuc3BvcnQ9dWRwIFNJUC8yLjANClZpYTogU0lQLzIuMC9VRFAgMTAuMzUuNjAuNzI6NTA2MDticmFuY2g9ejloRzRiSy5pSWlJaUkuMGEyMzI4MTkuZTlkNGJkDQpUbzogIDxzaXA6MDYxOTYzMTc3QGl0YWx0ZWwuaXQ7dXNlcj1waG9uZT4NCkZyb206IDxzaXA6dW5hdmFpbGFibGVAaG9zdHBvcnRpb24+O3RhZz0wMGU5ZDQ3OA0KQ2FsbC1JRDogMDBlOWQ0YTUwMGU5ZDQ4LTAwMTUtMDAwMS0wMDAwLTAwMDBAMTAuMzUuNDAuMjUNCkNTZXE6ICAxIElOVklURQ0KTWF4LUZvcndhcmRzOiA3MA0KQ29udGFjdDogPHNpcDphbm9ueW1vdXMuaUlpSWlJLjBhMjMyODE5LkAxMC4zNS42MC43Mj4NCkFsbG93OiBJTlZJVEUsIEFDSywgUFJBQ0ssIENBTkNFTCwgQllFLCBPUFRJT05TLCBNRVNTQUdFLCBOT1RJRlksIFVQREFURSwgUkVHSVNURVIsIElORk8sIFJFRkVSLCBTVUJTQ1JJQkUNCkFjY2VwdDogYXBwbGljYXRpb24vc2RwLCBhcHBsaWNhdGlvbi9pc3VwLCBhcHBsaWNhdGlvbi94bWwsIGFwcGxpY2F0aW9uL2R0bWYtcmVsYXkNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vc2RwDQpDb250ZW50LUxlbmd0aDogMjQwDQoNCnY9MA0Kbz0tIDE5MSAxMjI4NTAwNzM2IElOIElQNCAxMC4yMy4xLjUyDQpzPUlNU1MNCmM9SU4gSVA0IDEwLjIzLjEuNTINCnQ9MCAwDQptPWF1ZGlvIDE2NzU2IFJUUC9BVlAgOCAxMDMgMTAyDQphPXJ0cG1hcDoxMDMgRzcyNi0zMi84MDAwDQphPXB0aW1lOjMwDQphPXJ0cG1hcDoxMDIgdGVsZXBob25lLWV2ZW50LzgwMDAvMQ0KYT1mbXRwOjEwMiAwLTE1DQphPXNxbjowDQphPWNkc2M6MSBpbWFnZSB1ZHB0bCB0MzgNCg=="}
00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1228468958651,"flow_last_seen":1228468958651,"flow_idle_time":200000,"flow_min_l4_payload_len":877,"flow_max_l4_payload_len":877,"flow_tot_l4_payload_len":877,"flow_avg_l4_payload_len":877,"midstream":0,"thread_ts_msec":1228468958651,"l3_proto":"ip4","src_ip":"10.35.60.72","dst_ip":"10.35.60.100","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1228468958651,"flow_last_seen":1228468958651,"flow_idle_time":200000,"flow_min_l4_payload_len":877,"flow_max_l4_payload_len":877,"flow_tot_l4_payload_len":877,"flow_avg_l4_payload_len":877,"midstream":0,"thread_ts_msec":1228468958651,"l3_proto":"ip4","src_ip":"10.35.40.25","dst_ip":"10.35.40.200","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1228468958651,"flow_last_seen":1228468958651,"flow_idle_time":200000,"flow_min_l4_payload_len":877,"flow_max_l4_payload_len":877,"flow_tot_l4_payload_len":877,"midstream":0,"thread_ts_msec":1228468958651,"l3_proto":"ip4","src_ip":"10.35.60.72","dst_ip":"10.35.60.100","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
00607{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1228468958651,"flow_last_seen":1228468958651,"flow_idle_time":200000,"flow_min_l4_payload_len":877,"flow_max_l4_payload_len":877,"flow_tot_l4_payload_len":877,"midstream":0,"thread_ts_msec":1228468958651,"l3_proto":"ip4","src_ip":"10.35.40.25","dst_ip":"10.35.40.200","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01628{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1228468958651,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":919,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":919,"pkt_l4_len":885,"thread_ts_msec":1228468958651,"pkt":"ABEKVkXRAAFbASs3CABFAAOJP55AAEARkp8KIygZCiMoyBPEE8QDdUDuSU5WSVRFIHNpcDowNjE5NjMxNzctaWtodXVlcDViaTEyM0AxMC4zNS42MC4xMDA6NTA2MDt0cmFuc3BvcnQ9dWRwIFNJUC8yLjANClZpYTogU0lQLzIuMC9VRFAgMTAuMzUuNjAuNzI6NTA2MDticmFuY2g9ejloRzRiSy5pSWlJaUkuMGEyMzI4MTkuZTlkNGJkDQpUbzogIDxzaXA6MDYxOTYzMTc3QGl0YWx0ZWwuaXQ7dXNlcj1waG9uZT4NCkZyb206IDxzaXA6dW5hdmFpbGFibGVAaG9zdHBvcnRpb24+O3RhZz0wMGU5ZDQ3OA0KQ2FsbC1JRDogMDBlOWQ0YTUwMGU5ZDQ4LTAwMTUtMDAwMS0wMDAwLTAwMDBAMTAuMzUuNDAuMjUNCkNTZXE6ICAxIElOVklURQ0KTWF4LUZvcndhcmRzOiA3MA0KQ29udGFjdDogPHNpcDphbm9ueW1vdXMuaUlpSWlJLjBhMjMyODE5LkAxMC4zNS42MC43Mj4NCkFsbG93OiBJTlZJVEUsIEFDSywgUFJBQ0ssIENBTkNFTCwgQllFLCBPUFRJT05TLCBNRVNTQUdFLCBOT1RJRlksIFVQREFURSwgUkVHSVNURVIsIElORk8sIFJFRkVSLCBTVUJTQ1JJQkUNCkFjY2VwdDogYXBwbGljYXRpb24vc2RwLCBhcHBsaWNhdGlvbi9pc3VwLCBhcHBsaWNhdGlvbi94bWwsIGFwcGxpY2F0aW9uL2R0bWYtcmVsYXkNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vc2RwDQpDb250ZW50LUxlbmd0aDogMjQwDQoNCnY9MA0Kbz0tIDE5MSAxMjI4NTAwNzM2IElOIElQNCAxMC4yMy4xLjUyDQpzPUlNU1MNCmM9SU4gSVA0IDEwLjIzLjEuNTINCnQ9MCAwDQptPWF1ZGlvIDE2NzU2IFJUUC9BVlAgOCAxMDMgMTAyDQphPXJ0cG1hcDoxMDMgRzcyNi0zMi84MDAwDQphPXB0aW1lOjMwDQphPXJ0cG1hcDoxMDIgdGVsZXBob25lLWV2ZW50LzgwMDAvMQ0KYT1mbXRwOjEwMiAwLTE1DQphPXNxbjowDQphPWNkc2M6MSBpbWFnZSB1ZHB0bCB0MzgNCg=="}
00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1228468958651,"flow_last_seen":1228468958651,"flow_idle_time":200000,"flow_min_l4_payload_len":877,"flow_max_l4_payload_len":877,"flow_tot_l4_payload_len":877,"flow_avg_l4_payload_len":877,"midstream":0,"thread_ts_msec":1228468958651,"l3_proto":"ip4","src_ip":"10.35.40.25","dst_ip":"10.35.40.200","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1228468958651,"flow_last_seen":1228468958651,"flow_idle_time":200000,"flow_min_l4_payload_len":877,"flow_max_l4_payload_len":877,"flow_tot_l4_payload_len":877,"midstream":0,"thread_ts_msec":1228468958651,"l3_proto":"ip4","src_ip":"10.35.40.25","dst_ip":"10.35.40.200","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
00808{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1228468958652,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":304,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":304,"pkt_l4_len":270,"thread_ts_msec":1228468958652,"pkt":"ABEKVkXQAAglAXLqCABFAAEiAABAAIARbNkKIzxkCiM8SBPEE8QBDiJNU0lQLzIuMCAxMDAgVHJ5aW5nDQpWaWE6IFNJUC8yLjAvVURQIDEwLjM1LjYwLjcyOjUwNjA7YnJhbmNoPXo5aEc0YksuaUlpSWlJLjBhMjMyODE5LmU5ZDRiZA0KVG86IDxzaXA6MDYxOTYzMTc3QGl0YWx0ZWwuaXQ7dXNlcj1waG9uZT4NCkZyb206IDxzaXA6dW5hdmFpbGFibGVAaG9zdHBvcnRpb24+O3RhZz0wMGU5ZDQ3OA0KQ2FsbC1JRDogMDBlOWQ0YTUwMGU5ZDQ4LTAwMTUtMDAwMS0wMDAwLTAwMDBAMTAuMzUuNDAuMjUNCkNTZXE6IDEgSU5WSVRFDQoNCg=="}
01628{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1228468958653,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":919,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":919,"pkt_l4_len":885,"thread_ts_msec":1228468958653,"pkt":"ABEKVkXRAAFbASs3CABFAAOJP55AAEARkp8KIygZCiMoyBPEE8QDdUDuSU5WSVRFIHNpcDowNjE5NjMxNzctaWtodXVlcDViaTEyM0AxMC4zNS42MC4xMDA6NTA2MDt0cmFuc3BvcnQ9dWRwIFNJUC8yLjANClZpYTogU0lQLzIuMC9VRFAgMTAuMzUuNjAuNzI6NTA2MDticmFuY2g9ejloRzRiSy5pSWlJaUkuMGEyMzI4MTkuZTlkNGJkDQpUbzogIDxzaXA6MDYxOTYzMTc3QGl0YWx0ZWwuaXQ7dXNlcj1waG9uZT4NCkZyb206IDxzaXA6dW5hdmFpbGFibGVAaG9zdHBvcnRpb24+O3RhZz0wMGU5ZDQ3OA0KQ2FsbC1JRDogMDBlOWQ0YTUwMGU5ZDQ4LTAwMTUtMDAwMS0wMDAwLTAwMDBAMTAuMzUuNDAuMjUNCkNTZXE6ICAxIElOVklURQ0KTWF4LUZvcndhcmRzOiA3MA0KQ29udGFjdDogPHNpcDphbm9ueW1vdXMuaUlpSWlJLjBhMjMyODE5LkAxMC4zNS42MC43Mj4NCkFsbG93OiBJTlZJVEUsIEFDSywgUFJBQ0ssIENBTkNFTCwgQllFLCBPUFRJT05TLCBNRVNTQUdFLCBOT1RJRlksIFVQREFURSwgUkVHSVNURVIsIElORk8sIFJFRkVSLCBTVUJTQ1JJQkUNCkFjY2VwdDogYXBwbGljYXRpb24vc2RwLCBhcHBsaWNhdGlvbi9pc3VwLCBhcHBsaWNhdGlvbi94bWwsIGFwcGxpY2F0aW9uL2R0bWYtcmVsYXkNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vc2RwDQpDb250ZW50LUxlbmd0aDogMjQwDQoNCnY9MA0Kbz0tIDE5MSAxMjI4NTAwNzM2IElOIElQNCAxMC4yMy4xLjUyDQpzPUlNU1MNCmM9SU4gSVA0IDEwLjIzLjEuNTINCnQ9MCAwDQptPWF1ZGlvIDE2NzU2IFJUUC9BVlAgOCAxMDMgMTAyDQphPXJ0cG1hcDoxMDMgRzcyNi0zMi84MDAwDQphPXB0aW1lOjMwDQphPXJ0cG1hcDoxMDIgdGVsZXBob25lLWV2ZW50LzgwMDAvMQ0KYT1mbXRwOjEwMiAwLTE1DQphPXNxbjowDQphPWNkc2M6MSBpbWFnZSB1ZHB0bCB0MzgNCg=="}
00609{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1228468958657,"flow_last_seen":1228468958657,"flow_idle_time":200000,"flow_min_l4_payload_len":884,"flow_max_l4_payload_len":884,"flow_tot_l4_payload_len":884,"flow_avg_l4_payload_len":884,"midstream":0,"thread_ts_msec":1228468958657,"l3_proto":"ip4","src_ip":"138.132.169.101","dst_ip":"192.168.100.219","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00614{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1228468958657,"flow_last_seen":1228468958657,"flow_idle_time":200000,"flow_min_l4_payload_len":884,"flow_max_l4_payload_len":884,"flow_tot_l4_payload_len":884,"midstream":0,"thread_ts_msec":1228468958657,"l3_proto":"ip4","src_ip":"138.132.169.101","dst_ip":"192.168.100.219","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01636{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1228468958657,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":926,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":926,"pkt_l4_len":892,"thread_ts_msec":1228468958657,"pkt":"AAAMB6ypAAglAXLkCABFAAOQAABAAIARne+KhKllwKhk2xPEE8QDfOJtSU5WSVRFIHNpcDowNjE5NjMxNzdAMTkyLjE2OC4xMDAuMjE5OjUwNjAgU0lQLzIuMA0KVmlhOiBTSVAvMi4wL1VEUCAxMzguMTMyLjE2OS4xMDE6NTA2MDticmFuY2g9ejloRzRiS2Z2MmY0MDEwNzg3aDNhOHExMjgwLjENClRvOiA8c2lwOjA2MTk2MzE3N0BpdGFsdGVsLml0O3VzZXI9cGhvbmU+DQpGcm9tOiA8c2lwOnVuYXZhaWxhYmxlQGhvc3Rwb3J0aW9uPjt0YWc9U0Q0OTA5NzAxLTAwZTlkNDc4DQpDYWxsLUlEOiBTRDQ5MDk3MDEtOWZmMTFiZjcyZWI0YTM0N2M5Mjk3NGQ4ZmJiYzI2NjgtYW84bzNpMQ0KQ1NlcTogMSBJTlZJVEUNCk1heC1Gb3J3YXJkczogNjkNCkNvbnRhY3Q6IDxzaXA6dW5hdmFpbGFibGVAMTM4LjEzMi4xNjkuMTAxOjUwNjA7dHJhbnNwb3J0PXVkcD4NCkFsbG93OiBJTlZJVEUsIEFDSywgUFJBQ0ssIENBTkNFTCwgQllFLCBPUFRJT05TLCBNRVNTQUdFLCBOT1RJRlksIFVQREFURSwgUkVHSVNURVIsIElORk8sIFJFRkVSLCBTVUJTQ1JJQkUNCkFjY2VwdDogYXBwbGljYXRpb24vc2RwLCBhcHBsaWNhdGlvbi9pc3VwLCBhcHBsaWNhdGlvbi94bWwsIGFwcGxpY2F0aW9uL2R0bWYtcmVsYXkNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vc2RwDQpDb250ZW50LUxlbmd0aDogMjUwDQoNCnY9MA0Kbz0tIDE5MSAxMjI4NTAwNzM2IElOIElQNCAxMzguMTMyLjE2OS4xMDENCnM9SU1TUw0KYz1JTiBJUDQgMTM4LjEzMi4xNjkuMTAxDQp0PTAgMA0KbT1hdWRpbyAxNTU4MCBSVFAvQVZQIDggMTAzIDEwMg0KYT1ydHBtYXA6MTAzIEc3MjYtMzIvODAwMA0KYT1wdGltZTozMA0KYT1ydHBtYXA6MTAyIHRlbGVwaG9uZS1ldmVudC84MDAwLzENCmE9Zm10cDoxMDIgMC0xNQ0KYT1zcW46MA0KYT1jZHNjOjEgaW1hZ2UgdWRwdGwgdDM4DQo="}
00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1228468958657,"flow_last_seen":1228468958657,"flow_idle_time":200000,"flow_min_l4_payload_len":884,"flow_max_l4_payload_len":884,"flow_tot_l4_payload_len":884,"flow_avg_l4_payload_len":884,"midstream":0,"thread_ts_msec":1228468958657,"l3_proto":"ip4","src_ip":"138.132.169.101","dst_ip":"192.168.100.219","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
00669{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1228468958657,"flow_last_seen":1228468958657,"flow_idle_time":200000,"flow_min_l4_payload_len":884,"flow_max_l4_payload_len":884,"flow_tot_l4_payload_len":884,"midstream":0,"thread_ts_msec":1228468958657,"l3_proto":"ip4","src_ip":"138.132.169.101","dst_ip":"192.168.100.219","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
00808{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1228468958657,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":304,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":304,"pkt_l4_len":270,"thread_ts_msec":1228468958657,"pkt":"AAFbASs3ABEKVkXRCABFAAEild5AAEARPsYKIyjICiMoGRPEE8QBDkoYU0lQLzIuMCAxMDAgVHJ5aW5nDQpWaWE6IFNJUC8yLjAvVURQIDEwLjM1LjYwLjcyOjUwNjA7YnJhbmNoPXo5aEc0YksuaUlpSWlJLjBhMjMyODE5LmU5ZDRiZA0KVG86IDxzaXA6MDYxOTYzMTc3QGl0YWx0ZWwuaXQ7dXNlcj1waG9uZT4NCkZyb206IDxzaXA6dW5hdmFpbGFibGVAaG9zdHBvcnRpb24+O3RhZz0wMGU5ZDQ3OA0KQ2FsbC1JRDogMDBlOWQ0YTUwMGU5ZDQ4LTAwMTUtMDAwMS0wMDAwLTAwMDBAMTAuMzUuNDAuMjUNCkNTZXE6IDEgSU5WSVRFDQoNCg=="}
00853{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1228468958718,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"thread_ts_msec":1228468958718,"pkt":"AAglAXLkABZGR+C\/CABFuAFFHeUAAD0RBJ7AqGTbioSpZRPEE8QBMRfZU0lQLzIuMCAxMDAgVHJ5aW5nDQpDYWxsLUlEOiBTRDQ5MDk3MDEtOWZmMTFiZjcyZWI0YTM0N2M5Mjk3NGQ4ZmJiYzI2NjgtYW84bzNpMQ0KQ29udGVudC1MZW5ndGg6IDANCkNTZXE6IDEgSU5WSVRFDQpGcm9tOiA8c2lwOnVuYXZhaWxhYmxlQGhvc3Rwb3J0aW9uPjt0YWc9U0Q0OTA5NzAxLTAwZTlkNDc4DQpUbzogPHNpcDowNjE5NjMxNzdAaXRhbHRlbC5pdDt1c2VyPXBob25lPg0KVmlhOiBTSVAvMi4wL1VEUCAxMzguMTMyLjE2OS4xMDE6NTA2MDticmFuY2g9ejloRzRiS2Z2MmY0MDEwNzg3aDNhOHExMjgwLjENCg0K"}
01029{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1228468958819,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":469,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":469,"pkt_l4_len":435,"thread_ts_msec":1228468958819,"pkt":"AAglAXLkABZGR+C\/CABFuAHHHeYAAD0RBBvAqGTbioSpZRPEE8QBs3VMU0lQLzIuMCAxODAgUmluZ2luZw0KQ2FsbC1JRDogU0Q0OTA5NzAxLTlmZjExYmY3MmViNGEzNDdjOTI5NzRkOGZiYmMyNjY4LWFvOG8zaTENCkNvbnRhY3Q6IDxzaXA6MDYxOTYzMTc3QDE5Mi4xNjguMTAwLjIxOTo1MDYwPg0KQ29udGVudC1MZW5ndGg6IDANCkNTZXE6IDEgSU5WSVRFDQpGcm9tOiA8c2lwOnVuYXZhaWxhYmxlQGhvc3Rwb3J0aW9uPjt0YWc9U0Q0OTA5NzAxLTAwZTlkNDc4DQpTZXJ2ZXI6IEFyY29yL0FyY29yLTEuMDIuMDA1dDINClRvOiA8c2lwOjA2MTk2MzE3N0BpdGFsdGVsLml0O3VzZXI9cGhvbmU+O3RhZz02MTcyNjM2MTY0Nzk2MTZFLTMzMTcxNTUyMC01MzM2Zjc4NS0xODc0MTAyMDUNClZpYTogU0lQLzIuMC9VRFAgMTM4LjEzMi4xNjkuMTAxOjUwNjA7YnJhbmNoPXo5aEc0YktmdjJmNDAxMDc4N2gzYThxMTI4MC4xDQoNCg=="}
01052{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1228468958820,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":488,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":488,"pkt_l4_len":454,"thread_ts_msec":1228468958820,"pkt":"ABEKVkXQAAglAXLqCABFAAHaAABAAIARbCEKIzxkCiM8SBPEE8QBxvK8U0lQLzIuMCAxODAgUmluZ2luZw0KVmlhOiBTSVAvMi4wL1VEUCAxMC4zNS42MC43Mjo1MDYwO2JyYW5jaD16OWhHNGJLLmlJaUlpSS4wYTIzMjgxOS5lOWQ0YmQNClRvOiA8c2lwOjA2MTk2MzE3N0BpdGFsdGVsLml0O3VzZXI9cGhvbmU+O3RhZz1TRDQ5MDk3OTktNjE3MjYzNjE2NDc5NjE2RS0zMzE3MTU1MjAtNTMzNmY3ODUtMTg3NDEwMjA1DQpGcm9tOiA8c2lwOnVuYXZhaWxhYmxlQGhvc3Rwb3J0aW9uPjt0YWc9MDBlOWQ0NzgNCkNhbGwtSUQ6IDAwZTlkNGE1MDBlOWQ0OC0wMDE1LTAwMDEtMDAwMC0wMDAwQDEwLjM1LjQwLjI1DQpDU2VxOiAxIElOVklURQ0KQ29udGFjdDogPHNpcDowNjE5NjMxNzctaWtodXVlcDViaTEyM0AxMC4zNS42MC4xMDA6NTA2MDt0cmFuc3BvcnQ9dWRwPg0KQ29udGVudC1MZW5ndGg6IDANClNlcnZlcjogQXJjb3IvQXJjb3ItMS4wMi4wMDV0Mg0KDQo="}
00603{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1228468965434,"flow_last_seen":1228468965434,"flow_idle_time":200000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1228468965434,"l3_proto":"ip4","src_ip":"10.35.60.100","dst_ip":"10.23.1.52","src_port":15580,"dst_port":16756,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00608{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1228468965434,"flow_last_seen":1228468965434,"flow_idle_time":200000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"midstream":0,"thread_ts_msec":1228468965434,"l3_proto":"ip4","src_ip":"10.35.60.100","dst_ip":"10.23.1.52","src_port":15580,"dst_port":16756,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00689{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1228468965434,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1228468965434,"pkt":"ABgYesP\/AAglAXLqCABFuADIHecAAD0RDLUKIzxkChcBNDzcQXQAtEC7gAgAAGfPFaAOrw6v1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1Q=="}
00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1228468965434,"flow_last_seen":1228468965434,"flow_idle_time":200000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1228468965434,"l3_proto":"ip4","src_ip":"10.35.60.100","dst_ip":"10.23.1.52","src_port":15580,"dst_port":16756,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}}
00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1228468965434,"flow_last_seen":1228468965434,"flow_idle_time":200000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"midstream":0,"thread_ts_msec":1228468965434,"l3_proto":"ip4","src_ip":"10.35.60.100","dst_ip":"10.23.1.52","src_port":15580,"dst_port":16756,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}}
00689{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1228468965455,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1228468965455,"pkt":"ABgYesP\/AAglAXLqCABFuADIHegAAD0RDLQKIzxkChcBNDzcQXQAtEAagAgAAWfPFkAOrw6v1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1Q=="}
00689{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1228468965474,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1228468965474,"pkt":"ABgYesP\/AAglAXLqCABFuADIHekAAD0RDLMKIzxkChcBNDzcQXQAtD95gAgAAmfPFuAOrw6v1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1Q=="}
00706{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7217,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":6995,"flow_first_seen":1228468965434,"flow_last_seen":1228469042419,"flow_idle_time":200000,"flow_min_l4_payload_len":13,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":1100399,"flow_avg_l4_payload_len":157,"midstream":0,"thread_ts_msec":1228469046884,"l3_proto":"ip4","src_ip":"10.35.60.100","dst_ip":"10.23.1.52","src_port":15580,"dst_port":16756,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}}
00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7217,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":130,"flow_first_seen":1228468937630,"flow_last_seen":1228469046884,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":541,"flow_tot_l4_payload_len":18110,"flow_avg_l4_payload_len":139,"midstream":0,"thread_ts_msec":1228469046884,"l3_proto":"ip4","src_ip":"10.35.40.22","dst_ip":"10.23.1.42","src_port":2944,"dst_port":2944,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Megaco","breed":"Acceptable","category":"VoIP"}}
00708{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7217,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1228468958657,"flow_last_seen":1228469042442,"flow_idle_time":200000,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":884,"flow_tot_l4_payload_len":12177,"flow_avg_l4_payload_len":529,"midstream":0,"thread_ts_msec":1228469046884,"l3_proto":"ip4","src_ip":"138.132.169.101","dst_ip":"192.168.100.219","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7217,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":46,"flow_first_seen":1228468958651,"flow_last_seen":1228469042445,"flow_idle_time":200000,"flow_min_l4_payload_len":262,"flow_max_l4_payload_len":881,"flow_tot_l4_payload_len":24540,"flow_avg_l4_payload_len":533,"midstream":0,"thread_ts_msec":1228469046884,"l3_proto":"ip4","src_ip":"10.35.40.25","dst_ip":"10.35.40.200","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7217,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1228468958651,"flow_last_seen":1228469042444,"flow_idle_time":200000,"flow_min_l4_payload_len":262,"flow_max_l4_payload_len":881,"flow_tot_l4_payload_len":12270,"flow_avg_l4_payload_len":533,"midstream":0,"thread_ts_msec":1228469046884,"l3_proto":"ip4","src_ip":"10.35.60.72","dst_ip":"10.35.60.100","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
00714{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7217,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":3848,"flow_dst_packets_processed":3147,"flow_first_seen":1228468965434,"flow_last_seen":1228469042419,"flow_idle_time":200000,"flow_min_l4_payload_len":13,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":1100399,"midstream":0,"thread_ts_msec":1228469046884,"l3_proto":"ip4","src_ip":"10.35.60.100","dst_ip":"10.23.1.52","src_port":15580,"dst_port":16756,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}}
00707{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7217,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":65,"flow_dst_packets_processed":65,"flow_first_seen":1228468937630,"flow_last_seen":1228469046884,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":541,"flow_tot_l4_payload_len":18110,"midstream":0,"thread_ts_msec":1228469046884,"l3_proto":"ip4","src_ip":"10.35.40.22","dst_ip":"10.23.1.42","src_port":2944,"dst_port":2944,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Megaco","breed":"Acceptable","category":"VoIP"}}
00714{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7217,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":12,"flow_first_seen":1228468958657,"flow_last_seen":1228469042442,"flow_idle_time":200000,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":884,"flow_tot_l4_payload_len":12177,"midstream":0,"thread_ts_msec":1228469046884,"l3_proto":"ip4","src_ip":"138.132.169.101","dst_ip":"192.168.100.219","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
00707{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7217,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":24,"flow_first_seen":1228468958651,"flow_last_seen":1228469042445,"flow_idle_time":200000,"flow_min_l4_payload_len":262,"flow_max_l4_payload_len":881,"flow_tot_l4_payload_len":24540,"midstream":0,"thread_ts_msec":1228469046884,"l3_proto":"ip4","src_ip":"10.35.40.25","dst_ip":"10.35.40.200","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
00707{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7217,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":12,"flow_first_seen":1228468958651,"flow_last_seen":1228469042444,"flow_idle_time":200000,"flow_min_l4_payload_len":262,"flow_max_l4_payload_len":881,"flow_tot_l4_payload_len":12270,"midstream":0,"thread_ts_msec":1228469046884,"l3_proto":"ip4","src_ip":"10.35.60.72","dst_ip":"10.35.60.100","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
00586{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7217,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","packets-captured":7217,"packets-processed":7217,"total-skipped-flows":0,"total-l4-payload-len":1167496,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":33,"global_ts_msec":1228469046884}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 7217/7217
@@ -39,8 +39,8 @@
~~ total active/idle flows...: 5/5
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6216610 bytes
~~ total memory freed........: 6216610 bytes
~~ total memory allocated....: 6216650 bytes
~~ total memory freed........: 6216650 bytes
~~ total allocations/frees...: 128109/128109
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 484 chars

20
test/results/IEC104.pcap.out
View File

@@ -1,17 +1,17 @@
00457{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"IEC104.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00546{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"IEC104.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1317629088495}
00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1317629088495,"flow_last_seen":1317629088495,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1317629088495,"l3_proto":"ip4","src_ip":"10.175.211.1","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54768,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1317629088495,"flow_last_seen":1317629088495,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":1,"thread_ts_msec":1317629088495,"l3_proto":"ip4","src_ip":"10.175.211.1","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54768,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1317629088495,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1317629088495,"pkt":"eCvLK7lWABIAxkrACABFAAAoUqRAAH0GWeoKr9MBCndpGglk1fBIoLt3AFkTVVAQ\/elpjgAAAAAAAAAA"}
00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1317629088520,"flow_last_seen":1317629088520,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1317629088520,"l3_proto":"ip4","src_ip":"10.175.211.3","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54769,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1317629088520,"flow_last_seen":1317629088520,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":1,"thread_ts_msec":1317629088520,"l3_proto":"ip4","src_ip":"10.175.211.3","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54769,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1317629088520,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1317629088520,"pkt":"eCvLK7lWABIAxkrACABFAAAoSx9AAH0GYW0Kr9MDCndpGglk1fFZgPwe3z\/\/ZlAQ+y9PxQAAAAAAAAAA"}
00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1317629088532,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_msec":1317629088532,"pkt":"eCvLK7lWABIAxkrACABFAAAuUsZAAH0GWcIKr9MBCndpGglk1fBIoLt3AFkTVVAY\/em9wgAAaAQBAEK5"}
00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1317629088495,"flow_last_seen":1317629088532,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":3,"midstream":1,"thread_ts_msec":1317629088532,"l3_proto":"ip4","src_ip":"10.175.211.1","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54768,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1317629088495,"flow_last_seen":1317629088532,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"midstream":1,"thread_ts_msec":1317629088532,"l3_proto":"ip4","src_ip":"10.175.211.1","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54768,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1317629088536,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_msec":1317629088536,"pkt":"eCvLK7lWABIAxkrACABFAAAuSyRAAH0GYWIKr9MDCndpGglk1fFZgPwe3z\/\/ZlAY+y+j+QAAaAQBAEK5"}
00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1317629088520,"flow_last_seen":1317629088536,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":3,"midstream":1,"thread_ts_msec":1317629088536,"l3_proto":"ip4","src_ip":"10.175.211.3","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54769,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1317629088520,"flow_last_seen":1317629088536,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"midstream":1,"thread_ts_msec":1317629088536,"l3_proto":"ip4","src_ip":"10.175.211.3","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54769,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1317629088731,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1317629088731,"pkt":"AAAMB6wBeCvLK7lWCABFAAAoJ9JAAIAGAAAKd2kaCq\/TAdXwCWQAWRNVSKC7fVAQAP5RXAAA"}
00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1317629088739,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1317629088739,"pkt":"AAAMB6wBeCvLK7lWCABFAAAoJ9tAAIAGAAAKd2kaCq\/TA9XxCWTfP\/9mWYD8JFAQAP5RXgAA"}
00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":15,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1317629088495,"flow_last_seen":1317629090498,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":252,"flow_tot_l4_payload_len":603,"flow_avg_l4_payload_len":50,"midstream":1,"thread_ts_msec":1317629090498,"l3_proto":"ip4","src_ip":"10.175.211.1","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54768,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":15,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1317629088520,"flow_last_seen":1317629088739,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":2,"midstream":1,"thread_ts_msec":1317629090498,"l3_proto":"ip4","src_ip":"10.175.211.3","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54769,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":15,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":5,"flow_first_seen":1317629088495,"flow_last_seen":1317629090498,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":252,"flow_tot_l4_payload_len":603,"midstream":1,"thread_ts_msec":1317629090498,"l3_proto":"ip4","src_ip":"10.175.211.1","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54768,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":15,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1317629088520,"flow_last_seen":1317629088739,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"midstream":1,"thread_ts_msec":1317629090498,"l3_proto":"ip4","src_ip":"10.175.211.3","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54769,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
00554{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":15,"source":"IEC104.pcap","alias":"nDPId-test","packets-captured":15,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":609,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_msec":1317629090498}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 15/15
@@ -21,10 +21,10 @@
~~ total active/idle flows...: 2/2
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6004572 bytes
~~ total memory freed........: 6004572 bytes
~~ total memory allocated....: 6004588 bytes
~~ total memory freed........: 6004588 bytes
~~ total allocations/frees...: 120895/120895
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 453 chars
~~ json string max len.......: 691 chars
~~ json string avg len.......: 569 chars
~~ json string max len.......: 696 chars
~~ json string avg len.......: 571 chars

300
test/results/KakaoTalk_chat.pcap.out
View File

@@ -1,238 +1,238 @@
00465{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00554{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1430069021959}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069021959,"flow_last_seen":1430069021959,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1430069021959,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":38448,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069021959,"flow_last_seen":1430069021959,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"midstream":0,"thread_ts_msec":1430069021959,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":38448,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1430069021959,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069021959,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADwAAEAAQBHSIAoYUrwKvAEBljAANQAogKaG7QEAAAEAAAAAAAAEYXV0aAVrYWthbwNjb20AAAEAAQ=="}
00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069021959,"flow_last_seen":1430069021959,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1430069021959,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":38448,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"auth.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022006,"flow_last_seen":1430069022006,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1430069022006,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":35603,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3}
00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069021959,"flow_last_seen":1430069021959,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"midstream":0,"thread_ts_msec":1430069021959,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":38448,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"auth.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069022006,"flow_last_seen":1430069022006,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"midstream":0,"thread_ts_msec":1430069022006,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":35603,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3}
00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1430069022006,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":79,"pkt_l4_len":43,"thread_ts_msec":1430069022006,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAD8AAEAAQBHSHQoYUrwKvAEBixMANQArGNJpegEAAAEAAAAAAAAHYWMtdGFsawVrYWthbwNjb20AAAEAAQ=="}
00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022006,"flow_last_seen":1430069022006,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1430069022006,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":35603,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"ac-talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022007,"flow_last_seen":1430069022007,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1430069022007,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":57816,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3}
00785{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069022006,"flow_last_seen":1430069022006,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"midstream":0,"thread_ts_msec":1430069022006,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":35603,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"ac-talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069022007,"flow_last_seen":1430069022007,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"midstream":0,"thread_ts_msec":1430069022007,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":57816,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1430069022007,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":78,"pkt_l4_len":42,"thread_ts_msec":1430069022007,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAD4AAEAAQBHSHgoYUrwKvAEB4dgANQAqGG9RAgEAAAEAAAAAAAAGa2F0YWxrBWtha2FvA2NvbQAAAQAB"}
00778{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022007,"flow_last_seen":1430069022007,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1430069022007,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":57816,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"katalk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069022007,"flow_last_seen":1430069022007,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"midstream":0,"thread_ts_msec":1430069022007,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":57816,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"katalk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1430069022041,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":136,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":136,"pkt_l4_len":100,"thread_ts_msec":1430069022041,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAHgb0gAANREBEwq8AQEKGFK8ADWLEwBk4PlpeoGAAAEAAwAAAAAHYWMtdGFsawVrYWthbwNjb20AAAEAAcAMAAUAAQAABZUADQdhYy10YWxrAmdswBTALwABAAEAAACbAARuTI1wwC8AAQABAAAAmwAEAckAJw=="}
00795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069022006,"flow_last_seen":1430069022041,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":92,"flow_tot_l4_payload_len":127,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1430069022041,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":35603,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"ac-talk.kakao.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"110.76.141.112"}}
00801{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1430069022006,"flow_last_seen":1430069022041,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":92,"flow_tot_l4_payload_len":127,"midstream":0,"thread_ts_msec":1430069022041,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":35603,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"ac-talk.kakao.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"110.76.141.112"}}
00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1430069022041,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":114,"pkt_l4_len":78,"thread_ts_msec":1430069022041,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAGIb0wAANREBKAq8AQEKGFK8ADWWMABOrZ2G7YGAAAEAAgAAAAAEYXV0aAVrYWthbwNjb20AAAEAAcAMAAUAAQAABccACgRhdXRoAmdswBHALAABAAEAAABWAATSZ\/AP"}
00792{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069021959,"flow_last_seen":1430069022041,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1430069022041,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":38448,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"auth.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"210.103.240.15"}}
00798{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1430069021959,"flow_last_seen":1430069022041,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":102,"midstream":0,"thread_ts_msec":1430069022041,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":38448,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"auth.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"210.103.240.15"}}
00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1430069022042,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":166,"pkt_l4_len":130,"thread_ts_msec":1430069022042,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAJbtdwAANREvTwq8AQEKGFK8ADXh2ACCeK5RAoGAAAEABQAAAAAGa2F0YWxrBWtha2FvA2NvbQAAAQABwAwABQABAAAD9AAMBmthdGFsawJnbMATwC4AAQABAAAAegAEbkyOIsAuAAEAAQAAAHoABAHJAD3ALgABAAEAAAB6AAQByQA\/wC4AAQABAAAAegAEbkyNJQ=="}
00794{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069022007,"flow_last_seen":1430069022042,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":122,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":78,"midstream":0,"thread_ts_msec":1430069022042,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":57816,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"katalk.kakao.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"110.76.142.34"}}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022058,"flow_last_seen":1430069022058,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1430069022058,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":41909,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3}
00800{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1430069022007,"flow_last_seen":1430069022042,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":122,"flow_tot_l4_payload_len":156,"midstream":0,"thread_ts_msec":1430069022042,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":57816,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"katalk.kakao.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"110.76.142.34"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069022058,"flow_last_seen":1430069022058,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"midstream":0,"thread_ts_msec":1430069022058,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":41909,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3}
00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1430069022058,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":84,"pkt_l4_len":48,"thread_ts_msec":1430069022058,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAEQAAEAAQBHSGAoYUrwKvAEBo7UANQAwrR37RAEAAAEAAAAAAAAHYm9va2luZwRsb2NvBWtha2FvA2NvbQAAAQAB"}
00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022058,"flow_last_seen":1430069022058,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1430069022058,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":41909,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"booking.loco.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022059,"flow_last_seen":1430069022059,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1430069022059,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":12908,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3}
00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069022058,"flow_last_seen":1430069022058,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"midstream":0,"thread_ts_msec":1430069022058,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":41909,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"booking.loco.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069022059,"flow_last_seen":1430069022059,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"midstream":0,"thread_ts_msec":1430069022059,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":12908,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3}
00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1430069022059,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"thread_ts_msec":1430069022059,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAEEAAEAAQBHSGwoYUrwKvAEBMmwANQAtbIX3UQEAAAEAAAAAAAAEdXAtbQR0YWxrBWtha2FvA2NvbQAAAQAB"}
00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022059,"flow_last_seen":1430069022059,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1430069022059,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":12908,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-m.talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022059,"flow_last_seen":1430069022059,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1430069022059,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":58810,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3}
00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069022059,"flow_last_seen":1430069022059,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"midstream":0,"thread_ts_msec":1430069022059,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":12908,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-m.talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069022059,"flow_last_seen":1430069022059,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"midstream":0,"thread_ts_msec":1430069022059,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":58810,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1430069022059,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069022059,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADwAAEAAQBHSIAoYUrwKvAEB5boANQAoZpVNewEAAAEAAAAAAAAEaXRlbQVrYWthbwNjb20AAAEAAQ=="}
00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022059,"flow_last_seen":1430069022059,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1430069022059,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":58810,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"item.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069022059,"flow_last_seen":1430069022059,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"midstream":0,"thread_ts_msec":1430069022059,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":58810,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"item.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1430069022093,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":114,"pkt_l4_len":78,"thread_ts_msec":1430069022093,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAGIb1QAANREBJgq8AQEKGFK8ADXlugBOjwdNe4GAAAEAAgAAAAAEaXRlbQVrYWthbwNjb20AAAEAAcAMAAUAAQAABdUACgRpdGVtAmdswBHALAABAAEAAADUAATSZ\/AP"}
00793{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069022059,"flow_last_seen":1430069022093,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1430069022093,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":58810,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"item.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"210.103.240.15"}}
00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1430069022059,"flow_last_seen":1430069022093,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":102,"midstream":0,"thread_ts_msec":1430069022093,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":58810,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"item.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"210.103.240.15"}}
00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1430069022094,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":124,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":124,"pkt_l4_len":88,"thread_ts_msec":1430069022094,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAGzteAAANREveAq8AQEKGFK8ADUybABYuHj3UYGAAAEAAgAAAAAEdXAtbQR0YWxrBWtha2FvA2NvbQAAAQABwAwABQABAAAD8wAPBHVwLW0EdGFsawJnbMAWwDEAAQABAAAAeAAE0mfwEA=="}
00798{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069022059,"flow_last_seen":1430069022094,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1430069022094,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":12908,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-m.talk.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"210.103.240.16"}}
00804{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1430069022059,"flow_last_seen":1430069022094,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"midstream":0,"thread_ts_msec":1430069022094,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":12908,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-m.talk.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"210.103.240.16"}}
00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1430069022094,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":130,"pkt_l4_len":94,"thread_ts_msec":1430069022094,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAHLteQAANREvcQq8AQEKGFK8ADWjtQBeT7D7RIGAAAEAAgAAAAAHYm9va2luZwRsb2NvBWtha2FvA2NvbQAAAQABwAwABQABAAAD8wASB2Jvb2tpbmcEbG9jbwJnbMAZwDQAAQABAAAAeAAEbkyOfQ=="}
00801{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069022058,"flow_last_seen":1430069022094,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1430069022094,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":41909,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"booking.loco.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"110.76.142.125"}}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022100,"flow_last_seen":1430069022100,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1430069022100,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":5929,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3}
00807{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1430069022058,"flow_last_seen":1430069022094,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":126,"midstream":0,"thread_ts_msec":1430069022094,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":41909,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"booking.loco.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"110.76.142.125"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069022100,"flow_last_seen":1430069022100,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"midstream":0,"thread_ts_msec":1430069022100,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":5929,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3}
00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1430069022100,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"thread_ts_msec":1430069022100,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAEEAAEAAQBHSGwoYUrwKvAEBFykANQAtVi4l7AEAAAEAAAAAAAAEdXAtcAR0YWxrBWtha2FvA2NvbQAAAQAB"}
00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022100,"flow_last_seen":1430069022100,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1430069022100,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":5929,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-p.talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022104,"flow_last_seen":1430069022104,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1430069022104,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":9094,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3}
00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069022100,"flow_last_seen":1430069022100,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"midstream":0,"thread_ts_msec":1430069022100,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":5929,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-p.talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069022104,"flow_last_seen":1430069022104,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"midstream":0,"thread_ts_msec":1430069022104,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":9094,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3}
00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1430069022104,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"thread_ts_msec":1430069022104,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAEEAAEAAQBHSGwoYUrwKvAEBI4YANQAt2SeQlQEAAAEAAAAAAAAEdXAtdgR0YWxrBWtha2FvA2NvbQAAAQAB"}
00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022104,"flow_last_seen":1430069022104,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1430069022104,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":9094,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-v.talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022105,"flow_last_seen":1430069022105,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1430069022105,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":56820,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3}
00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069022104,"flow_last_seen":1430069022104,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"midstream":0,"thread_ts_msec":1430069022104,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":9094,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-v.talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069022105,"flow_last_seen":1430069022105,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"midstream":0,"thread_ts_msec":1430069022105,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":56820,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3}
00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1430069022105,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"thread_ts_msec":1430069022105,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAEEAAEAAQBHSGwoYUrwKvAEB3fQANQAtU9dudwEAAAEAAAAAAAAEdXAtYwR0YWxrBWtha2FvA2NvbQAAAQAB"}
00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022105,"flow_last_seen":1430069022105,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1430069022105,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":56820,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-c.talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069022105,"flow_last_seen":1430069022105,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"midstream":0,"thread_ts_msec":1430069022105,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":56820,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-c.talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1430069022234,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":124,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":124,"pkt_l4_len":88,"thread_ts_msec":1430069022234,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAGwb1gAANREBGwq8AQEKGFK8ADUXKQBYAAol7IGAAAEAAgAAAAAEdXAtcAR0YWxrBWtha2FvA2NvbQAAAQABwAwABQABAAAFlQAPBHVwLXAEdGFsawJnbMAWwDEAAQABAAAAiwAE0mfwEA=="}
00797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069022100,"flow_last_seen":1430069022234,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1430069022234,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":5929,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-p.talk.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"210.103.240.16"}}
00803{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1430069022100,"flow_last_seen":1430069022234,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"midstream":0,"thread_ts_msec":1430069022234,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":5929,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-p.talk.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"210.103.240.16"}}
00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1430069022234,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":124,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":124,"pkt_l4_len":88,"thread_ts_msec":1430069022234,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAGwb1wAANREBGgq8AQEKGFK8ADUjhgBYgN2QlYGAAAEAAgAAAAAEdXAtdgR0YWxrBWtha2FvA2NvbQAAAQABwAwABQABAAAFlwAPBHVwLXYEdGFsawJnbMAWwDEAAQABAAAAqwAE0mfwEA=="}
00797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":17,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069022104,"flow_last_seen":1430069022234,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1430069022234,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":9094,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-v.talk.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"210.103.240.16"}}
00803{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":17,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1430069022104,"flow_last_seen":1430069022234,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"midstream":0,"thread_ts_msec":1430069022234,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":9094,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-v.talk.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"210.103.240.16"}}
00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1430069022234,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":124,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":124,"pkt_l4_len":88,"thread_ts_msec":1430069022234,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAGztegAANREvdgq8AQEKGFK8ADXd9ABYZqtud4GAAAEAAgAAAAAEdXAtYwR0YWxrBWtha2FvA2NvbQAAAQABwAwABQABAAAD8wAPBHVwLWMEdGFsawJnbMAWwDEAAQABAAAAeAAEbkyNVQ=="}
00797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069022105,"flow_last_seen":1430069022234,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1430069022234,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":56820,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-c.talk.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"110.76.141.85"}}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022249,"flow_last_seen":1430069022249,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1430069022249,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":29029,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3}
00803{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1430069022105,"flow_last_seen":1430069022234,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"midstream":0,"thread_ts_msec":1430069022234,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":56820,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-c.talk.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"110.76.141.85"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069022249,"flow_last_seen":1430069022249,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"midstream":0,"thread_ts_msec":1430069022249,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":29029,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3}
00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1430069022249,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"thread_ts_msec":1430069022249,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAEEAAEAAQBHSGwoYUrwKvAEBcWUANQAtiQin1QEAAAEAAAAAAAAEdXAtYQR0YWxrBWtha2FvA2NvbQAAAQAB"}
00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022249,"flow_last_seen":1430069022249,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1430069022249,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":29029,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-a.talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022252,"flow_last_seen":1430069022252,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1430069022252,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25117,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3}
00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069022249,"flow_last_seen":1430069022249,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"midstream":0,"thread_ts_msec":1430069022249,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":29029,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-a.talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069022252,"flow_last_seen":1430069022252,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"midstream":0,"thread_ts_msec":1430069022252,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25117,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3}
00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1430069022252,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":82,"pkt_l4_len":46,"thread_ts_msec":1430069022252,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAEIAAEAAQBHSGgoYUrwKvAEBYh0ANQAu\/udwlQEAAAEAAAAAAAAFdXAtZ3AEdGFsawVrYWthbwNjb20AAAEAAQ=="}
00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022252,"flow_last_seen":1430069022252,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1430069022252,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25117,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-gp.talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022252,"flow_last_seen":1430069022252,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1430069022252,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":43077,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3}
00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069022252,"flow_last_seen":1430069022252,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"midstream":0,"thread_ts_msec":1430069022252,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25117,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-gp.talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069022252,"flow_last_seen":1430069022252,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"midstream":0,"thread_ts_msec":1430069022252,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":43077,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3}
00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1430069022252,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"thread_ts_msec":1430069022252,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAEEAAEAAQBHSGwoYUrwKvAEBqEUANQAtOYa3iAEAAAEAAAAAAAAEZG4tbAR0YWxrBWtha2FvA2NvbQAAAQAB"}
00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022252,"flow_last_seen":1430069022252,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1430069022252,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":43077,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"dn-l.talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069022252,"flow_last_seen":1430069022252,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"midstream":0,"thread_ts_msec":1430069022252,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":43077,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"dn-l.talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1430069022282,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":124,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":124,"pkt_l4_len":88,"thread_ts_msec":1430069022282,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAGwb2AAANREBGQq8AQEKGFK8ADVxZQBYBjqn1YGAAAEAAgAAAAAEdXAtYQR0YWxrBWtha2FvA2NvbQAAAQABwAwABQABAAAFwgAPBHVwLWEEdGFsawJnbMAWwDEAAQABAAAARAAE0mfwEA=="}
00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069022249,"flow_last_seen":1430069022282,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1430069022282,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":29029,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-a.talk.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"210.103.240.16"}}
00805{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1430069022249,"flow_last_seen":1430069022282,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"midstream":0,"thread_ts_msec":1430069022282,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":29029,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-a.talk.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"210.103.240.16"}}
00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1430069022295,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":97,"pkt_l4_len":61,"thread_ts_msec":1430069022295,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAFHtewAANREvkAq8AQEKGFK8ADWoRQA9yiS3iIGAAAEAAQAAAAAEZG4tbAR0YWxrBWtha2FvA2NvbQAAAQABwAwAAQABAAAEOQAEbkyNVg=="}
00797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":23,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069022252,"flow_last_seen":1430069022295,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1430069022295,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":43077,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"dn-l.talk.kakao.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"110.76.141.86"}}
00803{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":23,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1430069022252,"flow_last_seen":1430069022295,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"midstream":0,"thread_ts_msec":1430069022295,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":43077,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"dn-l.talk.kakao.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"110.76.141.86"}}
00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1430069022295,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":126,"pkt_l4_len":90,"thread_ts_msec":1430069022295,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAG4b2QAANREBFgq8AQEKGFK8ADViHQBaJnpwlYGAAAEAAgAAAAAFdXAtZ3AEdGFsawVrYWthbwNjb20AAAEAAcAMAAUAAQAABasAEAV1cC1ncAR0YWxrAmdswBfAMgABAAEAAACsAARuTI0a"}
00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":24,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069022252,"flow_last_seen":1430069022295,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1430069022295,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25117,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-gp.talk.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"110.76.141.26"}}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022297,"flow_last_seen":1430069022297,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069022297,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"103.246.57.251","src_port":51021,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00805{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":24,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1430069022252,"flow_last_seen":1430069022295,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":120,"midstream":0,"thread_ts_msec":1430069022295,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25117,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-gp.talk.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"110.76.141.26"}}
00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069022297,"flow_last_seen":1430069022297,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069022297,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"103.246.57.251","src_port":51021,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1430069022297,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069022297,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADzzVkAAPwZJoAoYUrxn9jn7x00fkMsN9JkAAAAAoAI5CGIPAAACBAV4BAIICgALB88AAAAAAQMDBw=="}
00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1430069022411,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069022411,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADwAAEAALQZO92f2OfsKGFK8H5DHTSs\/AzbLDfSaoBIWoGVTAAACBAV4BAIICpj2V6UACwfPAQMDCQ=="}
00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1430069022419,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1430069022419,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADTzV0AAPwZJpwoYUrxn9jn7x00fkMsN9JorPwM3gBAAc6oGAAABAQgKAAsH25j2V6U="}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069026012,"flow_last_seen":1430069026012,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069026012,"l3_proto":"ip4","src_ip":"216.58.221.10","dst_ip":"10.24.82.188","src_port":80,"dst_port":35922,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069026012,"flow_last_seen":1430069026012,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069026012,"l3_proto":"ip4","src_ip":"216.58.221.10","dst_ip":"10.24.82.188","src_port":80,"dst_port":35922,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1430069026012,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069026012,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcACiq7kAArAYRrNg63QoKGFK8AFCMUmKi4jFDN+TzUBH\/\/6QYAAA="}
00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1430069026058,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069026058,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACgAAEAAPwYptwoYUrzYOt0KjFIAUEM35dFioucAUBA+dl\/2AAA="}
00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1430069026148,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069026148,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcACiq70AArQYQq9g63QoKGFK8AFCMUmKi4jFDN+TzUBH\/\/6QYAAA="}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069026370,"flow_last_seen":1430069026370,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069026370,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35503,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069026370,"flow_last_seen":1430069026370,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069026370,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35503,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1430069026370,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069026370,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADzmtkAAPwbpMgoYUryt\/GECiq8Bu\/wa79AAAAAAoAI5CCGaAAACBAV4BAIICgALCWYAAAAAAQMDBw=="}
00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1430069027366,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069027366,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADzmt0AAPwbpMQoYUryt\/GECiq8Bu\/wa79AAAAAAoAI5CCE2AAACBAV4BAIICgALCcoAAAAAAQMDBw=="}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1430069027408,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1430069027408,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACyOBEAA+AaI9K38YQIKGFK8AbuKr2Aiq0X8Gu\/RYBIRHJekAAACBAV4"}
00950{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1430069026370,"flow_last_seen":1430069027422,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1430069027422,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35503,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069028075,"flow_last_seen":1430069028075,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069028075,"l3_proto":"ip4","src_ip":"120.28.26.242","dst_ip":"10.24.82.188","src_port":80,"dst_port":34503,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00956{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1430069026370,"flow_last_seen":1430069027422,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"midstream":0,"thread_ts_msec":1430069027422,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35503,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069028075,"flow_last_seen":1430069028075,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069028075,"l3_proto":"ip4","src_ip":"120.28.26.242","dst_ip":"10.24.82.188","src_port":80,"dst_port":34503,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1430069028075,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069028075,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACgUEEAA+AZ+3XgcGvIKGFK8AFCGx0Ds0yKXy0vyUBQAAEEKAAA="}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069030083,"flow_last_seen":1430069030083,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1430069030083,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":61011,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069030083,"flow_last_seen":1430069030083,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"midstream":0,"thread_ts_msec":1430069030083,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":61011,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3}
00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1430069030083,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"thread_ts_msec":1430069030083,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAEEAAEAAQBHSGwoYUrwKvAEB7lMANQAt50i5OgEAAAEAAAAAAAAJcGx1cy10YWxrBWtha2FvA2NvbQAAAQAB"}
00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069030083,"flow_last_seen":1430069030083,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1430069030083,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":61011,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"plus-talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":54,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069030083,"flow_last_seen":1430069030083,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1430069030083,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.191.1","src_port":61011,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3}
00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069030083,"flow_last_seen":1430069030083,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"midstream":0,"thread_ts_msec":1430069030083,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":61011,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"plus-talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":54,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069030083,"flow_last_seen":1430069030083,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"midstream":0,"thread_ts_msec":1430069030083,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.191.1","src_port":61011,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3}
00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1430069030083,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"thread_ts_msec":1430069030083,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAEEAAEAAQBEUGwoYUrwKvL8B7lMANQAtKUi5OgEAAAEAAAAAAAAJcGx1cy10YWxrBWtha2FvA2NvbQAAAQAB"}
00785{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069030083,"flow_last_seen":1430069030083,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1430069030083,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.191.1","src_port":61011,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"plus-talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069030083,"flow_last_seen":1430069030083,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"midstream":0,"thread_ts_msec":1430069030083,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.191.1","src_port":61011,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"plus-talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1430069030115,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":119,"pkt_l4_len":83,"thread_ts_msec":1430069030115,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAGccBgAANREA8Aq8AQEKGFK8ADXuUwBTwyO5OoGAAAEAAgAAAAAJcGx1cy10YWxrBWtha2FvA2NvbQAAAQABwAwABQABAAAHYwAKBHBsdXMCZ2zAFsAxAAEAAQAAAQkABNJn8A8="}
00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":55,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069030083,"flow_last_seen":1430069030115,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1430069030115,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":61011,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"plus-talk.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"210.103.240.15"}}
00805{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":55,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1430069030083,"flow_last_seen":1430069030115,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":112,"midstream":0,"thread_ts_msec":1430069030115,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":61011,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"plus-talk.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"210.103.240.15"}}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1430069030119,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":119,"pkt_l4_len":83,"thread_ts_msec":1430069030119,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAGf90QAANRFhIwq8vwEKGFK8ADXuUwBTEye5OoGAAAEAAgAAAAAJcGx1cy10YWxrBWtha2FvA2NvbQAAAQABwAwABQABAAADlQAKBHBsdXMCZ2zAFsAxAAEAAQAAAMkABNJn8A8="}
00801{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":56,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069030083,"flow_last_seen":1430069030119,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1430069030119,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.191.1","src_port":61011,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"plus-talk.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"210.103.240.15"}}
00561{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069030119,"flow_last_seen":1430069030119,"flow_idle_time":140000,"flow_min_l4_payload_len":111,"flow_max_l4_payload_len":111,"flow_tot_l4_payload_len":111,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1430069030119,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.191.1","l4_proto":"icmp","flow_datalink":113,"flow_max_packets":3}
00807{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":56,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1430069030083,"flow_last_seen":1430069030119,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":112,"midstream":0,"thread_ts_msec":1430069030119,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.191.1","src_port":61011,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"plus-talk.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"210.103.240.15"}}
00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069030119,"flow_last_seen":1430069030119,"flow_idle_time":140000,"flow_min_l4_payload_len":111,"flow_max_l4_payload_len":111,"flow_tot_l4_payload_len":111,"midstream":0,"thread_ts_msec":1430069030119,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.191.1","l4_proto":"icmp","flow_datalink":113,"flow_max_packets":3}
00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1430069030119,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":147,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":147,"pkt_l4_len":111,"thread_ts_msec":1430069030119,"pkt":"AAQCEgAAAAAAAAAAAAAIAEXAAIMZuAAAQAE5cQoYUrwKvL8BAwMj8wAAAABFAABn\/dEAADURYSMKvL8BChhSvAA17lMAUxMnuTqBgAABAAIAAAAACXBsdXMtdGFsawVrYWthbwNjb20AAAEAAcAMAAUAAQAAA5UACgRwbHVzAmdswBbAMQABAAEAAADJAATSZ\/AP"}
00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069030119,"flow_last_seen":1430069030119,"flow_idle_time":140000,"flow_min_l4_payload_len":111,"flow_max_l4_payload_len":111,"flow_tot_l4_payload_len":111,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1430069030119,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.191.1","l4_proto":"icmp","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":4.755603}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069030121,"flow_last_seen":1430069030121,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069030121,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":37821,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069030119,"flow_last_seen":1430069030119,"flow_idle_time":140000,"flow_min_l4_payload_len":111,"flow_max_l4_payload_len":111,"flow_tot_l4_payload_len":111,"midstream":0,"thread_ts_msec":1430069030119,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.191.1","l4_proto":"icmp","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":4.755603}
00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069030121,"flow_last_seen":1430069030121,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069030121,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":37821,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1430069030121,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069030121,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADwrfUAAPwbw8woYUrzSZ\/APk70Bu6\/qIaMAAAAAoAI5CH35AAACBAV4BAIICgALCt4AAAAAAQMDBw=="}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1430069030159,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1430069030159,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACwUQ0AA+AZPPdJn8A8KGFK8AbuTvWC6rQuv6iGkYBIRHPMdAAACBAV4"}
00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1430069030162,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069030162,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACgrfkAAPwbxBgoYUrzSZ\/APk70Bu6\/qIaRguq0MUBA5COKyAAA="}
00934{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069030121,"flow_last_seen":1430069030171,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1430069030171,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":37821,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01085{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":64,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1430069030121,"flow_last_seen":1430069030296,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1496,"flow_avg_l4_payload_len":213,"midstream":0,"thread_ts_msec":1430069030296,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":37821,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"4192c0a946c5bd9b544b4656d9f624a4","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}}
01341{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":70,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1430069030121,"flow_last_seen":1430069030336,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":3736,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1430069030336,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":37821,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.KakaoTalk","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.kakao.com","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"4192c0a946c5bd9b544b4656d9f624a4","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Thawte, Inc., CN=Thawte SSL CA","subjectDN":"C=KR, ST=Gyeonggi-do, L=Seongnam-si, O=Kakao Corp., CN=*.kakao.com","fingerprint":"0D:14:6D:8D:5E:EB:F5:F5:42:87:CD:AB:AE:A1:DC:AA:5A:76:6F:E4"}}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069030508,"flow_last_seen":1430069030508,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069030508,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":37553,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00940{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1430069030121,"flow_last_seen":1430069030171,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"midstream":0,"thread_ts_msec":1430069030171,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":37821,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01090{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":64,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1430069030121,"flow_last_seen":1430069030296,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1496,"midstream":0,"thread_ts_msec":1430069030296,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":37821,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"4192c0a946c5bd9b544b4656d9f624a4","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}}
01345{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":70,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":7,"flow_first_seen":1430069030121,"flow_last_seen":1430069030336,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":3736,"midstream":0,"thread_ts_msec":1430069030336,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":37821,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.KakaoTalk","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.kakao.com","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"4192c0a946c5bd9b544b4656d9f624a4","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Thawte, Inc., CN=Thawte SSL CA","subjectDN":"C=KR, ST=Gyeonggi-do, L=Seongnam-si, O=Kakao Corp., CN=*.kakao.com","fingerprint":"0D:14:6D:8D:5E:EB:F5:F5:42:87:CD:AB:AE:A1:DC:AA:5A:76:6F:E4"}}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069030508,"flow_last_seen":1430069030508,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069030508,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":37553,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1430069030508,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069030508,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADz6+UAAPwaAjQoYUrwfDURUkrEAUI6+8f0AAAAAoAI5CDAyAAACBAV4BAIICgALCwQAAAAAAQMDBw=="}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1430069030549,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1430069030549,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACy6BkAA+AYIkB8NRFQKGFK8AFCSsWQ58S+OvvH+YBIRHF3ZAAACBAV4"}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1430069030552,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069030552,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACj6+kAAPwaAoAoYUrwfDURUkrEAUI6+8f5kOfEwUBA5CE1uAAA="}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069030557,"flow_last_seen":1430069030557,"flow_idle_time":7580000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"thread_ts_msec":1430069030557,"l3_proto":"ip4","src_ip":"31.13.68.73","dst_ip":"10.24.82.188","src_port":443,"dst_port":47007,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069030557,"flow_last_seen":1430069030557,"flow_idle_time":7580000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"midstream":1,"thread_ts_msec":1430069030557,"l3_proto":"ip4","src_ip":"31.13.68.73","dst_ip":"10.24.82.188","src_port":443,"dst_port":47007,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1430069030557,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":83,"pkt_l4_len":47,"thread_ts_msec":1430069030557,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAEMbkEAAjgYQ+x8NREkKGFK8Abu3n2dAc1oKhoE3UBigBOCLAAAVAwEAFgdiLTjhEFi+7He1g59CCs5hRzaz7rI="}
00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069030557,"flow_last_seen":1430069030557,"flow_idle_time":7580000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"thread_ts_msec":1430069030557,"l3_proto":"ip4","src_ip":"31.13.68.73","dst_ip":"10.24.82.188","src_port":443,"dst_port":47007,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069030557,"flow_last_seen":1430069030557,"flow_idle_time":7580000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"midstream":1,"thread_ts_msec":1430069030557,"l3_proto":"ip4","src_ip":"31.13.68.73","dst_ip":"10.24.82.188","src_port":443,"dst_port":47007,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1430069030557,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069030557,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACgOyEAAQAZr3goYUrwfDURJt58BuwqGgTdnQHN1UBBuKMBEAAA="}
00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":1430069030557,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069030557,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACgbkUAAjgYRFR8NREkKGFK8Abu3n2dAc3UKhoE3UBGgBC\/XAAA="}
00850{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069030508,"flow_last_seen":1430069030600,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1430069030600,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":37553,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"www.facebook.com","url":"www.facebook.com\/mobile\/status.php","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.3.0.KXDMICB)"}}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":90,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069030703,"flow_last_seen":1430069030703,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1430069030703,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":24596,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3}
00856{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1430069030508,"flow_last_seen":1430069030600,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"midstream":0,"thread_ts_msec":1430069030600,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":37553,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"www.facebook.com","url":"www.facebook.com\/mobile\/status.php","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.3.0.KXDMICB)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":90,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069030703,"flow_last_seen":1430069030703,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"midstream":0,"thread_ts_msec":1430069030703,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":24596,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3}
00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1430069030703,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":78,"pkt_l4_len":42,"thread_ts_msec":1430069030703,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAD4AAEAAQBHSHgoYUrwKvAEBYBQANQAqICQnwAEAAAEAAAAAAAADYXBpCGZhY2Vib29rA2NvbQAAAQAB"}
00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069030703,"flow_last_seen":1430069030703,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1430069030703,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":24596,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"api.facebook.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
01003{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":91,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1430069026370,"flow_last_seen":1430069030731,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1648,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1430069030731,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35503,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"}}
01792{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":95,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1430069026370,"flow_last_seen":1430069030740,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":3915,"flow_avg_l4_payload_len":261,"midstream":0,"thread_ts_msec":1430069030740,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35503,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4"}}
00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069030703,"flow_last_seen":1430069030703,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"midstream":0,"thread_ts_msec":1430069030703,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":24596,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"api.facebook.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
01007{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":91,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1430069026370,"flow_last_seen":1430069030731,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1648,"midstream":0,"thread_ts_msec":1430069030731,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35503,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"}}
01796{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":95,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1430069026370,"flow_last_seen":1430069030740,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":3915,"midstream":0,"thread_ts_msec":1430069030740,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35503,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4"}}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1430069030748,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":118,"pkt_l4_len":82,"thread_ts_msec":1430069030748,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAGbtpgAANREvUAq8AQEKGFK8ADVgFABSeRsnwIGAAAEAAgAAAAADYXBpCGZhY2Vib29rA2NvbQAAAQABwAwABQABAAAD6wAMBHN0YXIEYzEwcsAQwC4AAQABAAAACQAEHw1EVA=="}
00794{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":98,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069030703,"flow_last_seen":1430069030748,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":74,"flow_tot_l4_payload_len":108,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1430069030748,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":24596,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"api.facebook.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"31.13.68.84"}}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":99,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069030751,"flow_last_seen":1430069030751,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069030751,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45209,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00800{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":98,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1430069030703,"flow_last_seen":1430069030748,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":74,"flow_tot_l4_payload_len":108,"midstream":0,"thread_ts_msec":1430069030748,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":24596,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"api.facebook.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"31.13.68.84"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":99,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069030751,"flow_last_seen":1430069030751,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069030751,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45209,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1430069030751,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069030751,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADwzN0AAPwZIUAoYUrwfDURUsJkBu9qbOCoAAAAAoAI5CH68AAACBAV4BAIICgALCx0AAAAAAQMDBw=="}
00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1430069030835,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069030835,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADwAAEAAjgYshx8NRFQKGFK8AbuwmcDC6aramzgroBKpsCsUAAACBAV4BAIICqKRlfAACwsdAQMDBg=="}
00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_last_seen":1430069030839,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1430069030839,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADQzOEAAPwZIVwoYUrwfDURUsJkBu9qbOCvAwumrgBAAcwLZAAABAQgKAAsLJaKRlfA="}
00974{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":103,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069030751,"flow_last_seen":1430069030840,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":563,"flow_tot_l4_payload_len":563,"flow_avg_l4_payload_len":140,"midstream":0,"thread_ts_msec":1430069030840,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45209,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.facebook.com","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":109,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069030978,"flow_last_seen":1430069030978,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1430069030978,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":19582,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3}
00979{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":103,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1430069030751,"flow_last_seen":1430069030840,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":563,"flow_tot_l4_payload_len":563,"midstream":0,"thread_ts_msec":1430069030840,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45209,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.facebook.com","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":109,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069030978,"flow_last_seen":1430069030978,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"midstream":0,"thread_ts_msec":1430069030978,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":19582,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3}
00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1430069030978,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":80,"pkt_l4_len":44,"thread_ts_msec":1430069030978,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAEAAAEAAQBHSHAoYUrwKvAEBTH4ANQAsPIiqhwEAAAEAAAAAAAAFZ3JhcGgIZmFjZWJvb2sDY29tAAABAAE="}
00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069030978,"flow_last_seen":1430069030978,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1430069030978,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":19582,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"graph.facebook.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
01032{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":111,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1430069030751,"flow_last_seen":1430069031001,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1951,"flow_avg_l4_payload_len":325,"midstream":0,"thread_ts_msec":1430069031001,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45209,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.facebook.com","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"6806b8fe92d7d465715d771eb102ff04","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"}}
01822{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":115,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1430069030751,"flow_last_seen":1430069031013,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":4134,"flow_avg_l4_payload_len":413,"midstream":0,"thread_ts_msec":1430069031013,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45209,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.facebook.com","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"6806b8fe92d7d465715d771eb102ff04","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4"}}
00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069030978,"flow_last_seen":1430069030978,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"midstream":0,"thread_ts_msec":1430069030978,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":19582,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"graph.facebook.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
01037{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":111,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1430069030751,"flow_last_seen":1430069031001,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1951,"midstream":0,"thread_ts_msec":1430069031001,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45209,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.facebook.com","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"6806b8fe92d7d465715d771eb102ff04","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"}}
01826{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":115,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1430069030751,"flow_last_seen":1430069031013,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":4134,"midstream":0,"thread_ts_msec":1430069031013,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45209,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.facebook.com","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"6806b8fe92d7d465715d771eb102ff04","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4"}}
00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1430069031017,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":138,"pkt_l4_len":102,"thread_ts_msec":1430069031017,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAHocCwAANREA2Aq8AQEKGFK8ADVMfgBmmjSqh4GAAAEAAwAAAAAFZ3JhcGgIZmFjZWJvb2sDY29tAAABAAHADAAFAAEAAAVxAAYDYXBpwBLAMAAFAAEAAAV2AAwEc3RhcgRjMTBywBLAQgABAAEAAAARAAQfDURG"}
00797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":117,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069030978,"flow_last_seen":1430069031017,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":94,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1430069031017,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":19582,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"graph.facebook.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"31.13.68.70"}}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":119,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069031042,"flow_last_seen":1430069031042,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069031042,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.70","src_port":43581,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00803{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":117,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1430069030978,"flow_last_seen":1430069031017,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":94,"flow_tot_l4_payload_len":130,"midstream":0,"thread_ts_msec":1430069031017,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":19582,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"graph.facebook.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"31.13.68.70"}}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":119,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069031042,"flow_last_seen":1430069031042,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069031042,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.70","src_port":43581,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1430069031042,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069031042,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADx6qUAAPwYA7AoYUrwfDURGqj0Bu4p9cZMAAAAAoAI5CJu+AAACBAV4BAIICgALCzoAAAAAAQMDBw=="}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1430069031079,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1430069031079,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACwwtUAA+AaR7x8NREYKGFK8AbuqPWAZ05aKfXGUYBIRHOtUAAACBAV4"}
00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1430069031083,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069031083,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACh6qkAAPwYA\/woYUrwfDURGqj0Bu4p9cZRgGdOXUBA5CNrpAAA="}
00976{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":123,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069031042,"flow_last_seen":1430069031083,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":565,"flow_tot_l4_payload_len":565,"flow_avg_l4_payload_len":141,"midstream":0,"thread_ts_msec":1430069031083,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.70","src_port":43581,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"graph.facebook.com","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":127,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069031167,"flow_last_seen":1430069031167,"flow_idle_time":200000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1430069031167,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":4017,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3}
00981{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":123,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1430069031042,"flow_last_seen":1430069031083,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":565,"flow_tot_l4_payload_len":565,"midstream":0,"thread_ts_msec":1430069031083,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.70","src_port":43581,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"graph.facebook.com","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":127,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069031167,"flow_last_seen":1430069031167,"flow_idle_time":200000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"midstream":0,"thread_ts_msec":1430069031167,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":4017,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3}
00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":127,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1430069031167,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":85,"pkt_l4_len":49,"thread_ts_msec":1430069031167,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAEUAAEAAQBHSFwoYUrwKvAEBD7EANQAxznCJ\/wEAAAEAAAAAAAAKZGV2ZWxvcGVycwhmYWNlYm9vawNjb20AAAEAAQ=="}
00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":127,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069031167,"flow_last_seen":1430069031167,"flow_idle_time":200000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1430069031167,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":4017,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"developers.facebook.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
01034{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":132,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1430069031042,"flow_last_seen":1430069031203,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1845,"flow_avg_l4_payload_len":263,"midstream":0,"thread_ts_msec":1430069031203,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.70","src_port":43581,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"graph.facebook.com","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"6806b8fe92d7d465715d771eb102ff04","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"}}
01824{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":138,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1430069031042,"flow_last_seen":1430069031220,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":4136,"flow_avg_l4_payload_len":344,"midstream":0,"thread_ts_msec":1430069031220,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.70","src_port":43581,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"graph.facebook.com","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"6806b8fe92d7d465715d771eb102ff04","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4"}}
00794{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":127,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069031167,"flow_last_seen":1430069031167,"flow_idle_time":200000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"midstream":0,"thread_ts_msec":1430069031167,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":4017,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"developers.facebook.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
01039{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":132,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1430069031042,"flow_last_seen":1430069031203,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1845,"midstream":0,"thread_ts_msec":1430069031203,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.70","src_port":43581,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"graph.facebook.com","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"6806b8fe92d7d465715d771eb102ff04","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"}}
01828{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":138,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1430069031042,"flow_last_seen":1430069031220,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":4136,"midstream":0,"thread_ts_msec":1430069031220,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.70","src_port":43581,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"graph.facebook.com","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"6806b8fe92d7d465715d771eb102ff04","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4"}}
00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1430069031221,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":144,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":144,"pkt_l4_len":108,"thread_ts_msec":1430069031221,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAIDtrgAANREvLgq8AQEKGFK8ADUPsQBsjjKJ\/4GAAAEAAwAAAAAKZGV2ZWxvcGVycwhmYWNlYm9vawNjb20AAAEAAcAMAAUAAQAAA+oABwRzdGFywBfANQAFAAEAAAPqAAwEc3RhcgRjMTBywBfASAABAAEAAAAIAAQfDURU"}
00802{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":139,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069031167,"flow_last_seen":1430069031221,"flow_idle_time":200000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1430069031221,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":4017,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"developers.facebook.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"31.13.68.84"}}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":144,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069031230,"flow_last_seen":1430069031230,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1430069031230,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":14650,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3}
00808{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":139,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1430069031167,"flow_last_seen":1430069031221,"flow_idle_time":200000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":141,"midstream":0,"thread_ts_msec":1430069031221,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":4017,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"developers.facebook.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"31.13.68.84"}}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":144,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069031230,"flow_last_seen":1430069031230,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"midstream":0,"thread_ts_msec":1430069031230,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":14650,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3}
00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1430069031230,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":87,"pkt_l4_len":51,"thread_ts_msec":1430069031230,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAEcAAEAAQBHSFQoYUrwKvAEBOToANQAzWvOyogEAAAEAAAAAAAABMgI5NwMyNTIDMTczB2luLWFkZHIEYXJwYQAADAAB"}
00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":144,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069031230,"flow_last_seen":1430069031230,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1430069031230,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":14650,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"2.97.252.173.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":146,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069031236,"flow_last_seen":1430069031236,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069031236,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45211,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":144,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069031230,"flow_last_seen":1430069031230,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"midstream":0,"thread_ts_msec":1430069031230,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":14650,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"2.97.252.173.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":146,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069031236,"flow_last_seen":1430069031236,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069031236,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45211,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1430069031236,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069031236,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADxjDkAAPwYYeQoYUrwfDURUsJsBu8tPaEMAAAAAoAI5CF29AAACBAV4BAIICgALC00AAAAAAQMDBw=="}
00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":147,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1430069031281,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":130,"pkt_l4_len":94,"thread_ts_msec":1430069031281,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAHLtrwAANREvOwq8AQEKGFK8ADU5OgBeI2eyooGAAAEAAQAAAAABMgI5NwMyNTIDMTczB2luLWFkZHIEYXJwYQAADAABwAwADAABAAAEYQAfEG1xdHQtc2h2LTE0LWZyYzEIZmFjZWJvb2sDY29tAA=="}
00794{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":147,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069031230,"flow_last_seen":1430069031281,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":129,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1430069031281,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":14650,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"2.97.252.173.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
00800{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":147,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1430069031230,"flow_last_seen":1430069031281,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":129,"midstream":0,"thread_ts_msec":1430069031281,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":14650,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"2.97.252.173.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":148,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1430069031281,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1430069031281,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACw2WEAA+AaMPh8NRFQKGFK8Abuwm2JwnlDLT2hEYBIRHOBVAAACBAV4"}
00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":149,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":1430069031284,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069031284,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAChjD0AAPwYYjAoYUrwfDURUsJsBu8tPaERicJ5RUBA5CM\/qAAA="}
00981{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":150,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069031236,"flow_last_seen":1430069031286,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":570,"flow_tot_l4_payload_len":570,"flow_avg_l4_payload_len":142,"midstream":0,"thread_ts_msec":1430069031286,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"developers.facebook.com","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01039{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":161,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1430069031236,"flow_last_seen":1430069031391,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1850,"flow_avg_l4_payload_len":264,"midstream":0,"thread_ts_msec":1430069031391,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"developers.facebook.com","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"6806b8fe92d7d465715d771eb102ff04","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"}}
01829{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":164,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1430069031236,"flow_last_seen":1430069031408,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":4141,"flow_avg_l4_payload_len":414,"midstream":0,"thread_ts_msec":1430069031408,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"developers.facebook.com","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"6806b8fe92d7d465715d771eb102ff04","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4"}}
00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":186,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069031611,"flow_last_seen":1430069031611,"flow_idle_time":7580000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":1,"thread_ts_msec":1430069031611,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58927,"dst_port":5223,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00986{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":150,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1430069031236,"flow_last_seen":1430069031286,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":570,"flow_tot_l4_payload_len":570,"midstream":0,"thread_ts_msec":1430069031286,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"developers.facebook.com","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01044{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":161,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1430069031236,"flow_last_seen":1430069031391,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1850,"midstream":0,"thread_ts_msec":1430069031391,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"developers.facebook.com","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"6806b8fe92d7d465715d771eb102ff04","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"}}
01833{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":164,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1430069031236,"flow_last_seen":1430069031408,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":4141,"midstream":0,"thread_ts_msec":1430069031408,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"developers.facebook.com","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"6806b8fe92d7d465715d771eb102ff04","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4"}}
00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":186,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069031611,"flow_last_seen":1430069031611,"flow_idle_time":7580000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"midstream":1,"thread_ts_msec":1430069031611,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58927,"dst_port":5223,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":186,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1430069031611,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":113,"pkt_l4_len":77,"thread_ts_msec":1430069031611,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAGHTnUAAQAbVXgoYUrw2\/\/3H5i8UZ+uf0VkGiXPCgBgCYxkQAAABAQgKAAKTKDTnT0kXAwEAKNOo\/lFrrxEtj1oyrBEybZXAvF7754xqLjvuYfV0gCpDpumAA3\/lW60="}
00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":186,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069031611,"flow_last_seen":1430069031611,"flow_idle_time":7580000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":1,"thread_ts_msec":1430069031611,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58927,"dst_port":5223,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":210,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069035398,"flow_last_seen":1430069035398,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069035398,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":42332,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00795{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":186,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069031611,"flow_last_seen":1430069031611,"flow_idle_time":7580000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"midstream":1,"thread_ts_msec":1430069031611,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58927,"dst_port":5223,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":210,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069035398,"flow_last_seen":1430069035398,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069035398,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":42332,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1430069035398,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069035398,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAChV8UAAQAbFkwoYUrzSZ\/APpVwBu+YrTKNirTiWUBFpAB9mAAA="}
00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":211,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1430069035537,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069035537,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACgkaUAAjgapG9Jn8A8KGFK8AbulXGKtOJbmK0ykUBCkj3bOAAA="}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":212,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069035840,"flow_last_seen":1430069035840,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069035840,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":37557,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":212,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069035840,"flow_last_seen":1430069035840,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069035840,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":37557,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":212,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1430069035840,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069035840,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADytk0AAPwbN8woYUrwfDURUkrUAUM0qoIsAAAAAoAI5CEEgAAACBAV4BAIICgALDRgAAAAAAQMDBw=="}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1430069035877,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1430069035877,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACxm7kAA+AZbqB8NRFQKGFK8AFCStWTibgPNKqCMYBIRHPNeAAACBAV4"}
00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_last_seen":1430069035880,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069035880,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACitlEAAPwbOBgoYUrwfDURUkrUAUM0qoIxk4m4EUBA5COLzAAA="}
00851{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":216,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1430069035840,"flow_last_seen":1430069035921,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1430069035921,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":37557,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"www.facebook.com","url":"www.facebook.com\/mobile\/status.php","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.3.0.KXDMICB)"}}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":217,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069035967,"flow_last_seen":1430069035967,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069035967,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45213,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":216,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1430069035840,"flow_last_seen":1430069035921,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"midstream":0,"thread_ts_msec":1430069035921,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":37557,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"www.facebook.com","url":"www.facebook.com\/mobile\/status.php","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.3.0.KXDMICB)"}}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":217,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069035967,"flow_last_seen":1430069035967,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069035967,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45213,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1430069035967,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069035967,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADzw1UAAPwaKsQoYUrwfDURUsJ0Bu3W4\/fMAAAAAoAI5CBvJAAACBAV4BAIICgALDSYAAAAAAQMDBw=="}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1430069036008,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1430069036008,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACxGQkAA+AZ8VB8NRFQKGFK8AbuwnWIYU8F1uP30YBIRHOshAAACBAV4"}
00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":1430069036010,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069036010,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACjw1kAAPwaKxAoYUrwfDURUsJ0Bu3W4\/fRiGFPCUBA5CNq2AAA="}
00950{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069035967,"flow_last_seen":1430069036012,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1430069036012,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45213,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":228,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069036068,"flow_last_seen":1430069036068,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069036068,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35511,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00956{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1430069035967,"flow_last_seen":1430069036012,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"midstream":0,"thread_ts_msec":1430069036012,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45213,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":228,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069036068,"flow_last_seen":1430069036068,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069036068,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35511,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":228,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1430069036068,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069036068,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADwqSkAAPwalnwoYUryt\/GECircBu1PEJ3oAAAAAoAI5CI51AAACBAV4BAIICgALDTAAAAAAAQMDBw=="}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":229,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":1430069036109,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1430069036109,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACzrl0AA+AYrYa38YQIKGFK8AbuKt2bo6WFTxCd7YBIRHMNnAAACBAV4"}
00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":230,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_last_seen":1430069036113,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069036113,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACgqS0AAPwalsgoYUryt\/GECircBu1PEJ3tm6OliUBA5CLL8AAA="}
00951{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":231,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069036068,"flow_last_seen":1430069036116,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1430069036116,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35511,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01002{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":232,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1430069035967,"flow_last_seen":1430069036121,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1464,"flow_avg_l4_payload_len":209,"midstream":0,"thread_ts_msec":1430069036121,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45213,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"}}
01792{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":240,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1430069035967,"flow_last_seen":1430069036179,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":3732,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1430069036179,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45213,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4"}}
01003{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":258,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1430069036068,"flow_last_seen":1430069036608,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1464,"flow_avg_l4_payload_len":209,"midstream":0,"thread_ts_msec":1430069036608,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35511,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"}}
01792{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":260,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1430069036068,"flow_last_seen":1430069036612,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":3731,"flow_avg_l4_payload_len":414,"midstream":0,"thread_ts_msec":1430069036612,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35511,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4"}}
00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":293,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069044758,"flow_last_seen":1430069044758,"flow_idle_time":7580000,"flow_min_l4_payload_len":247,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":247,"flow_avg_l4_payload_len":247,"midstream":1,"thread_ts_msec":1430069044758,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00957{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":231,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1430069036068,"flow_last_seen":1430069036116,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"midstream":0,"thread_ts_msec":1430069036116,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35511,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01007{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":232,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1430069035967,"flow_last_seen":1430069036121,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1464,"midstream":0,"thread_ts_msec":1430069036121,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45213,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"}}
01796{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":240,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":7,"flow_first_seen":1430069035967,"flow_last_seen":1430069036179,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":3732,"midstream":0,"thread_ts_msec":1430069036179,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45213,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4"}}
01008{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":258,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1430069036068,"flow_last_seen":1430069036608,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1464,"midstream":0,"thread_ts_msec":1430069036608,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35511,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"}}
01797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":260,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1430069036068,"flow_last_seen":1430069036612,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":3731,"midstream":0,"thread_ts_msec":1430069036612,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35511,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4"}}
00600{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":293,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069044758,"flow_last_seen":1430069044758,"flow_idle_time":7580000,"flow_min_l4_payload_len":247,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":247,"midstream":1,"thread_ts_msec":1430069044758,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00803{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":293,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1430069044758,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":303,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":303,"pkt_l4_len":267,"thread_ts_msec":1430069044758,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAR8KJUAAjgb4zIuWAH0KGFK8Abu3Y2Ij0KVRKAPiUBigLueuAADzAAAApDlIVrVdqRc+Gkt7POZ3i2OlkuY4MMfPTZY9G4U0YFfr\/Io7pOCQe3JDBNAmPdEpHGIlOOWztPzNgfmCZdfJbXa\/FjyLrCbe\/cKrmuhEYDyIPsoQcOHY3YFPdOkSmKChheXsyu06po9uQ1CWTJDZfqoByGUY9M3+\/torvsssHclmFyrgMhiQBPDR+\/p96Y\/\/sK6VRP8W+SfBO5i7Jg3brhWvS81m7IbytFR73ZERAlFn0QejuZzhem715ywfbXU8ySrwRBK2cs3ywClzqW\/s7h0teJNcn45XHRR+Z0ZTPA29+kHM57k5C1faf1I\/3jeLMDw\/"}
00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":295,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1430069044836,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069044836,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACjTekAAQAZ+bgoYUryLlgB9t2MBu1EoA+JiI9GcUBCIgOkBAAA="}
00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":296,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_last_seen":1430069044940,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":98,"pkt_l4_len":62,"thread_ts_msec":1430069044940,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAFLTe0AAQAZ+QwoYUryLlgB9t2MBu1EoA+JiI9GcUBiIgH9kAAAmAAAApDlIVrVdqRc+Gkt7POZ3i2OlX+Y4MArPTZYlBp4hfXC7UiHVW\/8="}
00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_last_seen":1430069048642,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069048642,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACgkakAAjgapGtJn8A8KGFK8AbulXNdU3uvmK0ykUBSkj1vNAAA="}
00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":308,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069049770,"flow_last_seen":1430069049770,"flow_idle_time":7580000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":1,"thread_ts_msec":1430069049770,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.194.72.188","src_port":34686,"dst_port":5228,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":308,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069049770,"flow_last_seen":1430069049770,"flow_idle_time":7580000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"midstream":1,"thread_ts_msec":1430069049770,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.194.72.188","src_port":34686,"dst_port":5228,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":308,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1430069049770,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":164,"pkt_l4_len":128,"thread_ts_msec":1430069049770,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAJSUZ0AAQAZSqgoYUrytwki8h34UbGWkOWcyCtXvgBgB12cmAAABAQgKAAKaQHWhBxYXAwEAW9BJTUK7bhQDJS6M4k2xveYn3KZ2THpi3b2p1WnyM44nZ0651+YzJehbLb+jV4nNEd4GZbKLQU+P8abQYninXFhPSKcNuFppnDwsImxNyj3HrOvurwOWRZpYp3o="}
00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":308,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069049770,"flow_last_seen":1430069049770,"flow_idle_time":7580000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":1,"thread_ts_msec":1430069049770,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.194.72.188","src_port":34686,"dst_port":5228,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":325,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069060011,"flow_last_seen":1430069060011,"flow_idle_time":7580000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"thread_ts_msec":1430069060011,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"216.58.220.174","src_port":49217,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":308,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069049770,"flow_last_seen":1430069049770,"flow_idle_time":7580000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"midstream":1,"thread_ts_msec":1430069049770,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.194.72.188","src_port":34686,"dst_port":5228,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":325,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069060011,"flow_last_seen":1430069060011,"flow_idle_time":7580000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"midstream":1,"thread_ts_msec":1430069060011,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"216.58.220.174","src_port":49217,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":325,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1430069060011,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":83,"pkt_l4_len":47,"thread_ts_msec":1430069060011,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAENCkUAAQAbmZgoYUrzYOtyuwEEBuxTXAEVlWZivUBiMAAFrAAAVAwEAFnnuS9reX0mqADPiihp3NglZFsDnKQA="}
00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":325,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069060011,"flow_last_seen":1430069060011,"flow_idle_time":7580000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"thread_ts_msec":1430069060011,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"216.58.220.174","src_port":49217,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":325,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069060011,"flow_last_seen":1430069060011,"flow_idle_time":7580000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"midstream":1,"thread_ts_msec":1430069060011,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"216.58.220.174","src_port":49217,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":341,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1430069072945,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1430069072945,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADTTnkAAQAbVigoYUrw2\/\/3H5i8UZ+uf0YYGiXPCgBQCY5HBAAABAQgKAAKjTTTnT0k="}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":342,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069072986,"flow_last_seen":1430069072986,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069072986,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58964,"dst_port":5223,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":342,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069072986,"flow_last_seen":1430069072986,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069072986,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58964,"dst_port":5223,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":342,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1430069072986,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069072986,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADwsMEAAQAZ88QoYUrw2\/\/3H5lQUZzqvj2AAAAAAoAI2sJHJAAACBAV4BAIICgACo1AAAAAAAQMDBQ=="}
00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1430069073186,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069073186,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADwAAEAALQa8ITb\/\/ccKGFK8FGfmVG+Fj0U6r49hoBJF6jkFAAACBAV4BAIICjTom84AAqNQAQMDCA=="}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":1430069073186,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1430069073186,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADQsMUAAQAZ8+AoYUrw2\/\/3H5lQUZzqvj2FvhY9GgBABtpHBAAABAQgKAAKjZTTom84="}
01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":345,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069072986,"flow_last_seen":1430069073201,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":78,"flow_avg_l4_payload_len":19,"midstream":0,"thread_ts_msec":1430069073201,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58964,"dst_port":5223,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"d9ce50c62ab1fd5932da3c6b6d406c65","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069022058,"flow_last_seen":1430069022094,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":41909,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
00695{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1430069030508,"flow_last_seen":1430069052317,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":470,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":37553,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"}}
00695{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1430069035840,"flow_last_seen":1430069057806,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":470,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":37557,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"}}
00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069030978,"flow_last_seen":1430069031017,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":94,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":19582,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"}}
00835{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1430069031042,"flow_last_seen":1430069032022,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":7723,"flow_avg_l4_payload_len":227,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.70","src_port":43581,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
00831{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":38,"flow_first_seen":1430069026370,"flow_last_seen":1430069037135,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":5411,"flow_avg_l4_payload_len":142,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35503,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
00831{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1430069036068,"flow_last_seen":1430069065046,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":5108,"flow_avg_l4_payload_len":141,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35511,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
00592{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069031611,"flow_last_seen":1430069072945,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":22,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58927,"dst_port":5223,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00598{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1430069072986,"flow_last_seen":1430069073299,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1466,"flow_avg_l4_payload_len":244,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58964,"dst_port":5223,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069022059,"flow_last_seen":1430069022093,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":58810,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069022105,"flow_last_seen":1430069022234,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":56820,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069021959,"flow_last_seen":1430069022041,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":38448,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069030083,"flow_last_seen":1430069030119,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.191.1","src_port":61011,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069030083,"flow_last_seen":1430069030115,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":61011,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069022100,"flow_last_seen":1430069022234,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":5929,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
00659{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069028075,"flow_last_seen":1430069028075,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"120.28.26.242","dst_ip":"10.24.82.188","src_port":80,"dst_port":34503,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069028075,"flow_last_seen":1430069028075,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"120.28.26.242","dst_ip":"10.24.82.188","src_port":80,"dst_port":34503,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069031167,"flow_last_seen":1430069031221,"flow_idle_time":200000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":4017,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"}}
00660{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1430069030119,"flow_last_seen":1430069030119,"flow_idle_time":140000,"flow_min_l4_payload_len":111,"flow_max_l4_payload_len":111,"flow_tot_l4_payload_len":111,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.191.1","l4_proto":"icmp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}}
00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069030703,"flow_last_seen":1430069030748,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":74,"flow_tot_l4_payload_len":108,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":24596,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"}}
00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069022252,"flow_last_seen":1430069022295,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":43077,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1430069060011,"flow_last_seen":1430069060011,"flow_idle_time":7580000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"216.58.220.174","src_port":49217,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
00664{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":26,"flow_first_seen":1430069022297,"flow_last_seen":1430069069068,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":589,"flow_tot_l4_payload_len":2142,"flow_avg_l4_payload_len":82,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"103.246.57.251","src_port":51021,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}}
00597{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":26,"flow_first_seen":1430069022297,"flow_last_seen":1430069069068,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":589,"flow_tot_l4_payload_len":2142,"flow_avg_l4_payload_len":82,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"103.246.57.251","src_port":51021,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00934{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1430069030121,"flow_last_seen":1430069041457,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":5586,"flow_avg_l4_payload_len":206,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":37821,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069031230,"flow_last_seen":1430069031281,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":129,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":14650,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069022249,"flow_last_seen":1430069022282,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":29029,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069022007,"flow_last_seen":1430069022042,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":122,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":78,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":57816,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069022252,"flow_last_seen":1430069022295,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25117,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
00691{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1430069030557,"flow_last_seen":1430069030591,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":6,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"31.13.68.73","dst_ip":"10.24.82.188","src_port":443,"dst_port":47007,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069049770,"flow_last_seen":1430069049770,"flow_idle_time":7580000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.194.72.188","src_port":34686,"dst_port":5228,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069022059,"flow_last_seen":1430069022094,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":12908,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1430069035398,"flow_last_seen":1430069048679,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":42332,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1430069035398,"flow_last_seen":1430069048679,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":42332,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069022006,"flow_last_seen":1430069022041,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":92,"flow_tot_l4_payload_len":127,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":35603,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
00835{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1430069030751,"flow_last_seen":1430069031522,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":6399,"flow_avg_l4_payload_len":336,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45209,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
00835{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1430069031236,"flow_last_seen":1430069031782,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":7425,"flow_avg_l4_payload_len":256,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45211,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1430069035967,"flow_last_seen":1430069036831,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":5965,"flow_avg_l4_payload_len":213,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45213,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
00665{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1430069026012,"flow_last_seen":1430069051765,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"216.58.221.10","dst_ip":"10.24.82.188","src_port":80,"dst_port":35922,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"},"http": {}}
00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1430069026012,"flow_last_seen":1430069051765,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"216.58.221.10","dst_ip":"10.24.82.188","src_port":80,"dst_port":35922,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1430069044758,"flow_last_seen":1430069069274,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":1401,"flow_avg_l4_payload_len":77,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
00595{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1430069044758,"flow_last_seen":1430069069274,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":1401,"flow_avg_l4_payload_len":77,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069022104,"flow_last_seen":1430069022234,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":9094,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
01075{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":345,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1430069072986,"flow_last_seen":1430069073201,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":78,"midstream":0,"thread_ts_msec":1430069073201,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58964,"dst_port":5223,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"d9ce50c62ab1fd5932da3c6b6d406c65","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1430069022058,"flow_last_seen":1430069022094,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":126,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":41909,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
00700{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1430069030508,"flow_last_seen":1430069052317,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":470,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":37553,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"}}
00700{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1430069035840,"flow_last_seen":1430069057806,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":470,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":37557,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"}}
00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1430069030978,"flow_last_seen":1430069031017,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":94,"flow_tot_l4_payload_len":130,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":19582,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"}}
00841{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":17,"flow_first_seen":1430069031042,"flow_last_seen":1430069032022,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":7723,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.70","src_port":43581,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
00837{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":18,"flow_first_seen":1430069026370,"flow_last_seen":1430069037135,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":5411,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35503,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
00837{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":18,"flow_first_seen":1430069036068,"flow_last_seen":1430069065046,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":5108,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35511,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
00598{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1430069031611,"flow_last_seen":1430069072945,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58927,"dst_port":5223,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00603{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1430069072986,"flow_last_seen":1430069073299,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1466,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58964,"dst_port":5223,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1430069022059,"flow_last_seen":1430069022093,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":102,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":58810,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1430069022105,"flow_last_seen":1430069022234,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":56820,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1430069021959,"flow_last_seen":1430069022041,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":102,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":38448,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1430069030083,"flow_last_seen":1430069030119,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":112,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.191.1","src_port":61011,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1430069030083,"flow_last_seen":1430069030115,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":112,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":61011,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1430069022100,"flow_last_seen":1430069022234,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":5929,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
00666{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069028075,"flow_last_seen":1430069028075,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"120.28.26.242","dst_ip":"10.24.82.188","src_port":80,"dst_port":34503,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069028075,"flow_last_seen":1430069028075,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"120.28.26.242","dst_ip":"10.24.82.188","src_port":80,"dst_port":34503,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1430069031167,"flow_last_seen":1430069031221,"flow_idle_time":200000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":141,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":4017,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"}}
00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069030119,"flow_last_seen":1430069030119,"flow_idle_time":140000,"flow_min_l4_payload_len":111,"flow_max_l4_payload_len":111,"flow_tot_l4_payload_len":111,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.191.1","l4_proto":"icmp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}}
00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1430069030703,"flow_last_seen":1430069030748,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":74,"flow_tot_l4_payload_len":108,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":24596,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"}}
00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1430069022252,"flow_last_seen":1430069022295,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":43077,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069060011,"flow_last_seen":1430069060011,"flow_idle_time":7580000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"216.58.220.174","src_port":49217,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
00670{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":9,"flow_first_seen":1430069022297,"flow_last_seen":1430069069068,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":589,"flow_tot_l4_payload_len":2142,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"103.246.57.251","src_port":51021,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}}
00603{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":9,"flow_first_seen":1430069022297,"flow_last_seen":1430069069068,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":589,"flow_tot_l4_payload_len":2142,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"103.246.57.251","src_port":51021,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00940{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":14,"flow_first_seen":1430069030121,"flow_last_seen":1430069041457,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":5586,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":37821,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1430069031230,"flow_last_seen":1430069031281,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":129,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":14650,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1430069022249,"flow_last_seen":1430069022282,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":29029,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1430069022007,"flow_last_seen":1430069022042,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":122,"flow_tot_l4_payload_len":156,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":57816,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1430069022252,"flow_last_seen":1430069022295,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":120,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25117,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
00698{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1430069030557,"flow_last_seen":1430069030591,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"31.13.68.73","dst_ip":"10.24.82.188","src_port":443,"dst_port":47007,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
00600{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069049770,"flow_last_seen":1430069049770,"flow_idle_time":7580000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.194.72.188","src_port":34686,"dst_port":5228,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1430069022059,"flow_last_seen":1430069022094,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":12908,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":3,"flow_first_seen":1430069035398,"flow_last_seen":1430069048679,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":42332,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
00595{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":3,"flow_first_seen":1430069035398,"flow_last_seen":1430069048679,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":42332,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1430069022006,"flow_last_seen":1430069022041,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":92,"flow_tot_l4_payload_len":127,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":35603,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
00840{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":9,"flow_first_seen":1430069030751,"flow_last_seen":1430069031522,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":6399,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45209,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
00841{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":15,"flow_first_seen":1430069031236,"flow_last_seen":1430069031782,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":7425,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45211,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
00836{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":13,"flow_first_seen":1430069035967,"flow_last_seen":1430069036831,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":5965,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45213,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
00671{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1430069026012,"flow_last_seen":1430069051765,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"216.58.221.10","dst_ip":"10.24.82.188","src_port":80,"dst_port":35922,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"},"http": {}}
00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1430069026012,"flow_last_seen":1430069051765,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"216.58.221.10","dst_ip":"10.24.82.188","src_port":80,"dst_port":35922,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00654{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":9,"flow_first_seen":1430069044758,"flow_last_seen":1430069069274,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":1401,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
00600{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":9,"flow_first_seen":1430069044758,"flow_last_seen":1430069069274,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":1401,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1430069022104,"flow_last_seen":1430069022234,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":9094,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
00572{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","packets-captured":347,"packets-processed":347,"total-skipped-flows":0,"total-l4-payload-len":52012,"total-not-detected-flows":0,"total-guessed-flows":5,"total-detected-flows":33,"total-detection-updates":32,"total-updates":0,"current-active-flows":0,"total-active-flows":38,"total-idle-flows":38,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":236,"global_ts_msec":1430069073299}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 347/347
@@ -242,10 +242,10 @@
~~ total active/idle flows...: 38/38
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6164199 bytes
~~ total memory freed........: 6164199 bytes
~~ total memory allocated....: 6164503 bytes
~~ total memory freed........: 6164503 bytes
~~ total allocations/frees...: 121590/121590
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 466 chars
~~ json string max len.......: 1834 chars
~~ json string avg len.......: 1150 chars
~~ json string max len.......: 1838 chars
~~ json string avg len.......: 1152 chars

136
test/results/KakaoTalk_talk.pcap.out
View File

@@ -1,117 +1,117 @@
00465{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00554{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1430069140120}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069140120,"flow_last_seen":1430069140120,"flow_idle_time":7580000,"flow_min_l4_payload_len":62,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":62,"flow_avg_l4_payload_len":62,"midstream":1,"thread_ts_msec":1430069140120,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"103.246.57.251","src_port":51021,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069140120,"flow_last_seen":1430069140120,"flow_idle_time":7580000,"flow_min_l4_payload_len":62,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":62,"midstream":1,"thread_ts_msec":1430069140120,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"103.246.57.251","src_port":51021,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1430069140120,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":130,"pkt_l4_len":94,"thread_ts_msec":1430069140120,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAHLza0AAPwZJVQoYUrxn9jn7x00fkMsN+RcrPwfugBgApZHwAAABAQgKAAs11Jj3Xso6AAAArVkC\/4gP\/deLY5qAl+gvk5f8xql5QXAwvM9bb5tQyHwtP1GibAaltsw94jGcvj4NNAB8Nc8SXCTCPg=="}
00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1430069140453,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1430069140453,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADRbKkAALgby1Gf2OfsKGFK8H5DHTSs\/B+7LDflVgBAADqYIAAABAQgKmPgkmwALNdQ="}
00651{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1430069140501,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":194,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":194,"pkt_l4_len":158,"thread_ts_msec":1430069140501,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAALJbK0AALgbyVWf2OfsKGFK8H5DHTSs\/B+7LDflVgBgADj7dAAABAQgKmPgkrAALNdR6AAAArVkC\/4gP\/deLY5qAl+gvk5f8hql5QTAwvM9Zf4dQyEAJD7QL56t1BA6CZFNB9CDoZPBzNcfqISYY4Bqx6IvbToog47dFxVed4MxS159GEgFcWpzNI6MS\/uDRtBTN\/KgQO5PWR5hOlzi0NPjPSZ5ZvXYRnArc8Dv9Cys="}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069141261,"flow_last_seen":1430069141261,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069141261,"l3_proto":"ip4","src_ip":"120.28.26.242","dst_ip":"10.24.82.188","src_port":80,"dst_port":34533,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069141261,"flow_last_seen":1430069141261,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069141261,"l3_proto":"ip4","src_ip":"120.28.26.242","dst_ip":"10.24.82.188","src_port":80,"dst_port":34533,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1430069141261,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069141261,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcACgY+0AArAbF1ngcGvIKGFK8AFCG5WVqLr9xAeFBUBH\/\/1JPAAA="}
00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1430069141403,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069141403,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACjM1kAAPwZ\/FwoYUrx4HBryhuUAUHEB4UFlai7AUBA5CBlHAAA="}
00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1430069141433,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069141433,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcACgY\/EAArAbF1XgcGvIKGFK8AFCG5WVqLr9xAeFBUBH\/\/1JPAAA="}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069141923,"flow_last_seen":1430069141923,"flow_idle_time":7580000,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":89,"flow_avg_l4_payload_len":89,"midstream":1,"thread_ts_msec":1430069141923,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.185.236","src_port":58916,"dst_port":5222,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00597{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069141923,"flow_last_seen":1430069141923,"flow_idle_time":7580000,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":89,"midstream":1,"thread_ts_msec":1430069141923,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.185.236","src_port":58916,"dst_port":5222,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1430069141923,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":157,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":157,"pkt_l4_len":121,"thread_ts_msec":1430069141923,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAI3lSkAAPwYIYQoYUrw2\/7ns5iQUZtvqJ3tQl6xegBgAe+ktAAABAQgKAAs2irXIgpc8aXEgdG89J3hpYW9taS5jb20nIGlkPScwJyBjaGlkPScwJyB0eXBlPSdnZXQnPjxwaW5nIHhtbG5zPSd1cm46eG1wcDpwaW5nJz48L3Bpbmc+PC9pcT4NCg=="}
00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1430069142333,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1430069142333,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADTWOEAALQYpzDb\/uewKGFK8FGbmJFCXrF7b6ifUgBAAZ2sMAAABAQgKtcrV6gALNoo="}
00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1430069142373,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":103,"pkt_l4_len":67,"thread_ts_msec":1430069142373,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAFfWOUAALQYpqDb\/uewKGFK8FGbmJFCXrF7b6ifUgBgAZ9bAAAABAQgKtcrV6gALNoo8aXEgY2hpZD0nMCcgaWQ9JzAnIHR5cGU9J3Jlc3VsdCcvPg=="}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069159456,"flow_last_seen":1430069159456,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069159456,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"203.205.147.215","src_port":48489,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069159456,"flow_last_seen":1430069159456,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069159456,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"203.205.147.215","src_port":48489,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1430069159456,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069159456,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADzUvUAAPwaqhQoYUrzLzZPXvWkAUI8S6Z4AAAAAoAI2sOF5AAACBAV4BAIICgALPSMAAAAAAQMDBw=="}
00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1430069159814,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069159814,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADzUvkAAPwaqhAoYUrzLzZPXvWkAUI8S6Z4AAAAAoAI2sOEVAAACBAV4BAIICgALPYcAAAAAAQMDBw=="}
00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1430069161833,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069161833,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADzUv0AAPwaqgwoYUrzLzZPXvWkAUI8S6Z4AAAAAoAI2sOBNAAACBAV4BAIICgALPk8AAAAAAQMDBw=="}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069161865,"flow_last_seen":1430069161865,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069161865,"l3_proto":"ip4","src_ip":"216.58.220.161","dst_ip":"10.24.82.188","src_port":443,"dst_port":56697,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069161865,"flow_last_seen":1430069161865,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069161865,"l3_proto":"ip4","src_ip":"216.58.220.161","dst_ip":"10.24.82.188","src_port":443,"dst_port":56697,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1430069161865,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069161865,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACioy0AAjgYyVNg63KEKGFK8Abvded6D6B\/TTMkUUBSjubgsAAA="}
00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1430069159456,"flow_last_seen":1430069161892,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":609,"flow_tot_l4_payload_len":609,"flow_avg_l4_payload_len":76,"midstream":0,"thread_ts_msec":1430069161892,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"203.205.147.215","src_port":48489,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Tencent.QQ","breed":"Fun","category":"Chat"}}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069163715,"flow_last_seen":1430069163715,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069163715,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":32968,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":2,"flow_first_seen":1430069159456,"flow_last_seen":1430069161892,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":609,"flow_tot_l4_payload_len":609,"midstream":0,"thread_ts_msec":1430069161892,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"203.205.147.215","src_port":48489,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Tencent.QQ","breed":"Fun","category":"Chat"}}
00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069163715,"flow_last_seen":1430069163715,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069163715,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":32968,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1430069163715,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069163715,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADzn5UAAPwb5gwoYUrxuTI8ygMgfkPcR2OkAAAAAoAI5CAV2AAACBAV4BAIICgALPwwAAAAAAQMDBw=="}
00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1430069163856,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069163856,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADwAAEAALgbyaW5MjzIKGFK8H5CAyJJ42pD3EdjqoBI4kOpNAAACBAV4BAIICkTbaagACz8MAQMDCQ=="}
00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1430069163867,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1430069163867,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADTn5kAAPwb5igoYUrxuTI8ygMgfkPcR2OqSeNqRgBAAc1DtAAABAQgKAAs\/HETbaag="}
01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069163715,"flow_last_seen":1430069163878,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1430069163878,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":32968,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"4b79ae67eb3b2cf1c75e68ea0100ca1b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01497{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":38,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1430069163715,"flow_last_seen":1430069164107,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":852,"flow_tot_l4_payload_len":994,"flow_avg_l4_payload_len":165,"midstream":0,"thread_ts_msec":1430069164107,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":32968,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.KakaoTalk","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"4b79ae67eb3b2cf1c75e68ea0100ca1b","ja3s":"4ea82b75038dd27e8a1cb69d8b839b26","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=KR, L=Seoul, O=Kakao, CN=Kakao.com","subjectDN":"C=KR, L=Seoul, O=Kakao, CN=Kakao.com","fingerprint":"65:88:37:51:01:AA:1F:12:E4:44:27:52:F9:32:FD:40:94:C1:08:D9"}}
00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069164656,"flow_last_seen":1430069164656,"flow_idle_time":7580000,"flow_min_l4_payload_len":442,"flow_max_l4_payload_len":442,"flow_tot_l4_payload_len":442,"flow_avg_l4_payload_len":442,"midstream":1,"thread_ts_msec":1430069164656,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1430069163715,"flow_last_seen":1430069163878,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":0,"thread_ts_msec":1430069163878,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":32968,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"4b79ae67eb3b2cf1c75e68ea0100ca1b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01502{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":38,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1430069163715,"flow_last_seen":1430069164107,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":852,"flow_tot_l4_payload_len":994,"midstream":0,"thread_ts_msec":1430069164107,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":32968,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.KakaoTalk","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"4b79ae67eb3b2cf1c75e68ea0100ca1b","ja3s":"4ea82b75038dd27e8a1cb69d8b839b26","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=KR, L=Seoul, O=Kakao, CN=Kakao.com","subjectDN":"C=KR, L=Seoul, O=Kakao, CN=Kakao.com","fingerprint":"65:88:37:51:01:AA:1F:12:E4:44:27:52:F9:32:FD:40:94:C1:08:D9"}}
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069164656,"flow_last_seen":1430069164656,"flow_idle_time":7580000,"flow_min_l4_payload_len":442,"flow_max_l4_payload_len":442,"flow_tot_l4_payload_len":442,"midstream":1,"thread_ts_msec":1430069164656,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
01060{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1430069164656,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":498,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":498,"pkt_l4_len":462,"thread_ts_msec":1430069164656,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAeIKLkAAjgb4AIuWAH0KGFK8Abu3Y2Ij1H9RKASKUBifhj2IAAC2AQAA7+nGaLVdqRc+Gkt7POZ3izYarM8cfC\/oKc57w3ON8GY\/K1szNYS+6Yytrgv9fJ110+svPWy4JXfqhqsy8n\/Qi0EhBo8vKa7TtIo39CMQrfI1DyAke3OCHinKUbcE7JofE08wNW\/SYiLVq+ch1jInTJlBtTETD6sakW5t+\/pqslJuJu6FErHiOcJlRXUhJ\/w2UMRtIuPzDgq66Pu7iQ4cPuLk01HGBYGyY\/ec8L+8kz8C0iE6HOIH6YT0BKGthN3UTgwPbBq6O4DQcUiN2hgrUDIxq8uw9ZbWllzKNEYrEa8k7r3ZVHoPDQdXWrcQvhxam6oeYyK7V8McoNRiSIayjOQMTgXnysBnscEyik7me1vByK2C0l2He7bBFWQmrSmeZXMFh2H60fcsxZbAlEWK0siSqlB7jvAlTaG4udBSGXSTj4rEL2MZLSGqP2XF68ncz4+WzMi\/pNklQw9YyvrinQJFb3QOjkMePALF9ilvEQ+wMia1\/U8MBwJo9G9KKjVSCXjRCZRheUcgsdenusXElIUwOqnMT+7rwPfeomV3b9fbsOdbRa7VkQEi4icvvEwgda+Sg6Qy"}
00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1430069164657,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069164657,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACjTg0AAQAZ+ZQoYUryLlgB9t2MBu1EoBIpiI9Y5UBCiGOkBAAA="}
00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1430069164839,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":98,"pkt_l4_len":62,"thread_ts_msec":1430069164839,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAFLThEAAQAZ+OgoYUryLlgB9t2MBu1EoBIpiI9Y5UBiiGP3wAAAmAAAA7+nGaLVdqRc+Gkt7POZ3izYaHM4cfJ\/pKc5wznSY7XhZjDJkzsc="}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069164966,"flow_last_seen":1430069164966,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069164966,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":58857,"dst_port":9001,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069164966,"flow_last_seen":1430069164966,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069164966,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":58857,"dst_port":9001,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1430069164966,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069164966,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADxKlUAAQAaV1AoYUrxuTI8y5ekjKS1pjaoAAAAAoAI2sFqBAAACBAV4BAIICgACxz8AAAAAAQMDBQ=="}
00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1430069165114,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069165114,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADwAAEAALgbyaW5MjzIKGFK8Iynl6dfwna4taY2roBI4kADPAAACBAV4BAIICkTbbpQAAsc\/AQMDCQ=="}
00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1430069165115,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1430069165115,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADRKlkAAQAaV2woYUrxuTI8y5ekjKS1pjavX8J2vgBABtlp5AAABAQgKAALHTkTbbpQ="}
01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069164966,"flow_last_seen":1430069165129,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1430069165129,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":58857,"dst_port":9001,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"4b79ae67eb3b2cf1c75e68ea0100ca1b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01497{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":58,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1430069164966,"flow_last_seen":1430069165314,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":852,"flow_tot_l4_payload_len":994,"flow_avg_l4_payload_len":165,"midstream":0,"thread_ts_msec":1430069165314,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":58857,"dst_port":9001,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.KakaoTalk","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"4b79ae67eb3b2cf1c75e68ea0100ca1b","ja3s":"4ea82b75038dd27e8a1cb69d8b839b26","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=KR, L=Seoul, O=Kakao, CN=Kakao.com","subjectDN":"C=KR, L=Seoul, O=Kakao, CN=Kakao.com","fingerprint":"65:88:37:51:01:AA:1F:12:E4:44:27:52:F9:32:FD:40:94:C1:08:D9"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069170090,"flow_last_seen":1430069170090,"flow_idle_time":7580000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":1,"thread_ts_msec":1430069170090,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.194.72.188","src_port":34686,"dst_port":5228,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1430069164966,"flow_last_seen":1430069165129,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"midstream":0,"thread_ts_msec":1430069165129,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":58857,"dst_port":9001,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"4b79ae67eb3b2cf1c75e68ea0100ca1b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01502{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":58,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1430069164966,"flow_last_seen":1430069165314,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":852,"flow_tot_l4_payload_len":994,"midstream":0,"thread_ts_msec":1430069165314,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":58857,"dst_port":9001,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.KakaoTalk","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"4b79ae67eb3b2cf1c75e68ea0100ca1b","ja3s":"4ea82b75038dd27e8a1cb69d8b839b26","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=KR, L=Seoul, O=Kakao, CN=Kakao.com","subjectDN":"C=KR, L=Seoul, O=Kakao, CN=Kakao.com","fingerprint":"65:88:37:51:01:AA:1F:12:E4:44:27:52:F9:32:FD:40:94:C1:08:D9"}}
00597{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069170090,"flow_last_seen":1430069170090,"flow_idle_time":7580000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"midstream":1,"thread_ts_msec":1430069170090,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.194.72.188","src_port":34686,"dst_port":5228,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00607{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1430069170090,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":164,"pkt_l4_len":128,"thread_ts_msec":1430069170090,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAJSUaEAAQAZSqQoYUrytwki8h34UbGWkOWcyCtXvgBgB1zgmAAABAQgKAALJQHWhBxYXAwEAW9BJTUK7bhQDJS6M4k2xveYn3KZ2THpi3b2p1WnyM44nZ0651+YzJehbLb+jV4nNEd4GZbKLQU+P8abQYninXFhPSKcNuFppnDwsImxNyj3HrOvurwOWRZpYp3o="}
00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":65,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069170090,"flow_last_seen":1430069170090,"flow_idle_time":7580000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":1,"thread_ts_msec":1430069170090,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.194.72.188","src_port":34686,"dst_port":5228,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069170892,"flow_last_seen":1430069170892,"flow_idle_time":200000,"flow_min_l4_payload_len":78,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":78,"flow_avg_l4_payload_len":78,"midstream":0,"thread_ts_msec":1430069170892,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":11321,"dst_port":23045,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3}
00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":65,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069170090,"flow_last_seen":1430069170090,"flow_idle_time":7580000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"midstream":1,"thread_ts_msec":1430069170090,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.194.72.188","src_port":34686,"dst_port":5228,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069170892,"flow_last_seen":1430069170892,"flow_idle_time":200000,"flow_min_l4_payload_len":78,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":78,"midstream":0,"thread_ts_msec":1430069170892,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":11321,"dst_port":23045,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3}
00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1430069170892,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":122,"pkt_l4_len":86,"thread_ts_msec":1430069170892,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAGoAAEAAPxHbOAoYUrwByQGuLDlaBQBWgNSByQAHC4ZVGZBlh61hMGy+mVz7szeLE04wAIGpUs16HTnaFQo\/DwShnbgrVUo6QPfO7hnIEQI6Zble8vC3moejgAAAAXwPCk3m1v5lftk="}
00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":75,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069170892,"flow_last_seen":1430069170892,"flow_idle_time":200000,"flow_min_l4_payload_len":78,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":78,"flow_avg_l4_payload_len":78,"midstream":0,"thread_ts_msec":1430069170892,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":11321,"dst_port":23045,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"KakaoTalk_Voice","breed":"Acceptable","category":"VoIP"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069170975,"flow_last_seen":1430069170975,"flow_idle_time":200000,"flow_min_l4_payload_len":78,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":78,"flow_avg_l4_payload_len":78,"midstream":0,"thread_ts_msec":1430069170975,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":10269,"dst_port":23047,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3}
00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":75,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069170892,"flow_last_seen":1430069170892,"flow_idle_time":200000,"flow_min_l4_payload_len":78,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":78,"midstream":0,"thread_ts_msec":1430069170892,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":11321,"dst_port":23045,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"KakaoTalk_Voice","breed":"Acceptable","category":"VoIP"}}
00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069170975,"flow_last_seen":1430069170975,"flow_idle_time":200000,"flow_min_l4_payload_len":78,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":78,"midstream":0,"thread_ts_msec":1430069170975,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":10269,"dst_port":23047,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3}
00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1430069170975,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":122,"pkt_l4_len":86,"thread_ts_msec":1430069170975,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAGoAAEAAQBHaOAoYUrwByQGuKB1aBwBWSf6ByQAHVJql2hcYBvUW09\/cV2PnqW9IAC+tkcS3zbxHaXzNy97m1tMPsxdrmxKMjQTBocmvV+MtI4fyJpYC3zCcgAAAAaPWslm6g8tl\/I8="}
00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069170975,"flow_last_seen":1430069170975,"flow_idle_time":200000,"flow_min_l4_payload_len":78,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":78,"flow_avg_l4_payload_len":78,"midstream":0,"thread_ts_msec":1430069170975,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":10269,"dst_port":23047,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"KakaoTalk_Voice","breed":"Acceptable","category":"VoIP"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069171118,"flow_last_seen":1430069171118,"flow_idle_time":200000,"flow_min_l4_payload_len":56,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1430069171118,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":11320,"dst_port":23044,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3}
00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069170975,"flow_last_seen":1430069170975,"flow_idle_time":200000,"flow_min_l4_payload_len":78,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":78,"midstream":0,"thread_ts_msec":1430069170975,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":10269,"dst_port":23047,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"KakaoTalk_Voice","breed":"Acceptable","category":"VoIP"}}
00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069171118,"flow_last_seen":1430069171118,"flow_idle_time":200000,"flow_min_l4_payload_len":56,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":56,"midstream":0,"thread_ts_msec":1430069171118,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":11320,"dst_port":23044,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3}
00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1430069171118,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":100,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":100,"pkt_l4_len":64,"thread_ts_msec":1430069171118,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAFQAAEAAPxHbTgoYUrwByQGuLDhaBABATCmA7E6yizmc2guGVRn+xfaQv+g9g3ccEnajV1GbM8MpJWVK2C77CAiJwDoJYkgGCqWuS2HWMkwGeQ=="}
00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069171118,"flow_last_seen":1430069171118,"flow_idle_time":200000,"flow_min_l4_payload_len":56,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1430069171118,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":11320,"dst_port":23044,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}}
00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069171118,"flow_last_seen":1430069171118,"flow_idle_time":200000,"flow_min_l4_payload_len":56,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":56,"midstream":0,"thread_ts_msec":1430069171118,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":11320,"dst_port":23044,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}}
00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1430069171120,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":99,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":99,"pkt_l4_len":63,"thread_ts_msec":1430069171120,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAFMAAEAAPxHbTwoYUrwByQGuLDhaBAA\/C92AbE6zizmgmguGVRkt\/rZnfXpGz0N2A\/IfJpewUyMSY166JO1xGXdEkGNQd31ADIw6ZS3SDh9Y"}
00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1430069171120,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":99,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":99,"pkt_l4_len":63,"thread_ts_msec":1430069171120,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAFMAAEAAPxHbTwoYUrwByQGuLDhaBAA\/5SmAbE60izmkWguGVRmezvGSQL2r8\/lU9MEKvF6SC08uWokrFHcn2V7\/8UTxLNEjkf5mPRch1tsI"}
00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1430069171127,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":122,"pkt_l4_len":86,"thread_ts_msec":1430069171127,"pkt":"AAACEgAAAAAAAAAAAAAIAEUoAGoAAEAAGxH\/EAHJAa4KGFK8WgUsOQBWReSByQAHVJql2hcYBvUW09\/cV2PnqW9IAC+tkcS3zbxHaXzNy97m1tMPsxdrmxKMjQTBocmvV+MtI4fyJpYC3zCcgAAAAaPWslm6g8tl\/I8="}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069171389,"flow_last_seen":1430069171389,"flow_idle_time":200000,"flow_min_l4_payload_len":79,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":79,"flow_avg_l4_payload_len":79,"midstream":0,"thread_ts_msec":1430069171389,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":10268,"dst_port":23046,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3}
00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069171389,"flow_last_seen":1430069171389,"flow_idle_time":200000,"flow_min_l4_payload_len":79,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":79,"midstream":0,"thread_ts_msec":1430069171389,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":10268,"dst_port":23046,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3}
00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1430069171389,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":123,"pkt_l4_len":87,"thread_ts_msec":1430069171389,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAGsAAEAAQBHaNwoYUrwByQGuKBxaBgBXWCuA7DE+fqkVA1Sapdp6cTmDebnhh8KUkQVLcfVIHO+KdE\/hh8TrsDi1pxsxiqViFSLVRYeZKeMWrEXQddUHKF8UZHmGznF9XlwFasBuVesU"}
00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069171389,"flow_last_seen":1430069171389,"flow_idle_time":200000,"flow_min_l4_payload_len":79,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":79,"flow_avg_l4_payload_len":79,"midstream":0,"thread_ts_msec":1430069171389,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":10268,"dst_port":23046,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}}
00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069171389,"flow_last_seen":1430069171389,"flow_idle_time":200000,"flow_min_l4_payload_len":79,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":79,"midstream":0,"thread_ts_msec":1430069171389,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":10268,"dst_port":23046,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}}
00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1430069171425,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":192,"pkt_l4_len":156,"thread_ts_msec":1430069171425,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAALAAAEAAQBHZ8goYUrwByQGuKBxaBgCccR6AbDE\/fqkYw1SapdpQtIGDUUcsKy8FZc8SkcXbnkaLnkk7o+K31\/Lp8iVo3SBPJc3DyoRUtaFntc3koP5JLgEppFZXqNkw36nmYntuZ329GNTJ06T0XeyZJfDm34fzEotPLv3zEaM1kQ76cuJR6IF9rGbKT3sQKWcYIsd5M3XbqcXgkS4bFd8efSkCV9pxMGaMM2HU"}
00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1430069171464,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":115,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":115,"pkt_l4_len":79,"thread_ts_msec":1430069171464,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAGMAAEAAQBHaPwoYUrwByQGuKBxaBgBPG\/OAbDFAfqkcg1SapdrEmBFpbnVmJMblF0rZoL8vvV92uiSDpJJT7NfUzojI6pP2kn9ZuUksJi0oXTyacMa3Otx9PZKNJxznlw=="}
00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1430069171998,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":142,"pkt_l4_len":106,"thread_ts_msec":1430069171998,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAH4AAEAAPxHbJAoYUrwByQGuLDlaBQBqX6qByAAMC4ZVGUMDyNdZMqzZvFL5masXDZVA6JQCTSwYzII6r0J+H6ebHDpiG6\/AGpupgF2zzgl2ppSiLVPnYiD98U8UjOQ2fRfyw\/ugiovyQFT+lfaAAAACkQQ8eHVaWMSL\/A=="}
00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":134,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1430069172038,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":142,"pkt_l4_len":106,"thread_ts_msec":1430069172038,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAH4AAEAAQBHaJAoYUrwByQGuKB1aBwBqXmKByAAMVJql2trT+4JMtrXIu\/DNYLUyrcCH4nJIkwVlTlKbwLjRHdwKTf1t+cEG2dNtu5tj5fpNWxpJ1GyPSnYq1Tkhei6L7QH9KpD9dMR2BEbVSkSAAAACiCDm5WucO1eQLg=="}
00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1430069172127,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":142,"pkt_l4_len":106,"thread_ts_msec":1430069172127,"pkt":"AAACEgAAAAAAAAAAAAAIAEUoAH4AAEAAGhH\/\/AHJAa4KGFK8WgcoHQBqY8SByAAMC4ZVGUMDyNdZMqzZvFL5masXDZVA6JQCTSwYzII6r0J+H6ebHDpiG6\/AGpupgF2zzgl2ppSiLVPnYiD98U8UjOQ2fRfyw\/ugiovyQFT+lfaAAAACkQQ8eHVaWMSL\/A=="}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":691,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069180329,"flow_last_seen":1430069180329,"flow_idle_time":7580000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"thread_ts_msec":1430069180329,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"216.58.220.174","src_port":49217,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":691,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069180329,"flow_last_seen":1430069180329,"flow_idle_time":7580000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"midstream":1,"thread_ts_msec":1430069180329,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"216.58.220.174","src_port":49217,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":691,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1430069180329,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":83,"pkt_l4_len":47,"thread_ts_msec":1430069180329,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAENCkkAAQAbmZQoYUrzYOtyuwEEBuxTXAEVlWZivUBiMAAFrAAAVAwEAFnnuS9reX0mqADPiihp3NglZFsDnKQA="}
00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":691,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069180329,"flow_last_seen":1430069180329,"flow_idle_time":7580000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"thread_ts_msec":1430069180329,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"216.58.220.174","src_port":49217,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1470,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069193291,"flow_last_seen":1430069193291,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069193291,"l3_proto":"ip4","src_ip":"173.252.122.1","dst_ip":"10.24.82.188","src_port":443,"dst_port":52123,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":691,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069180329,"flow_last_seen":1430069180329,"flow_idle_time":7580000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"midstream":1,"thread_ts_msec":1430069180329,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"216.58.220.174","src_port":49217,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1470,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069193291,"flow_last_seen":1430069193291,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069193291,"l3_proto":"ip4","src_ip":"173.252.122.1","dst_ip":"10.24.82.188","src_port":443,"dst_port":52123,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1470,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1430069193291,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069193291,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACg66EAAjgYtFq38egEKGFK8AbvLm\/Ii35zxwsMTUBSkcjKfAAA="}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2099,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069201833,"flow_last_seen":1430069201833,"flow_idle_time":7580000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":1,"thread_ts_msec":1430069201833,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"203.205.151.233","src_port":53974,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2099,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069201833,"flow_last_seen":1430069201833,"flow_idle_time":7580000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"midstream":1,"thread_ts_msec":1430069201833,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"203.205.151.233","src_port":53974,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2099,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1430069201833,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":70,"pkt_l4_len":34,"thread_ts_msec":1430069201833,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADZOw0AAQAYrdAoYUrzLzZfp0tYfkMl8NsazTa2QgBgBtk1IAAABAQgKAALVpswmIb5QFA=="}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2182,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1430069202570,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":70,"pkt_l4_len":34,"thread_ts_msec":1430069202570,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADZOxEAAQAYrcwoYUrzLzZfp0tYfkMl8NsazTa2QgBgBtkz+AAABAQgKAALV8MwmIb5QFA=="}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2278,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1430069204049,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":70,"pkt_l4_len":34,"thread_ts_msec":1430069204049,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADZOxUAAQAYrcgoYUrzLzZfp0tYfkMl8NsazTa2QgBgBtkxqAAABAQgKAALWhMwmIb5QFA=="}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2798,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069210863,"flow_last_seen":1430069210863,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069210863,"l3_proto":"ip4","src_ip":"173.194.117.229","dst_ip":"10.24.82.188","src_port":443,"dst_port":38380,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00597{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2798,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069210863,"flow_last_seen":1430069210863,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069210863,"l3_proto":"ip4","src_ip":"173.194.117.229","dst_ip":"10.24.82.188","src_port":443,"dst_port":38380,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2798,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1430069210863,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069210863,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACih+UAAjgbKWq3CdeUKGFK8AbuV7IoFQj5TpMuVUBSklweYAAA="}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2838,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069211505,"flow_last_seen":1430069211505,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069211505,"l3_proto":"ip4","src_ip":"173.252.88.128","dst_ip":"10.24.82.188","src_port":443,"dst_port":59912,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2838,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069211505,"flow_last_seen":1430069211505,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069211505,"l3_proto":"ip4","src_ip":"173.252.88.128","dst_ip":"10.24.82.188","src_port":443,"dst_port":59912,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2838,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1430069211505,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069211505,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAChd+0AA+AbBg638WIAKGFK8AbvqCPsyGz7Wm7gkUBQAALuKAAA="}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2839,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1430069211505,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1430069211505,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADTK\/EAAjga+dq38WIAKGFK8AbvqCPsyGz7Wm7gkgBQClSKzAAABAQgKopRXsAACYuQ="}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2851,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069211639,"flow_last_seen":1430069211639,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069211639,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.88.128","src_port":59954,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2851,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069211639,"flow_last_seen":1430069211639,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069211639,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.88.128","src_port":59954,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2851,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1430069211639,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069211639,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADxoAkAAQAZvaQoYUryt\/FiA6jIBuzJ1sXgAAAAAoAI2sGN\/AAACBAV4BAIICgAC2XoAAAAAAQMDBQ=="}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2852,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069211640,"flow_last_seen":1430069211640,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1430069211640,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25223,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3}
00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2852,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069211640,"flow_last_seen":1430069211640,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"midstream":0,"thread_ts_msec":1430069211640,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25223,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3}
00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2852,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1430069211640,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":79,"pkt_l4_len":43,"thread_ts_msec":1430069211640,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAD\/Ze0AAQBH4oQoYUrwKvAEBYocANQAr1lVimAEAAAEAAAAAAAAEbXF0dAhmYWNlYm9vawNjb20AAAEAAQ=="}
00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2852,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069211640,"flow_last_seen":1430069211640,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1430069211640,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25223,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"mqtt.facebook.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2852,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069211640,"flow_last_seen":1430069211640,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"midstream":0,"thread_ts_msec":1430069211640,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25223,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"mqtt.facebook.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2856,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1430069211703,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1430069211703,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACy0dUAA+AZrBa38WIAKGFK8AbvqMmPPnoQydbF5YBIRHFG1AAACBAV4"}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2857,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1430069211703,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069211703,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAChoA0AAQAZvfAoYUryt\/FiA6jIBuzJ1sXljz56FUBA2sGNrAAA="}
00954{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2858,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069211639,"flow_last_seen":1430069211712,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1430069211712,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.88.128","src_port":59954,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00960{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2858,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1430069211639,"flow_last_seen":1430069211712,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"midstream":0,"thread_ts_msec":1430069211712,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.88.128","src_port":59954,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2869,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1430069211843,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":118,"pkt_l4_len":82,"thread_ts_msec":1430069211843,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAGYfywAANRH9Kwq8AQEKGFK8ADVihwBSfKJimIGAAAEAAgAAAAAEbXF0dAhmYWNlYm9vawNjb20AAAEAAcAMAAUAAQAABNAACwRtcXR0A3Z2dsARwC8AAQABAAAAAQAErfxhAg=="}
00798{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2869,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069211640,"flow_last_seen":1430069211843,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":74,"flow_tot_l4_payload_len":109,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1430069211843,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25223,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"mqtt.facebook.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"173.252.97.2"}}
01003{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2893,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1430069211639,"flow_last_seen":1430069212207,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":349,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1430069212207,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.88.128","src_port":59954,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"07dddc59e60135c7b479d39c3ae686af","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"}}
00660{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1430069201833,"flow_last_seen":1430069212950,"flow_idle_time":7580000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":10,"flow_avg_l4_payload_len":2,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"203.205.151.233","src_port":53974,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}}
00593{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1430069201833,"flow_last_seen":1430069212950,"flow_idle_time":7580000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":10,"flow_avg_l4_payload_len":2,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"203.205.151.233","src_port":53974,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00660{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069211505,"flow_last_seen":1430069211505,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"173.252.88.128","dst_ip":"10.24.82.188","src_port":443,"dst_port":59912,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
00589{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069211505,"flow_last_seen":1430069211505,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"173.252.88.128","dst_ip":"10.24.82.188","src_port":443,"dst_port":59912,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00832{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1430069211639,"flow_last_seen":1430069213599,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":679,"flow_tot_l4_payload_len":2372,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.88.128","src_port":59954,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
00660{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069141923,"flow_last_seen":1430069142383,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":124,"flow_avg_l4_payload_len":31,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.185.236","src_port":58916,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"AmazonAWS","breed":"Acceptable","category":"Cloud"}}
00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069141923,"flow_last_seen":1430069142383,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":124,"flow_avg_l4_payload_len":31,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.185.236","src_port":58916,"dst_port":5222,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00659{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069193291,"flow_last_seen":1430069193291,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"173.252.122.1","dst_ip":"10.24.82.188","src_port":443,"dst_port":52123,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069193291,"flow_last_seen":1430069193291,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"173.252.122.1","dst_ip":"10.24.82.188","src_port":443,"dst_port":52123,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00654{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069161865,"flow_last_seen":1430069161865,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"216.58.220.161","dst_ip":"10.24.82.188","src_port":443,"dst_port":56697,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069161865,"flow_last_seen":1430069161865,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"216.58.220.161","dst_ip":"10.24.82.188","src_port":443,"dst_port":56697,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069210863,"flow_last_seen":1430069210863,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"173.194.117.229","dst_ip":"10.24.82.188","src_port":443,"dst_port":38380,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
00590{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069210863,"flow_last_seen":1430069210863,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"173.194.117.229","dst_ip":"10.24.82.188","src_port":443,"dst_port":38380,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":1488,"flow_first_seen":1430069171389,"flow_last_seen":1430069216410,"flow_idle_time":200000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":192,"flow_tot_l4_payload_len":133038,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":10268,"dst_port":23046,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}}
00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1430069170975,"flow_last_seen":1430069216076,"flow_idle_time":200000,"flow_min_l4_payload_len":78,"flow_max_l4_payload_len":106,"flow_tot_l4_payload_len":2144,"flow_avg_l4_payload_len":97,"midstream":0,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":10269,"dst_port":23047,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"KakaoTalk_Voice","breed":"Acceptable","category":"VoIP"}}
00687{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1430069159456,"flow_last_seen":1430069163250,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":609,"flow_tot_l4_payload_len":815,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"203.205.147.215","src_port":48489,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Tencent.QQ","breed":"Fun","category":"Chat"}}
00659{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1430069141261,"flow_last_seen":1430069141741,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"120.28.26.242","dst_ip":"10.24.82.188","src_port":80,"dst_port":34533,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1430069141261,"flow_last_seen":1430069141741,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"120.28.26.242","dst_ip":"10.24.82.188","src_port":80,"dst_port":34533,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
01155{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":45,"flow_first_seen":1430069163715,"flow_last_seen":1430069216555,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":852,"flow_tot_l4_payload_len":7008,"flow_avg_l4_payload_len":155,"midstream":0,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":32968,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1430069180329,"flow_last_seen":1430069180329,"flow_idle_time":7580000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"216.58.220.174","src_port":49217,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
00663{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1430069140120,"flow_last_seen":1430069164894,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":436,"flow_tot_l4_payload_len":740,"flow_avg_l4_payload_len":67,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"103.246.57.251","src_port":51021,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}}
00596{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1430069140120,"flow_last_seen":1430069164894,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":436,"flow_tot_l4_payload_len":740,"flow_avg_l4_payload_len":67,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"103.246.57.251","src_port":51021,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
01155{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":40,"flow_first_seen":1430069164966,"flow_last_seen":1430069216555,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":852,"flow_tot_l4_payload_len":7778,"flow_avg_l4_payload_len":194,"midstream":0,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":58857,"dst_port":9001,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069170090,"flow_last_seen":1430069170090,"flow_idle_time":7580000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.194.72.188","src_port":34686,"dst_port":5228,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069211640,"flow_last_seen":1430069211843,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":74,"flow_tot_l4_payload_len":109,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25223,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"}}
00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":1503,"flow_first_seen":1430069171118,"flow_last_seen":1430069216536,"flow_idle_time":200000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":192,"flow_tot_l4_payload_len":134109,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":11320,"dst_port":23044,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}}
00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1430069170892,"flow_last_seen":1430069214736,"flow_idle_time":200000,"flow_min_l4_payload_len":78,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":2116,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":11321,"dst_port":23045,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"KakaoTalk_Voice","breed":"Acceptable","category":"VoIP"}}
00648{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1430069164656,"flow_last_seen":1430069216559,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":442,"flow_tot_l4_payload_len":918,"flow_avg_l4_payload_len":183,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1430069164656,"flow_last_seen":1430069216559,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":442,"flow_tot_l4_payload_len":918,"flow_avg_l4_payload_len":183,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00804{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2869,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1430069211640,"flow_last_seen":1430069211843,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":74,"flow_tot_l4_payload_len":109,"midstream":0,"thread_ts_msec":1430069211843,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25223,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"mqtt.facebook.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"173.252.97.2"}}
01009{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2893,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1430069211639,"flow_last_seen":1430069212207,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":349,"midstream":0,"thread_ts_msec":1430069212207,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.88.128","src_port":59954,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"07dddc59e60135c7b479d39c3ae686af","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"}}
00667{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1430069201833,"flow_last_seen":1430069212950,"flow_idle_time":7580000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":10,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"203.205.151.233","src_port":53974,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}}
00600{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1430069201833,"flow_last_seen":1430069212950,"flow_idle_time":7580000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":10,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"203.205.151.233","src_port":53974,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00667{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1430069211505,"flow_last_seen":1430069211505,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"173.252.88.128","dst_ip":"10.24.82.188","src_port":443,"dst_port":59912,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
00596{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1430069211505,"flow_last_seen":1430069211505,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"173.252.88.128","dst_ip":"10.24.82.188","src_port":443,"dst_port":59912,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00839{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":14,"flow_first_seen":1430069211639,"flow_last_seen":1430069213599,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":679,"flow_tot_l4_payload_len":2372,"midstream":0,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.88.128","src_port":59954,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
00666{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1430069141923,"flow_last_seen":1430069142383,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":124,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.185.236","src_port":58916,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"AmazonAWS","breed":"Acceptable","category":"Cloud"}}
00600{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1430069141923,"flow_last_seen":1430069142383,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":124,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.185.236","src_port":58916,"dst_port":5222,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00666{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069193291,"flow_last_seen":1430069193291,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"173.252.122.1","dst_ip":"10.24.82.188","src_port":443,"dst_port":52123,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
00595{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069193291,"flow_last_seen":1430069193291,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"173.252.122.1","dst_ip":"10.24.82.188","src_port":443,"dst_port":52123,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00661{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069161865,"flow_last_seen":1430069161865,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"216.58.220.161","dst_ip":"10.24.82.188","src_port":443,"dst_port":56697,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
00595{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069161865,"flow_last_seen":1430069161865,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"216.58.220.161","dst_ip":"10.24.82.188","src_port":443,"dst_port":56697,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00663{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069210863,"flow_last_seen":1430069210863,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"173.194.117.229","dst_ip":"10.24.82.188","src_port":443,"dst_port":38380,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
00597{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069210863,"flow_last_seen":1430069210863,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"173.194.117.229","dst_ip":"10.24.82.188","src_port":443,"dst_port":38380,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":746,"flow_dst_packets_processed":742,"flow_first_seen":1430069171389,"flow_last_seen":1430069216410,"flow_idle_time":200000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":192,"flow_tot_l4_payload_len":133038,"midstream":0,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":10268,"dst_port":23046,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}}
00708{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":10,"flow_first_seen":1430069170975,"flow_last_seen":1430069216076,"flow_idle_time":200000,"flow_min_l4_payload_len":78,"flow_max_l4_payload_len":106,"flow_tot_l4_payload_len":2144,"midstream":0,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":10269,"dst_port":23047,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"KakaoTalk_Voice","breed":"Acceptable","category":"VoIP"}}
00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1430069159456,"flow_last_seen":1430069163250,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":609,"flow_tot_l4_payload_len":815,"midstream":0,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"203.205.147.215","src_port":48489,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Tencent.QQ","breed":"Fun","category":"Chat"}}
00666{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1430069141261,"flow_last_seen":1430069141741,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"120.28.26.242","dst_ip":"10.24.82.188","src_port":80,"dst_port":34533,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1430069141261,"flow_last_seen":1430069141741,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"120.28.26.242","dst_ip":"10.24.82.188","src_port":80,"dst_port":34533,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
01161{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":23,"flow_dst_packets_processed":22,"flow_first_seen":1430069163715,"flow_last_seen":1430069216555,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":852,"flow_tot_l4_payload_len":7008,"midstream":0,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":32968,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069180329,"flow_last_seen":1430069180329,"flow_idle_time":7580000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"216.58.220.174","src_port":49217,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
00668{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1430069140120,"flow_last_seen":1430069164894,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":436,"flow_tot_l4_payload_len":740,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"103.246.57.251","src_port":51021,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}}
00601{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1430069140120,"flow_last_seen":1430069164894,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":436,"flow_tot_l4_payload_len":740,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"103.246.57.251","src_port":51021,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
01161{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":18,"flow_first_seen":1430069164966,"flow_last_seen":1430069216555,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":852,"flow_tot_l4_payload_len":7778,"midstream":0,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":58857,"dst_port":9001,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
00600{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069170090,"flow_last_seen":1430069170090,"flow_idle_time":7580000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.194.72.188","src_port":34686,"dst_port":5228,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1430069211640,"flow_last_seen":1430069211843,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":74,"flow_tot_l4_payload_len":109,"midstream":0,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25223,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"}}
00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":757,"flow_dst_packets_processed":746,"flow_first_seen":1430069171118,"flow_last_seen":1430069216536,"flow_idle_time":200000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":192,"flow_tot_l4_payload_len":134109,"midstream":0,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":11320,"dst_port":23044,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}}
00707{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":11,"flow_first_seen":1430069170892,"flow_last_seen":1430069214736,"flow_idle_time":200000,"flow_min_l4_payload_len":78,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":2116,"midstream":0,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":11321,"dst_port":23045,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"KakaoTalk_Voice","breed":"Acceptable","category":"VoIP"}}
00653{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1430069164656,"flow_last_seen":1430069216559,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":442,"flow_tot_l4_payload_len":918,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
00599{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1430069164656,"flow_last_seen":1430069216559,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":442,"flow_tot_l4_payload_len":918,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00575{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","packets-captured":3203,"packets-processed":3203,"total-skipped-flows":0,"total-l4-payload-len":291404,"total-not-detected-flows":0,"total-guessed-flows":9,"total-detected-flows":11,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":20,"total-idle-flows":20,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":115,"global_ts_msec":1430069216559}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 3203/3203
@@ -121,10 +121,10 @@
~~ total active/idle flows...: 20/20
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6143247 bytes
~~ total memory freed........: 6143247 bytes
~~ total memory allocated....: 6143407 bytes
~~ total memory freed........: 6143407 bytes
~~ total allocations/frees...: 124182/124182
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 465 chars
~~ json string max len.......: 1502 chars
~~ json string avg len.......: 983 chars
~~ json string max len.......: 1507 chars
~~ json string avg len.......: 986 chars

10
test/results/NTPv2.pcap.out
View File

@@ -1,9 +1,9 @@
00456{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"NTPv2.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00545{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"NTPv2.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1436865383632}
00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"NTPv2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436865383632,"flow_last_seen":1436865383632,"flow_idle_time":200000,"flow_min_l4_payload_len":368,"flow_max_l4_payload_len":368,"flow_tot_l4_payload_len":368,"flow_avg_l4_payload_len":368,"midstream":0,"thread_ts_msec":1436865383632,"l3_proto":"ip4","src_ip":"208.104.95.10","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"NTPv2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1436865383632,"flow_last_seen":1436865383632,"flow_idle_time":200000,"flow_min_l4_payload_len":368,"flow_max_l4_payload_len":368,"flow_tot_l4_payload_len":368,"midstream":0,"thread_ts_msec":1436865383632,"l3_proto":"ip4","src_ip":"208.104.95.10","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00924{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"NTPv2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1436865383632,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":410,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":410,"pkt_l4_len":376,"thread_ts_msec":1436865383632,"pkt":"RIpbLCrSACaIdf8bCABFAAGMHS4AADERoZDQaF8KTi5MAgB7AFABeH6Xlw4DKgAFAEgAAAAAAAAQOgAAAAAAAAGISO9ZbawQDGUAAAABDAIHAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAQZwAAAAAAAADHQLufDawQDGUAAAABuxwHAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQxAAAAAAAAAa6UEgp0qwQDGUAAAABKtoHAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQ2AAAAAAAAAWzX1q4C6wQDGUAAAABAFAHAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQ2wAAAAAAAAWRR3um9qwQDGUAAAABAFAHAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00672{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"NTPv2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436865383632,"flow_last_seen":1436865383632,"flow_idle_time":200000,"flow_min_l4_payload_len":368,"flow_max_l4_payload_len":368,"flow_tot_l4_payload_len":368,"flow_avg_l4_payload_len":368,"midstream":0,"thread_ts_msec":1436865383632,"l3_proto":"ip4","src_ip":"208.104.95.10","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"},"ntp": {"request_code":42,"version":42}}
00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"NTPv2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1436865383632,"flow_last_seen":1436865383632,"flow_idle_time":200000,"flow_min_l4_payload_len":368,"flow_max_l4_payload_len":368,"flow_tot_l4_payload_len":368,"flow_avg_l4_payload_len":368,"midstream":0,"thread_ts_msec":1436865383632,"l3_proto":"ip4","src_ip":"208.104.95.10","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"}}
00677{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"NTPv2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1436865383632,"flow_last_seen":1436865383632,"flow_idle_time":200000,"flow_min_l4_payload_len":368,"flow_max_l4_payload_len":368,"flow_tot_l4_payload_len":368,"midstream":0,"thread_ts_msec":1436865383632,"l3_proto":"ip4","src_ip":"208.104.95.10","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"},"ntp": {"request_code":42,"version":42}}
00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"NTPv2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1436865383632,"flow_last_seen":1436865383632,"flow_idle_time":200000,"flow_min_l4_payload_len":368,"flow_max_l4_payload_len":368,"flow_tot_l4_payload_len":368,"midstream":0,"thread_ts_msec":1436865383632,"l3_proto":"ip4","src_ip":"208.104.95.10","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"}}
00549{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"NTPv2.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":368,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_msec":1436865383632}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 1/1
@@ -13,8 +13,8 @@
~~ total active/idle flows...: 1/1
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6003106 bytes
~~ total memory freed........: 6003106 bytes
~~ total memory allocated....: 6003114 bytes
~~ total memory freed........: 6003114 bytes
~~ total allocations/frees...: 120877/120877
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 461 chars

14
test/results/NTPv3.pcap.out
View File

@@ -1,9 +1,9 @@
00456{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"NTPv3.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00545{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"NTPv3.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1436865405371}
00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"NTPv3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436865405371,"flow_last_seen":1436865405371,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1436865405371,"l3_proto":"ip4","src_ip":"175.144.140.29","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"NTPv3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1436865405371,"flow_last_seen":1436865405371,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"midstream":0,"thread_ts_msec":1436865405371,"l3_proto":"ip4","src_ip":"175.144.140.29","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"NTPv3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1436865405371,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1436865405371,"pkt":"RIpbLCrSACaIdf8bCABFAABMAABAADcRbcOvkIwdTi5MAgB7AFAAOLcYHAAE+gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADZT08RAAAAANlPTxEAAAAA"}
00667{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"NTPv3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436865405371,"flow_last_seen":1436865405371,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1436865405371,"l3_proto":"ip4","src_ip":"175.144.140.29","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"},"ntp": {"request_code":0,"version":0}}
00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"NTPv3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1436865405371,"flow_last_seen":1436865405371,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1436865405371,"l3_proto":"ip4","src_ip":"175.144.140.29","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"}}
00673{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"NTPv3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1436865405371,"flow_last_seen":1436865405371,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"midstream":0,"thread_ts_msec":1436865405371,"l3_proto":"ip4","src_ip":"175.144.140.29","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"},"ntp": {"request_code":0,"version":0}}
00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"NTPv3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1436865405371,"flow_last_seen":1436865405371,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"midstream":0,"thread_ts_msec":1436865405371,"l3_proto":"ip4","src_ip":"175.144.140.29","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"}}
00548{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"NTPv3.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":48,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_msec":1436865405371}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 1/1
@@ -13,10 +13,10 @@
~~ total active/idle flows...: 1/1
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6003106 bytes
~~ total memory freed........: 6003106 bytes
~~ total memory allocated....: 6003114 bytes
~~ total memory freed........: 6003114 bytes
~~ total allocations/frees...: 120877/120877
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 461 chars
~~ json string max len.......: 673 chars
~~ json string avg len.......: 556 chars
~~ json string max len.......: 679 chars
~~ json string avg len.......: 559 chars

14
test/results/NTPv4.pcap.out
View File

@@ -1,9 +1,9 @@
00456{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"NTPv4.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00545{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"NTPv4.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1436865396190}
00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"NTPv4.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436865396190,"flow_last_seen":1436865396190,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1436865396190,"l3_proto":"ip4","src_ip":"85.22.62.120","dst_ip":"78.46.76.11","src_port":123,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"NTPv4.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1436865396190,"flow_last_seen":1436865396190,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"midstream":0,"thread_ts_msec":1436865396190,"l3_proto":"ip4","src_ip":"85.22.62.120","dst_ip":"78.46.76.11","src_port":123,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"NTPv4.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1436865396190,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1436865396190,"pkt":"RIpb2HMEACaIdf8bCABFAABMrX9AADcRaFpVFj54Ti5MCwB7AHsAOKmfIwIH6wAABFAAAAOrg7wD39lPUcMxZbhg2URXVTAzb9DZRFdVMbTpeNlPUfQtJuL0"}
00667{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"NTPv4.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436865396190,"flow_last_seen":1436865396190,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1436865396190,"l3_proto":"ip4","src_ip":"85.22.62.120","dst_ip":"78.46.76.11","src_port":123,"dst_port":123,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"},"ntp": {"request_code":0,"version":0}}
00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"NTPv4.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1436865396190,"flow_last_seen":1436865396190,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1436865396190,"l3_proto":"ip4","src_ip":"85.22.62.120","dst_ip":"78.46.76.11","src_port":123,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"}}
00673{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"NTPv4.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1436865396190,"flow_last_seen":1436865396190,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"midstream":0,"thread_ts_msec":1436865396190,"l3_proto":"ip4","src_ip":"85.22.62.120","dst_ip":"78.46.76.11","src_port":123,"dst_port":123,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"},"ntp": {"request_code":0,"version":0}}
00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"NTPv4.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1436865396190,"flow_last_seen":1436865396190,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"midstream":0,"thread_ts_msec":1436865396190,"l3_proto":"ip4","src_ip":"85.22.62.120","dst_ip":"78.46.76.11","src_port":123,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"}}
00548{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"NTPv4.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":48,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_msec":1436865396190}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 1/1
@@ -13,10 +13,10 @@
~~ total active/idle flows...: 1/1
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6003106 bytes
~~ total memory freed........: 6003106 bytes
~~ total memory allocated....: 6003114 bytes
~~ total memory freed........: 6003114 bytes
~~ total allocations/frees...: 120877/120877
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 461 chars
~~ json string max len.......: 673 chars
~~ json string avg len.......: 556 chars
~~ json string max len.......: 679 chars
~~ json string avg len.......: 559 chars

16
test/results/Oscar.pcap.out
View File

@@ -1,12 +1,12 @@
00456{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"Oscar.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00545{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"Oscar.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1434606464176}
00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1434606464176,"flow_last_seen":1434606464176,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1434606464176,"l3_proto":"ip4","src_ip":"10.30.29.3","dst_ip":"178.237.24.249","src_port":63357,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1434606464176,"flow_last_seen":1434606464176,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1434606464176,"l3_proto":"ip4","src_ip":"10.30.29.3","dst_ip":"178.237.24.249","src_port":63357,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1434606464176,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1434606464176,"pkt":"AAxCW5ILDE3pmjdICABFAABAZ9pAAEAGAAAKHh0Dsu0Y+fd9Abu9oGylAAAAALAC\/\/\/zOQAAAgQFtAEDAwUBAQgKFdAS4wAAAAAEAgAA"}
00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1434606464205,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1434606464205,"pkt":"DE3pmjdIAAxCW5ILCABFAAAsd\/VAAG8GoM+y7Rj5Ch4dAwG7933\/L+hsvaBspmASQABaVgAAAgQFUAAA"}
00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1434606464205,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1434606464205,"pkt":"AAxCW5ILDE3pmjdICABFAAAo27ZAAEAGAAAKHh0Dsu0Y+fd9Abu9oGym\/y\/obVAQ\/\/\/zIQAA"}
00639{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":32,"source":"Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1434606464176,"flow_last_seen":1434606524600,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1360,"flow_tot_l4_payload_len":4185,"flow_avg_l4_payload_len":130,"midstream":0,"thread_ts_msec":1434606524600,"l3_proto":"ip4","src_ip":"10.30.29.3","dst_ip":"178.237.24.249","src_port":63357,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1434606464176,"flow_last_seen":1434606524600,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1360,"flow_tot_l4_payload_len":4185,"flow_avg_l4_payload_len":130,"midstream":0,"thread_ts_msec":1434606524600,"l3_proto":"ip4","src_ip":"10.30.29.3","dst_ip":"178.237.24.249","src_port":63357,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":71,"source":"Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":71,"flow_first_seen":1434606464176,"flow_last_seen":1434606536630,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1360,"flow_tot_l4_payload_len":5450,"flow_avg_l4_payload_len":76,"midstream":0,"thread_ts_msec":1434606536630,"l3_proto":"ip4","src_ip":"10.30.29.3","dst_ip":"178.237.24.249","src_port":63357,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
00645{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":32,"source":"Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1434606464176,"flow_last_seen":1434606524600,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1360,"flow_tot_l4_payload_len":4185,"midstream":0,"thread_ts_msec":1434606524600,"l3_proto":"ip4","src_ip":"10.30.29.3","dst_ip":"178.237.24.249","src_port":63357,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1434606464176,"flow_last_seen":1434606524600,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1360,"flow_tot_l4_payload_len":4185,"midstream":0,"thread_ts_msec":1434606524600,"l3_proto":"ip4","src_ip":"10.30.29.3","dst_ip":"178.237.24.249","src_port":63357,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":71,"source":"Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":38,"flow_dst_packets_processed":33,"flow_first_seen":1434606464176,"flow_last_seen":1434606536630,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1360,"flow_tot_l4_payload_len":5450,"midstream":0,"thread_ts_msec":1434606536630,"l3_proto":"ip4","src_ip":"10.30.29.3","dst_ip":"178.237.24.249","src_port":63357,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
00554{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":71,"source":"Oscar.pcap","alias":"nDPId-test","packets-captured":71,"packets-processed":71,"total-skipped-flows":0,"total-l4-payload-len":5450,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_msec":1434606536630}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 71/71
@@ -16,10 +16,10 @@
~~ total active/idle flows...: 1/1
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6007184 bytes
~~ total memory freed........: 6007184 bytes
~~ total memory allocated....: 6007192 bytes
~~ total memory freed........: 6007192 bytes
~~ total allocations/frees...: 120948/120948
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 456 chars
~~ json string max len.......: 683 chars
~~ json string avg len.......: 561 chars
~~ json string max len.......: 690 chars
~~ json string avg len.......: 565 chars

4790
test/results/WebattackRCE.pcap.out
View File

File diff suppressed because it is too large Load Diff

62
test/results/WebattackSQLinj.pcap.out
View File

@@ -1,59 +1,59 @@
00466{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00555{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1499348407419}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348407419,"flow_last_seen":1499348407419,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348407419,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36196,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499348407419,"flow_last_seen":1499348407419,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348407419,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36196,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1499348407419,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348407419,"pkt":"ABm5CmnxAMGxFOsxCABFAAA84aRAAD4G5CusEAABwKgKMo1kAFAWk4RJAAAAAKACchDPRwAAAgQFtAQCCAoBPmXtAAAAAAEDAwc="}
00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1499348407419,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348407419,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjWS7EzBkFpOESqAScSCpZgAAAgQFtAQCCAoD6DdgAT5l7QEDAwc="}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1499348407420,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348407420,"pkt":"ABm5CmnxAMGxFOsxCABFAAA04aVAAD4G5DKsEAABwKgKMo1kAFAWk4RKuxMwZYAQAOVIbgAAAQEICgE+Ze0D6Ddg"}
00993{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348407419,"flow_last_seen":1499348407420,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":447,"flow_tot_l4_payload_len":447,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1499348407420,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36196,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348413192,"flow_last_seen":1499348413192,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348413192,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36198,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00998{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1499348407419,"flow_last_seen":1499348407420,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":447,"flow_tot_l4_payload_len":447,"midstream":0,"thread_ts_msec":1499348407420,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36196,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499348413192,"flow_last_seen":1499348413192,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348413192,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36198,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1499348413192,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348413192,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8\/kNAAD4Gx4ysEAABwKgKMo1mAFAV3ZXTAAAAAKACchC4zgAAAgQFtAQCCAoBPmuQAAAAAAEDAwc="}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1499348413192,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348413192,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjWbwopjJFd2V1KAScSDvVQAAAgQFtAQCCAoD6D0DAT5rkAEDAwc="}
00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1499348413193,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348413193,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0\/kRAAD4Gx5OsEAABwKgKMo1mAFAV3ZXU8KKYyoAQAOWOXQAAAQEICgE+a5AD6D0D"}
01007{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348413192,"flow_last_seen":1499348413193,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":460,"flow_tot_l4_payload_len":460,"flow_avg_l4_payload_len":115,"midstream":0,"thread_ts_msec":1499348413193,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36198,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348422024,"flow_last_seen":1499348422024,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348422024,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36200,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
01012{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1499348413192,"flow_last_seen":1499348413193,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":460,"flow_tot_l4_payload_len":460,"midstream":0,"thread_ts_msec":1499348413193,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36198,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499348422024,"flow_last_seen":1499348422024,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348422024,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36200,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1499348422024,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348422024,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8A7ZAAD4GwhqsEAABwKgKMo1oAFD9gXeGAAAAAKACchDm1AAAAgQFtAQCCAoBPnQwAAAAAAEDAwc="}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1499348422024,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348422024,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjWik93fQ\/YF3h6AScSCBYAAAAgQFtAQCCAoD6EWjAT50MAEDAwc="}
00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1499348422025,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348422025,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0A7dAAD4GwiGsEAABwKgKMo1oAFD9gXeHpPd30YAQAOUgaAAAAQEICgE+dDAD6EWj"}
01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348422024,"flow_last_seen":1499348422025,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":537,"flow_tot_l4_payload_len":537,"flow_avg_l4_payload_len":134,"midstream":0,"thread_ts_msec":1499348422025,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36200,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1+union+select+database%28%29%2C+user%28%29%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348433464,"flow_last_seen":1499348433464,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348433464,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36202,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1499348422024,"flow_last_seen":1499348422025,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":537,"flow_tot_l4_payload_len":537,"midstream":0,"thread_ts_msec":1499348422025,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36200,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1+union+select+database%28%29%2C+user%28%29%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499348433464,"flow_last_seen":1499348433464,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348433464,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36202,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1499348433464,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348433464,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8WwtAAD4GasWsEAABwKgKMo1qAFDC1CRXAAAAAKACchBpgwAAAgQFtAQCCAoBPn9cAAAAAAEDAwc="}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1499348433464,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348433464,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjWqDJLV7wtQkWKAScSDdCgAAAgQFtAQCCAoD6FDPAT5\/XAEDAwc="}
00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1499348433465,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348433465,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0WwxAAD4GasysEAABwKgKMo1qAFDC1CRYgyS1fIAQAOV8EgAAAQEICgE+f1wD6FDP"}
01070{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348433464,"flow_last_seen":1499348433465,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":1499348433465,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36202,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1+union+select+null%2C+table_name+from+information_schema.tables%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348467295,"flow_last_seen":1499348467295,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348467295,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36204,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
01075{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1499348433464,"flow_last_seen":1499348433465,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"midstream":0,"thread_ts_msec":1499348433465,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36202,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1+union+select+null%2C+table_name+from+information_schema.tables%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499348467295,"flow_last_seen":1499348467295,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348467295,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36204,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1499348467295,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348467295,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8NrBAAD4GjyCsEAABwKgKMo1sAFAXzJbWAAAAAKACchCBAAAAAgQFtAQCCAoBPqBmAAAAAAEDAwc="}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1499348467295,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348467295,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjWwuedQjF8yW16AScSAJgQAAAgQFtAQCCAoD6HHZAT6gZgEDAwc="}
00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1499348467296,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348467296,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0NrFAAD4GjyesEAABwKgKMo1sAFAXzJbXLnnUJIAQAOWoiAAAAQEICgE+oGYD6HHZ"}
01048{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348467295,"flow_last_seen":1499348467296,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1499348467296,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36204,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1+union+select+user%2C+password+from+users%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348480992,"flow_last_seen":1499348480992,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348480992,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36206,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1499348467295,"flow_last_seen":1499348467296,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"midstream":0,"thread_ts_msec":1499348467296,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36204,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1+union+select+user%2C+password+from+users%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499348480992,"flow_last_seen":1499348480992,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348480992,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36206,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1499348480992,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348480992,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8IqhAAD4GoyisEAABwKgKMo1uAFBrxY9uAAAAAKACchAnDQAAAgQFtAQCCAoBPq3GAAAAAAEDAwc="}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1499348480992,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348480992,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjW5ct+zHa8WPb6AScSBbSwAAAgQFtAQCCAoD6H85AT6txgEDAwc="}
00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1499348480993,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348480993,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0IqlAAD4Goy+sEAABwKgKMo1uAFBrxY9vXLfsyIAQAOX6UQAAAQEICgE+rccD6H85"}
00994{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348480992,"flow_last_seen":1499348480993,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":523,"flow_tot_l4_payload_len":523,"flow_avg_l4_payload_len":130,"midstream":0,"thread_ts_msec":1499348480993,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36206,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348494345,"flow_last_seen":1499348494345,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348494345,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36208,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00999{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1499348480992,"flow_last_seen":1499348480993,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":523,"flow_tot_l4_payload_len":523,"midstream":0,"thread_ts_msec":1499348480993,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36206,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499348494345,"flow_last_seen":1499348494345,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348494345,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36208,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1499348494345,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348494345,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8SndAAD4Ge1msEAABwKgKMo1wAFAblvCmAAAAAKACchAI9wAAAgQFtAQCCAoBPrrRAAAAAAEDAwc="}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1499348494345,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348494345,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjXBGdqbdG5bwp6AScSCMVgAAAgQFtAQCCAoD6IxDAT660QEDAwc="}
00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1499348494346,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348494346,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0SnhAAD4Ge2CsEAABwKgKMo1wAFAblvCnRnam3oAQAOUrXgAAAQEICgE+utED6IxD"}
01007{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348494345,"flow_last_seen":1499348494346,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":536,"flow_avg_l4_payload_len":134,"midstream":0,"thread_ts_msec":1499348494346,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36208,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348506489,"flow_last_seen":1499348506489,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348506489,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36210,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
01012{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1499348494345,"flow_last_seen":1499348494346,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":536,"midstream":0,"thread_ts_msec":1499348494346,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36208,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499348506489,"flow_last_seen":1499348506489,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348506489,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36210,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1499348506489,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348506489,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8gghAAD4GQ8isEAABwKgKMo1yAFDHw0SlAAAAAKACchD87AAAAgQFtAQCCAoBPsatAAAAAAEDAwc="}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1499348506489,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348506489,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjXIW0CP4x8NEpqAScSAm\/AAAAgQFtAQCCAoD6JgfAT7GrQEDAwc="}
00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1499348506490,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348506490,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0gglAAD4GQ8+sEAABwKgKMo1yAFDHw0SmFtAj+YAQAOXGAwAAAQEICgE+xq0D6Jgf"}
01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348506489,"flow_last_seen":1499348506490,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":537,"flow_tot_l4_payload_len":537,"flow_avg_l4_payload_len":134,"midstream":0,"thread_ts_msec":1499348506490,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36210,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1+union+select+database%28%29%2C+user%28%29%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348514064,"flow_last_seen":1499348514064,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348514064,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36212,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1499348506489,"flow_last_seen":1499348506490,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":537,"flow_tot_l4_payload_len":537,"midstream":0,"thread_ts_msec":1499348506490,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36210,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1+union+select+database%28%29%2C+user%28%29%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499348514064,"flow_last_seen":1499348514064,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348514064,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36212,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1499348514064,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348514064,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8tHhAAD4GEVisEAABwKgKMo10AFC7kHpqAAAAAKACchDL8wAAAgQFtAQCCAoBPs4SAAAAAAEDAwc="}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1499348514064,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348514064,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjXSy4nMxu5B6a6AScSADUQAAAgQFtAQCCAoD6J+FAT7OEgEDAwc="}
00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1499348514065,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348514065,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0tHlAAD4GEV+sEAABwKgKMo10AFC7kHprsuJzMoAQAOWiVwAAAQEICgE+zhMD6J+F"}
01070{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348514064,"flow_last_seen":1499348514065,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":1499348514065,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36212,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1+union+select+null%2C+table_name+from+information_schema.tables%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
00806{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1499348407419,"flow_last_seen":1499348412425,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":530,"flow_tot_l4_payload_len":977,"flow_avg_l4_payload_len":88,"midstream":0,"thread_ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36196,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1499348413192,"flow_last_seen":1499348418262,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1840,"flow_tot_l4_payload_len":2300,"flow_avg_l4_payload_len":230,"midstream":0,"thread_ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36198,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1499348422024,"flow_last_seen":1499348427063,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1881,"flow_tot_l4_payload_len":2418,"flow_avg_l4_payload_len":241,"midstream":0,"thread_ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36200,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1499348433464,"flow_last_seen":1499348438551,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":4149,"flow_tot_l4_payload_len":4749,"flow_avg_l4_payload_len":431,"midstream":0,"thread_ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36202,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1499348467295,"flow_last_seen":1499348472302,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2021,"flow_tot_l4_payload_len":2620,"flow_avg_l4_payload_len":262,"midstream":0,"thread_ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36204,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
00808{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1499348480992,"flow_last_seen":1499348486002,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":530,"flow_tot_l4_payload_len":1053,"flow_avg_l4_payload_len":105,"midstream":0,"thread_ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36206,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1499348494345,"flow_last_seen":1499348499355,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1840,"flow_tot_l4_payload_len":2376,"flow_avg_l4_payload_len":237,"midstream":0,"thread_ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36208,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1499348506489,"flow_last_seen":1499348511497,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1881,"flow_tot_l4_payload_len":2418,"flow_avg_l4_payload_len":241,"midstream":0,"thread_ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36210,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1499348514064,"flow_last_seen":1499348519077,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2701,"flow_tot_l4_payload_len":4749,"flow_avg_l4_payload_len":395,"midstream":0,"thread_ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36212,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
01075{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1499348514064,"flow_last_seen":1499348514065,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"midstream":0,"thread_ts_msec":1499348514065,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36212,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1+union+select+null%2C+table_name+from+information_schema.tables%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
00811{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1499348407419,"flow_last_seen":1499348412425,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":530,"flow_tot_l4_payload_len":977,"midstream":0,"thread_ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36196,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1499348413192,"flow_last_seen":1499348418262,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1840,"flow_tot_l4_payload_len":2300,"midstream":0,"thread_ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36198,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1499348422024,"flow_last_seen":1499348427063,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1881,"flow_tot_l4_payload_len":2418,"midstream":0,"thread_ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36200,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1499348433464,"flow_last_seen":1499348438551,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":4149,"flow_tot_l4_payload_len":4749,"midstream":0,"thread_ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36202,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1499348467295,"flow_last_seen":1499348472302,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2021,"flow_tot_l4_payload_len":2620,"midstream":0,"thread_ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36204,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
00812{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1499348480992,"flow_last_seen":1499348486002,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":530,"flow_tot_l4_payload_len":1053,"midstream":0,"thread_ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36206,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1499348494345,"flow_last_seen":1499348499355,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1840,"flow_tot_l4_payload_len":2376,"midstream":0,"thread_ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36208,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1499348506489,"flow_last_seen":1499348511497,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1881,"flow_tot_l4_payload_len":2418,"midstream":0,"thread_ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36210,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":5,"flow_first_seen":1499348514064,"flow_last_seen":1499348519077,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2701,"flow_tot_l4_payload_len":4749,"midstream":0,"thread_ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36212,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
00565{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","packets-captured":94,"packets-processed":94,"total-skipped-flows":0,"total-l4-payload-len":23660,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":57,"global_ts_msec":1499348519077}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 94/94
@@ -63,10 +63,10 @@
~~ total active/idle flows...: 9/9
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6016245 bytes
~~ total memory freed........: 6016245 bytes
~~ total memory allocated....: 6016317 bytes
~~ total memory freed........: 6016317 bytes
~~ total allocations/frees...: 121047/121047
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 471 chars
~~ json string max len.......: 1075 chars
~~ json string avg len.......: 772 chars
~~ json string max len.......: 1080 chars
~~ json string avg len.......: 774 chars

3974
test/results/WebattackXSS.pcap.out
View File

File diff suppressed because it is too large Load Diff

14
test/results/afp.pcap.out
View File

@@ -1,11 +1,11 @@
00454{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"afp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00543{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"afp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1643275951277}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"afp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643275951277,"flow_last_seen":1643275951277,"flow_idle_time":7580000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":1,"thread_ts_msec":1643275951277,"l3_proto":"ip4","src_ip":"192.168.27.57","dst_ip":"192.168.27.139","src_port":64987,"dst_port":548,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"afp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643275951277,"flow_last_seen":1643275951277,"flow_idle_time":7580000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"midstream":1,"thread_ts_msec":1643275951277,"l3_proto":"ip4","src_ip":"192.168.27.57","dst_ip":"192.168.27.139","src_port":64987,"dst_port":548,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"afp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1643275951277,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_msec":1643275951277,"pkt":"ABxCVgfWYPgdrn1ECABFAABKAABAAEAGgpnAqBs5wKgbi\/3bAiR+nkVXU19RioAYCHEmJgAAAQEICtTtV\/gAQrf\/AAIixgAAAAAAAAAGAAAAABEAAAIOHA=="}
00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"afp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643275951277,"flow_last_seen":1643275951277,"flow_idle_time":7580000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":1,"thread_ts_msec":1643275951277,"l3_proto":"ip4","src_ip":"192.168.27.57","dst_ip":"192.168.27.139","src_port":64987,"dst_port":548,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AFP","breed":"Acceptable","category":"DataTransfer"}}
00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"afp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643275951277,"flow_last_seen":1643275951277,"flow_idle_time":7580000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"midstream":1,"thread_ts_msec":1643275951277,"l3_proto":"ip4","src_ip":"192.168.27.57","dst_ip":"192.168.27.139","src_port":64987,"dst_port":548,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AFP","breed":"Acceptable","category":"DataTransfer"}}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"afp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1643275951277,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1643275951277,"pkt":"YPgdrn1EABxCVgfWCABFAAA038RAAEAGourAqBuLwKgbOQIk\/dtTX1GKfp5FbYAQVeK4OwAAAQEICgBCwzzU7Vf4"}
00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"afp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1643275951277,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"thread_ts_msec":1643275951277,"pkt":"YPgdrn1EABxCVgfWCABFAABm38VAAEAGorfAqBuLwKgbOQIk\/dtTX1GKfp5FbYAYVeK4bQAAAQEICgBCwzzU7Vf4AQIixgAAAAAAAAAiAAAAAA4cx5MnnCmFIy+AAAAAAAAACVyxcAAAAAALpMeAAAAAEAA="}
00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"afp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1643275951277,"flow_last_seen":1643275952364,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":162,"flow_avg_l4_payload_len":10,"midstream":1,"thread_ts_msec":1643275952364,"l3_proto":"ip4","src_ip":"192.168.27.57","dst_ip":"192.168.27.139","src_port":64987,"dst_port":548,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AFP","breed":"Acceptable","category":"DataTransfer"}}
00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"afp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":4,"flow_first_seen":1643275951277,"flow_last_seen":1643275952364,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":162,"midstream":1,"thread_ts_msec":1643275952364,"l3_proto":"ip4","src_ip":"192.168.27.57","dst_ip":"192.168.27.139","src_port":64987,"dst_port":548,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AFP","breed":"Acceptable","category":"DataTransfer"}}
00550{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":16,"source":"afp.pcap","alias":"nDPId-test","packets-captured":16,"packets-processed":16,"total-skipped-flows":0,"total-l4-payload-len":162,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1643275952364}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 16/16
@@ -15,10 +15,10 @@
~~ total active/idle flows...: 1/1
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6003541 bytes
~~ total memory freed........: 6003541 bytes
~~ total memory allocated....: 6003549 bytes
~~ total memory freed........: 6003549 bytes
~~ total allocations/frees...: 120892/120892
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 459 chars
~~ json string max len.......: 686 chars
~~ json string avg len.......: 564 chars
~~ json string max len.......: 692 chars
~~ json string avg len.......: 567 chars

162
test/results/agora-sd-rtn.pcap.out
View File

@@ -1,166 +1,166 @@
00463{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00552{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1649093494350}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649093494350,"flow_last_seen":1649093494350,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649093494350,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":35778,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649093494350,"flow_last_seen":1649093494350,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649093494350,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":35778,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00753{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1649093494350,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649093494350,"pkt":"eJS0JASgYDjgxTWgCABFoAEG97pAAD8RrNTAqAJkF\/i6s4vCH8IA8rYwAFo4TAAAIQAAAAAABFNOSQAcADIzLTI0OC0xODYtMTc5LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAJfnTudXVvVf7BhRNFQtkmabzFsc4YGcbhGqIyaMUEFFQUQEAEFFU0dQVUJTQQAEpZnsPkMzYe4wgqr+jD6KkFsekH5j6BojNRIPCbkPdUaS4xdQKYVOSVvbHOo64z+26LzM8IhE1k5P6pySRtqNMEtFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"}
00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649093494350,"flow_last_seen":1649093494350,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649093494350,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":35778,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649093494350,"flow_last_seen":1649093494350,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649093494350,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":35778,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00753{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1649093494350,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649093494350,"pkt":"eJS0JASgYDjgxTWgCABFoAEG97tAAD8RrNPAqAJkF\/i6s4vCH8IA8rYwAFo4TAAAIQAAAAAABFNOSQAcADIzLTI0OC0xODYtMTc5LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAJfnTudXVvVf7BhRNFQtkmabzFsc4YGcbhGqIyaMUEFFQUQEAEFFU0dQVUJTQQAEpZnsPkMzYe4wgqr+jD6KkFsekH5j6BojNRIPCbkPdUaS4xdQKYVOSVvbHOo64z+26LzM8IhE1k5P6pySRtqNMEtFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"}
00753{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1649093494350,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649093494350,"pkt":"eJS0JASgYDjgxTWgCABFoAEG97xAAD8RrNLAqAJkF\/i6s4vCH8IA8rYwAFo4TAAAIQAAAAAABFNOSQAcADIzLTI0OC0xODYtMTc5LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAJfnTudXVvVf7BhRNFQtkmabzFsc4YGcbhGqIyaMUEFFQUQEAEFFU0dQVUJTQQAEpZnsPkMzYe4wgqr+jD6KkFsekH5j6BojNRIPCbkPdUaS4xdQKYVOSVvbHOo64z+26LzM8IhE1k5P6pySRtqNMEtFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649093494644,"flow_last_seen":1649093494644,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649093494644,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"104.166.161.75","src_port":35778,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649093494644,"flow_last_seen":1649093494644,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649093494644,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"104.166.161.75","src_port":35778,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00756{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1649093494644,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649093494644,"pkt":"eJS0JASgYDjgxTWgCABFoAEGH0RAAD8RTgXAqAJkaKahS4vCH8IA8mZgACuSLAAAIQAAAAAABFNOSQAcADEwNC0xNjYtMTYxLTc1LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAJfn07LXEa+z6T\/E9ZYq7dujf0mTIUERohITz4bJ+UFFQUQEAEFFU0dQVUJTQQAEJrOqRoL2C8mDJCug2GRL7DZEeLh\/DiKPC8U53YevJ1St97\/n1O3WVlHR7Qa7szYRugw02wmWmX9ymFGjw8kjJ0tFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"}
00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649093494644,"flow_last_seen":1649093494644,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649093494644,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"104.166.161.75","src_port":35778,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649093494644,"flow_last_seen":1649093494644,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649093494644,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"104.166.161.75","src_port":35778,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00756{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1649093494645,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649093494645,"pkt":"eJS0JASgYDjgxTWgCABFoAEGH0VAAD8RTgTAqAJkaKahS4vCH8IA8mZgACuSLAAAIQAAAAAABFNOSQAcADEwNC0xNjYtMTYxLTc1LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAJfn07LXEa+z6T\/E9ZYq7dujf0mTIUERohITz4bJ+UFFQUQEAEFFU0dQVUJTQQAEJrOqRoL2C8mDJCug2GRL7DZEeLh\/DiKPC8U53YevJ1St97\/n1O3WVlHR7Qa7szYRugw02wmWmX9ymFGjw8kjJ0tFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"}
00756{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1649093494645,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649093494645,"pkt":"eJS0JASgYDjgxTWgCABFoAEGH0ZAAD8RTgPAqAJkaKahS4vCH8IA8mZgACuSLAAAIQAAAAAABFNOSQAcADEwNC0xNjYtMTYxLTc1LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAJfn07LXEa+z6T\/E9ZYq7dujf0mTIUERohITz4bJ+UFFQUQEAEFFU0dQVUJTQQAEJrOqRoL2C8mDJCug2GRL7DZEeLh\/DiKPC8U53YevJ1St97\/n1O3WVlHR7Qa7szYRugw02wmWmX9ymFGjw8kjJ0tFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649093570648,"flow_last_seen":1649093570648,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649093570648,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"104.166.161.75","src_port":44131,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649093570648,"flow_last_seen":1649093570648,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649093570648,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"104.166.161.75","src_port":44131,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00755{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1649093570648,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649093570648,"pkt":"eJS0JASgYDjgxTWgCABFoAEGJH1AAD8RSMzAqAJkaKahS6xjH8IA8k05ANAoVwAAIQAAAAAABFNOSQAcADEwNC0xNjYtMTYxLTc1LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAJgzwLO118m5jESf7QcIh4cU1PAqig4J5CIcJJMIfUFFQUQEAEFFU0dQVUJTQQAE+h\/883r3ClVOi4mwokX05oI0DTLyHRc+Mg2zHhwRMHf\/CFZX2CC3hDi1u5H1Ke3ya+pJgSnx8FOJ6Sw76hdLj0tFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"}
00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649093570648,"flow_last_seen":1649093570648,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649093570648,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"104.166.161.75","src_port":44131,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649093570648,"flow_last_seen":1649093570648,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649093570648,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"104.166.161.75","src_port":44131,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00755{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1649093570648,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649093570648,"pkt":"eJS0JASgYDjgxTWgCABFoAEGJH5AAD8RSMvAqAJkaKahS6xjH8IA8k05ANAoVwAAIQAAAAAABFNOSQAcADEwNC0xNjYtMTYxLTc1LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAJgzwLO118m5jESf7QcIh4cU1PAqig4J5CIcJJMIfUFFQUQEAEFFU0dQVUJTQQAE+h\/883r3ClVOi4mwokX05oI0DTLyHRc+Mg2zHhwRMHf\/CFZX2CC3hDi1u5H1Ke3ya+pJgSnx8FOJ6Sw76hdLj0tFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"}
00755{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1649093570648,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649093570648,"pkt":"eJS0JASgYDjgxTWgCABFoAEGJH9AAD8RSMrAqAJkaKahS6xjH8IA8k05ANAoVwAAIQAAAAAABFNOSQAcADEwNC0xNjYtMTYxLTc1LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAJgzwLO118m5jESf7QcIh4cU1PAqig4J5CIcJJMIfUFFQUQEAEFFU0dQVUJTQQAE+h\/883r3ClVOi4mwokX05oI0DTLyHRc+Mg2zHhwRMHf\/CFZX2CC3hDi1u5H1Ke3ya+pJgSnx8FOJ6Sw76hdLj0tFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649093575787,"flow_last_seen":1649093575787,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649093575787,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"104.166.161.19","src_port":44131,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649093575787,"flow_last_seen":1649093575787,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649093575787,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"104.166.161.19","src_port":44131,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00754{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1649093575787,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649093575787,"pkt":"eJS0JASgYDjgxTWgCABFoAEGb9BAAD8R\/bDAqAJkaKahE6xjH8IA8jq3ADeIqAAAIQAAAAAABFNOSQAcADEwNC0xNjYtMTYxLTE5LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAJg4GW0AOb4miWYrD79V3dp03Avt7TH5wg+CXWI7wUFFQUQEAEFFU0dQVUJTQQAEjCK+WoT2o97rehkI3TG55IXFgAabPHd4hAmu5nn67YI3raymU5Wjq30alJlITK96tt+JtMNgvpxcYqAphTU6mUtFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"}
00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649093575787,"flow_last_seen":1649093575787,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649093575787,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"104.166.161.19","src_port":44131,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649093575787,"flow_last_seen":1649093575787,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649093575787,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"104.166.161.19","src_port":44131,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00755{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1649093575788,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649093575788,"pkt":"eJS0JASgYDjgxTWgCABFoAEGb9FAAD8R\/a\/AqAJkaKahE6xjH8IA8jq3ADeIqAAAIQAAAAAABFNOSQAcADEwNC0xNjYtMTYxLTE5LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAJg4GW0AOb4miWYrD79V3dp03Avt7TH5wg+CXWI7wUFFQUQEAEFFU0dQVUJTQQAEjCK+WoT2o97rehkI3TG55IXFgAabPHd4hAmu5nn67YI3raymU5Wjq30alJlITK96tt+JtMNgvpxcYqAphTU6mUtFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"}
00754{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1649093575788,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649093575788,"pkt":"eJS0JASgYDjgxTWgCABFoAEGb9JAAD8R\/a7AqAJkaKahE6xjH8IA8jq3ADeIqAAAIQAAAAAABFNOSQAcADEwNC0xNjYtMTYxLTE5LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAJg4GW0AOb4miWYrD79V3dp03Avt7TH5wg+CXWI7wUFFQUQEAEFFU0dQVUJTQQAEjCK+WoT2o97rehkI3TG55IXFgAabPHd4hAmu5nn67YI3raymU5Wjq30alJlITK96tt+JtMNgvpxcYqAphTU6mUtFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649093580792,"flow_last_seen":1649093580792,"flow_idle_time":200000,"flow_min_l4_payload_len":231,"flow_max_l4_payload_len":231,"flow_tot_l4_payload_len":231,"flow_avg_l4_payload_len":231,"midstream":0,"thread_ts_msec":1649093580792,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.77.66","src_port":44131,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649093580792,"flow_last_seen":1649093580792,"flow_idle_time":200000,"flow_min_l4_payload_len":231,"flow_max_l4_payload_len":231,"flow_tot_l4_payload_len":231,"midstream":0,"thread_ts_msec":1649093580792,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.77.66","src_port":44131,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00753{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1649093580792,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":273,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":273,"pkt_l4_len":239,"thread_ts_msec":1649093580792,"pkt":"eJS0JASgYDjgxTWgCABFoAEDlPVAAD8RFQXAqAJkgAFNQqxjH8IA73jXAJl4HQAAIQAAAAAABFNOSQAZADEyOC0xLTc3LTY2LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAJg90n6PIHuGl\/eNNcAGtWbljeiinpOBz\/8f6Thq1EFFQUQEAEFFU0dQVUJTQQAE4fteiUHAa3vScKrQ7k6uVwHTk73GWGrTdxZ5NRX5jjFw27S+1Fe\/4HWIj\/MeCLdpKQNrrdCTyFKV0x0L6QsHDEtFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"}
00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649093580792,"flow_last_seen":1649093580792,"flow_idle_time":200000,"flow_min_l4_payload_len":231,"flow_max_l4_payload_len":231,"flow_tot_l4_payload_len":231,"flow_avg_l4_payload_len":231,"midstream":0,"thread_ts_msec":1649093580792,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.77.66","src_port":44131,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649093580792,"flow_last_seen":1649093580792,"flow_idle_time":200000,"flow_min_l4_payload_len":231,"flow_max_l4_payload_len":231,"flow_tot_l4_payload_len":231,"midstream":0,"thread_ts_msec":1649093580792,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.77.66","src_port":44131,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00753{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1649093580793,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":273,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":273,"pkt_l4_len":239,"thread_ts_msec":1649093580793,"pkt":"eJS0JASgYDjgxTWgCABFoAEDlPZAAD8RFQTAqAJkgAFNQqxjH8IA73jXAJl4HQAAIQAAAAAABFNOSQAZADEyOC0xLTc3LTY2LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAJg90n6PIHuGl\/eNNcAGtWbljeiinpOBz\/8f6Thq1EFFQUQEAEFFU0dQVUJTQQAE4fteiUHAa3vScKrQ7k6uVwHTk73GWGrTdxZ5NRX5jjFw27S+1Fe\/4HWIj\/MeCLdpKQNrrdCTyFKV0x0L6QsHDEtFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"}
00753{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1649093580793,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":273,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":273,"pkt_l4_len":239,"thread_ts_msec":1649093580793,"pkt":"eJS0JASgYDjgxTWgCABFoAEDlPdAAD8RFQPAqAJkgAFNQqxjH8IA73jXAJl4HQAAIQAAAAAABFNOSQAZADEyOC0xLTc3LTY2LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAJg90n6PIHuGl\/eNNcAGtWbljeiinpOBz\/8f6Thq1EFFQUQEAEFFU0dQVUJTQQAE4fteiUHAa3vScKrQ7k6uVwHTk73GWGrTdxZ5NRX5jjFw27S+1Fe\/4HWIj\/MeCLdpKQNrrdCTyFKV0x0L6QsHDEtFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649093640794,"flow_last_seen":1649093640794,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649093640794,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":44131,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649093640794,"flow_last_seen":1649093640794,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649093640794,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":44131,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00755{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1649093640794,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649093640794,"pkt":"eJS0JASgYDjgxTWgCABFoAEG+itAAD8RqmPAqAJkF\/i6s6xjH8IA8v\/kAJCYkAAAIQAAAAAABFNOSQAcADIzLTI0OC0xODYtMTc5LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAJh5RjvoT8nXWQoTczbqfuCTWtSWIxMM71dLXfMImkFFQUQEAEFFU0dQVUJTQQAEo1EDK0BV7P7bdQLDfP5fh7OnOsU36QmWzSAbWPLojMYYoxcRozYKWIUqAOqOVU9JKdnROu06m38bLWdrLI75sktFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"}
00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649093640794,"flow_last_seen":1649093640794,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649093640794,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":44131,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649093640794,"flow_last_seen":1649093640794,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649093640794,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":44131,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00755{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1649093640794,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649093640794,"pkt":"eJS0JASgYDjgxTWgCABFoAEG+ixAAD8RqmLAqAJkF\/i6s6xjH8IA8v\/kAJCYkAAAIQAAAAAABFNOSQAcADIzLTI0OC0xODYtMTc5LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAJh5RjvoT8nXWQoTczbqfuCTWtSWIxMM71dLXfMImkFFQUQEAEFFU0dQVUJTQQAEo1EDK0BV7P7bdQLDfP5fh7OnOsU36QmWzSAbWPLojMYYoxcRozYKWIUqAOqOVU9JKdnROu06m38bLWdrLI75sktFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"}
00755{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1649093640794,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649093640794,"pkt":"eJS0JASgYDjgxTWgCABFoAEG+i1AAD8RqmHAqAJkF\/i6s6xjH8IA8v\/kAJCYkAAAIQAAAAAABFNOSQAcADIzLTI0OC0xODYtMTc5LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAJh5RjvoT8nXWQoTczbqfuCTWtSWIxMM71dLXfMImkFFQUQEAEFFU0dQVUJTQQAEo1EDK0BV7P7bdQLDfP5fh7OnOsU36QmWzSAbWPLojMYYoxcRozYKWIUqAOqOVU9JKdnROu06m38bLWdrLI75sktFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649093640842,"flow_last_seen":1649093640842,"flow_idle_time":200000,"flow_min_l4_payload_len":226,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":226,"flow_avg_l4_payload_len":226,"midstream":0,"thread_ts_msec":1649093640842,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":46798,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649093640842,"flow_last_seen":1649093640842,"flow_idle_time":200000,"flow_min_l4_payload_len":226,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":226,"midstream":0,"thread_ts_msec":1649093640842,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":46798,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00748{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1649093640842,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":268,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":268,"pkt_l4_len":234,"thread_ts_msec":1649093640842,"pkt":"eJS0JASgYDjgxTWgCABFoAD+96lAAD8RrO3AqAJkF\/i6s7bOH8IA6rDHAE8OHQAAIQAAAAAABFNOSQAcADIzLTI0OC0xODYtMTc5LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAJfnlO0oTMjFpPQok0BeNgyMsfWK6tyRBP6qOIuGb0FFQUQEAEFFU0dQVUJTQQAEAmWTpv00Mu9s9eHO9YKHmJzM0p0SEfRhaw\/S2nD2he9vNE4MilAXm44Pd9F9VdBkmWwGneaYgayG992+Tfg\/xEtFWFMEAFAyNTZDQ1JUIAD\/l8GP5RGYHxKUln7foXlIqEex7RofPmJwbQTGCLgnmQ=="}
00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649093640842,"flow_last_seen":1649093640842,"flow_idle_time":200000,"flow_min_l4_payload_len":226,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":226,"flow_avg_l4_payload_len":226,"midstream":0,"thread_ts_msec":1649093640842,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":46798,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649093640842,"flow_last_seen":1649093640842,"flow_idle_time":200000,"flow_min_l4_payload_len":226,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":226,"midstream":0,"thread_ts_msec":1649093640842,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":46798,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00748{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1649093640842,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":268,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":268,"pkt_l4_len":234,"thread_ts_msec":1649093640842,"pkt":"eJS0JASgYDjgxTWgCABFoAD+96pAAD8RrOzAqAJkF\/i6s7bOH8IA6rDHAE8OHQAAIQAAAAAABFNOSQAcADIzLTI0OC0xODYtMTc5LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAJfnlO0oTMjFpPQok0BeNgyMsfWK6tyRBP6qOIuGb0FFQUQEAEFFU0dQVUJTQQAEAmWTpv00Mu9s9eHO9YKHmJzM0p0SEfRhaw\/S2nD2he9vNE4MilAXm44Pd9F9VdBkmWwGneaYgayG992+Tfg\/xEtFWFMEAFAyNTZDQ1JUIAD\/l8GP5RGYHxKUln7foXlIqEex7RofPmJwbQTGCLgnmQ=="}
00748{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1649093640842,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":268,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":268,"pkt_l4_len":234,"thread_ts_msec":1649093640842,"pkt":"eJS0JASgYDjgxTWgCABFoAD+96tAAD8RrOvAqAJkF\/i6s7bOH8IA6rDHAE8OHQAAIQAAAAAABFNOSQAcADIzLTI0OC0xODYtMTc5LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAJfnlO0oTMjFpPQok0BeNgyMsfWK6tyRBP6qOIuGb0FFQUQEAEFFU0dQVUJTQQAEAmWTpv00Mu9s9eHO9YKHmJzM0p0SEfRhaw\/S2nD2he9vNE4MilAXm44Pd9F9VdBkmWwGneaYgayG992+Tfg\/xEtFWFMEAFAyNTZDQ1JUIAD\/l8GP5RGYHxKUln7foXlIqEex7RofPmJwbQTGCLgnmQ=="}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":106,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649093710805,"flow_last_seen":1649093710805,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649093710805,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.180","src_port":44131,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00597{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":106,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649093710805,"flow_last_seen":1649093710805,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649093710805,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.180","src_port":44131,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00758{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1649093710805,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649093710805,"pkt":"eJS0JASgYDjgxTWgCABFoAEGsJpAAD8R8\/PAqAJkF\/i6tKxjH8IA8uctAM5VpAAAIQAAAAAABFNOSQAcADIzLTI0OC0xODYtMTgwLmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAJi\/yhYl+4tFxfRy\/hjYWvCs3sWcLaw7yUyJriC7EkFFQUQEAEFFU0dQVUJTQQAEvd1t+W9UAMlutRwaUc3brStpNzMotBC8tKv3ozdxhPxlu+KeK3Ixnyt4Iph078ycHtNzhwl8N0HwbJs1Xqgd6EtFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"}
00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":106,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649093710805,"flow_last_seen":1649093710805,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649093710805,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.180","src_port":44131,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00656{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":106,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649093710805,"flow_last_seen":1649093710805,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649093710805,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.180","src_port":44131,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00758{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1649093710806,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649093710806,"pkt":"eJS0JASgYDjgxTWgCABFoAEGsJtAAD8R8\/LAqAJkF\/i6tKxjH8IA8uctAM5VpAAAIQAAAAAABFNOSQAcADIzLTI0OC0xODYtMTgwLmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAJi\/yhYl+4tFxfRy\/hjYWvCs3sWcLaw7yUyJriC7EkFFQUQEAEFFU0dQVUJTQQAEvd1t+W9UAMlutRwaUc3brStpNzMotBC8tKv3ozdxhPxlu+KeK3Ixnyt4Iph078ycHtNzhwl8N0HwbJs1Xqgd6EtFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"}
00758{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1649093710806,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649093710806,"pkt":"eJS0JASgYDjgxTWgCABFoAEGsJxAAD8R8\/HAqAJkF\/i6tKxjH8IA8uctAM5VpAAAIQAAAAAABFNOSQAcADIzLTI0OC0xODYtMTgwLmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAJi\/yhYl+4tFxfRy\/hjYWvCs3sWcLaw7yUyJriC7EkFFQUQEAEFFU0dQVUJTQQAEvd1t+W9UAMlutRwaUc3brStpNzMotBC8tKv3ozdxhPxlu+KeK3Ixnyt4Iph078ycHtNzhwl8N0HwbJs1Xqgd6EtFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"}
00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":121,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1649093494644,"flow_last_seen":1649093494689,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":492,"flow_tot_l4_payload_len":3169,"flow_avg_l4_payload_len":211,"midstream":0,"thread_ts_msec":1649093710879,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"104.166.161.75","src_port":35778,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":121,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1649093494350,"flow_last_seen":1649093494400,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":492,"flow_tot_l4_payload_len":3169,"flow_avg_l4_payload_len":211,"midstream":0,"thread_ts_msec":1649093710879,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":35778,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":121,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":3,"flow_first_seen":1649093494644,"flow_last_seen":1649093494689,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":492,"flow_tot_l4_payload_len":3169,"midstream":0,"thread_ts_msec":1649093710879,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"104.166.161.75","src_port":35778,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":121,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":3,"flow_first_seen":1649093494350,"flow_last_seen":1649093494400,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":492,"flow_tot_l4_payload_len":3169,"midstream":0,"thread_ts_msec":1649093710879,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":35778,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00563{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":121,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","packets-captured":121,"packets-processed":120,"total-skipped-flows":0,"total-l4-payload-len":29232,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":8,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":45,"global_ts_msec":1649098069656}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":121,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649098069656,"flow_last_seen":1649098069656,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649098069656,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":40393,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00597{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":121,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649098069656,"flow_last_seen":1649098069656,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649098069656,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":40393,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00757{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1649098069656,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649098069656,"pkt":"eJS0JASgYDjgxTWgCABFoAEGneRAAD8RBqvAqAJkF\/i6s53JH8IA8s3FANAqagAAIQAAAAAABFNOSQAcADIzLTI0OC0xODYtMTc5LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAKXiddqZ56BOXneEQ4mP388RlUbMx7s0KlWJgk5kvEFFQUQEAEFFU0dQVUJTQQAE2i0ZP5UqhloJODTaOh+IlYI+UqEvQtfYePDLs+DPY\/wb\/ex7kxsKDZa0UBpqtKFPW3cONzQvrgAKQsaxWmXF50tFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"}
00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":121,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649098069656,"flow_last_seen":1649098069656,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649098069656,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":40393,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00656{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":121,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649098069656,"flow_last_seen":1649098069656,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649098069656,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":40393,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00757{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1649098069656,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649098069656,"pkt":"eJS0JASgYDjgxTWgCABFoAEGneVAAD8RBqrAqAJkF\/i6s53JH8IA8s3FANAqagAAIQAAAAAABFNOSQAcADIzLTI0OC0xODYtMTc5LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAKXiddqZ56BOXneEQ4mP388RlUbMx7s0KlWJgk5kvEFFQUQEAEFFU0dQVUJTQQAE2i0ZP5UqhloJODTaOh+IlYI+UqEvQtfYePDLs+DPY\/wb\/ex7kxsKDZa0UBpqtKFPW3cONzQvrgAKQsaxWmXF50tFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"}
00757{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1649098069656,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649098069656,"pkt":"eJS0JASgYDjgxTWgCABFoAEGneZAAD8RBqnAqAJkF\/i6s53JH8IA8s3FANAqagAAIQAAAAAABFNOSQAcADIzLTI0OC0xODYtMTc5LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAKXiddqZ56BOXneEQ4mP388RlUbMx7s0KlWJgk5kvEFFQUQEAEFFU0dQVUJTQQAE2i0ZP5UqhloJODTaOh+IlYI+UqEvQtfYePDLs+DPY\/wb\/ex7kxsKDZa0UBpqtKFPW3cONzQvrgAKQsaxWmXF50tFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"}
00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":136,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649098069706,"flow_last_seen":1649098069706,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649098069706,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":47453,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":136,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649098069706,"flow_last_seen":1649098069706,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649098069706,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":47453,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00757{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1649098069706,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649098069706,"pkt":"eJS0JASgYDjgxTWgCABFoAEGnXhAAD8RBxfAqAJkF\/i6s7ldH8IA8lBqANlPMQAAIQAAAAAABFNOSQAcADIzLTI0OC0xODYtMTc5LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAKXhQpGxSUTlZVVzRgedZI3rLw+yxzMMdRjhd4IxCkFFQUQEAEFFU0dQVUJTQQAEzTSboCt7FM6A6woBSDA6BXje0FytH\/VlmqM5WAGn1G0SDjb8WsY2P509Oy+4jMINQREZeQEsu3l+MyWzK1mwlUtFWFMEAFAyNTZDQ1JUKADZFgkMuGiQFv+XwY\/lEZgfEpSWft+heUioR7HtGh8+YnBtBMYIuCeZ"}
00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":136,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649098069706,"flow_last_seen":1649098069706,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649098069706,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":47453,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":136,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649098069706,"flow_last_seen":1649098069706,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649098069706,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":47453,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00757{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1649098069706,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649098069706,"pkt":"eJS0JASgYDjgxTWgCABFoAEGnXlAAD8RBxbAqAJkF\/i6s7ldH8IA8lBqANlPMQAAIQAAAAAABFNOSQAcADIzLTI0OC0xODYtMTc5LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAKXhQpGxSUTlZVVzRgedZI3rLw+yxzMMdRjhd4IxCkFFQUQEAEFFU0dQVUJTQQAEzTSboCt7FM6A6woBSDA6BXje0FytH\/VlmqM5WAGn1G0SDjb8WsY2P509Oy+4jMINQREZeQEsu3l+MyWzK1mwlUtFWFMEAFAyNTZDQ1JUKADZFgkMuGiQFv+XwY\/lEZgfEpSWft+heUioR7HtGh8+YnBtBMYIuCeZ"}
00757{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":138,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1649098069706,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649098069706,"pkt":"eJS0JASgYDjgxTWgCABFoAEGnXpAAD8RBxXAqAJkF\/i6s7ldH8IA8lBqANlPMQAAIQAAAAAABFNOSQAcADIzLTI0OC0xODYtMTc5LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAKXhQpGxSUTlZVVzRgedZI3rLw+yxzMMdRjhd4IxCkFFQUQEAEFFU0dQVUJTQQAEzTSboCt7FM6A6woBSDA6BXje0FytH\/VlmqM5WAGn1G0SDjb8WsY2P509Oy+4jMINQREZeQEsu3l+MyWzK1mwlUtFWFMEAFAyNTZDQ1JUKADZFgkMuGiQFv+XwY\/lEZgfEpSWft+heUioR7HtGh8+YnBtBMYIuCeZ"}
00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":151,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649098070259,"flow_last_seen":1649098070259,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649098070259,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"104.166.161.75","src_port":40393,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":151,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649098070259,"flow_last_seen":1649098070259,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649098070259,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"104.166.161.75","src_port":40393,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00757{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":151,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1649098070259,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649098070259,"pkt":"eJS0JASgYDjgxTWgCABFoAEGcMpAAD8R\/H7AqAJkaKahS53JH8IA8s+NAEgoZgAAIQAAAAAABFNOSQAcADEwNC0xNjYtMTYxLTc1LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAKXixWqIu8Gcf4dKl8YbY6ScLHaeEVhZsgcXNXy8JkFFQUQEAEFFU0dQVUJTQQAEW9tpqQFA11\/RBrZKZfvLqZo+b7pqhtn0DCWx+rfbK0RhV3SjA4EIMBkWWjSgD3I+lMSTJETgvPJiu1gt5j6GSEtFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"}
00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":151,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649098070259,"flow_last_seen":1649098070259,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649098070259,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"104.166.161.75","src_port":40393,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":151,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649098070259,"flow_last_seen":1649098070259,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649098070259,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"104.166.161.75","src_port":40393,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00757{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":152,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1649098070260,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649098070260,"pkt":"eJS0JASgYDjgxTWgCABFoAEGcMtAAD8R\/H3AqAJkaKahS53JH8IA8s+NAEgoZgAAIQAAAAAABFNOSQAcADEwNC0xNjYtMTYxLTc1LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAKXixWqIu8Gcf4dKl8YbY6ScLHaeEVhZsgcXNXy8JkFFQUQEAEFFU0dQVUJTQQAEW9tpqQFA11\/RBrZKZfvLqZo+b7pqhtn0DCWx+rfbK0RhV3SjA4EIMBkWWjSgD3I+lMSTJETgvPJiu1gt5j6GSEtFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"}
00757{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":153,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1649098070260,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649098070260,"pkt":"eJS0JASgYDjgxTWgCABFoAEGcMxAAD8R\/HzAqAJkaKahS53JH8IA8s+NAEgoZgAAIQAAAAAABFNOSQAcADEwNC0xNjYtMTYxLTc1LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAKXixWqIu8Gcf4dKl8YbY6ScLHaeEVhZsgcXNXy8JkFFQUQEAEFFU0dQVUJTQQAEW9tpqQFA11\/RBrZKZfvLqZo+b7pqhtn0DCWx+rfbK0RhV3SjA4EIMBkWWjSgD3I+lMSTJETgvPJiu1gt5j6GSEtFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"}
00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":166,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1649093575787,"flow_last_seen":1649093575878,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":492,"flow_tot_l4_payload_len":2971,"flow_avg_l4_payload_len":198,"midstream":0,"thread_ts_msec":1649098070310,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"104.166.161.19","src_port":44131,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":166,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1649093570648,"flow_last_seen":1649093570772,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":944,"flow_tot_l4_payload_len":4016,"flow_avg_l4_payload_len":267,"midstream":0,"thread_ts_msec":1649098070310,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"104.166.161.75","src_port":44131,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":166,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1649093710805,"flow_last_seen":1649093710879,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":492,"flow_tot_l4_payload_len":3070,"flow_avg_l4_payload_len":204,"midstream":0,"thread_ts_msec":1649098070310,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.180","src_port":44131,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":166,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1649093640794,"flow_last_seen":1649093640842,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":492,"flow_tot_l4_payload_len":3143,"flow_avg_l4_payload_len":209,"midstream":0,"thread_ts_msec":1649098070310,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":44131,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":166,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1649093580792,"flow_last_seen":1649093580849,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":492,"flow_tot_l4_payload_len":3272,"flow_avg_l4_payload_len":218,"midstream":0,"thread_ts_msec":1649098070310,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.77.66","src_port":44131,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":166,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1649093640842,"flow_last_seen":1649093640842,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":1219,"flow_tot_l4_payload_len":6422,"flow_avg_l4_payload_len":428,"midstream":0,"thread_ts_msec":1649098070310,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":46798,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":166,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649098089567,"flow_last_seen":1649098089567,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649098089567,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"104.166.161.75","src_port":55322,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":166,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":5,"flow_first_seen":1649093575787,"flow_last_seen":1649093575878,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":492,"flow_tot_l4_payload_len":2971,"midstream":0,"thread_ts_msec":1649098070310,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"104.166.161.19","src_port":44131,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":166,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":3,"flow_first_seen":1649093570648,"flow_last_seen":1649093570772,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":944,"flow_tot_l4_payload_len":4016,"midstream":0,"thread_ts_msec":1649098070310,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"104.166.161.75","src_port":44131,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":166,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":4,"flow_first_seen":1649093710805,"flow_last_seen":1649093710879,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":492,"flow_tot_l4_payload_len":3070,"midstream":0,"thread_ts_msec":1649098070310,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.180","src_port":44131,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":166,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":3,"flow_first_seen":1649093640794,"flow_last_seen":1649093640842,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":492,"flow_tot_l4_payload_len":3143,"midstream":0,"thread_ts_msec":1649098070310,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":44131,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":166,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":3,"flow_first_seen":1649093580792,"flow_last_seen":1649093580849,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":492,"flow_tot_l4_payload_len":3272,"midstream":0,"thread_ts_msec":1649098070310,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.77.66","src_port":44131,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":166,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":4,"flow_first_seen":1649093640842,"flow_last_seen":1649093640842,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":1219,"flow_tot_l4_payload_len":6422,"midstream":0,"thread_ts_msec":1649098070310,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":46798,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":166,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649098089567,"flow_last_seen":1649098089567,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649098089567,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"104.166.161.75","src_port":55322,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00759{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1649098089567,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649098089567,"pkt":"eJS0JASgYDjgxTWgCABFoAEGfpRAAD8R7rTAqAJkaKahS9gaH8IA8rfKAGAtlAAAIQAAAAAABFNOSQAcADEwNC0xNjYtMTYxLTc1LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAKX2UCEar3dNMPGtldPVRNmQ34X8ajeoM6TdWbZjDkFFQUQEAEFFU0dQVUJTQQAE6Cg10bM\/s1\/AQlysPUPvJxLM50KHpzktiZkWalUHk9iQoPekmRbdl\/zw\/WgmvM4RvbCndAgYzXUOxjChVG3pIktFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"}
00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":166,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649098089567,"flow_last_seen":1649098089567,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649098089567,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"104.166.161.75","src_port":55322,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":166,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649098089567,"flow_last_seen":1649098089567,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649098089567,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"104.166.161.75","src_port":55322,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00759{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1649098089567,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649098089567,"pkt":"eJS0JASgYDjgxTWgCABFoAEGfpVAAD8R7rPAqAJkaKahS9gaH8IA8rfKAGAtlAAAIQAAAAAABFNOSQAcADEwNC0xNjYtMTYxLTc1LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAKX2UCEar3dNMPGtldPVRNmQ34X8ajeoM6TdWbZjDkFFQUQEAEFFU0dQVUJTQQAE6Cg10bM\/s1\/AQlysPUPvJxLM50KHpzktiZkWalUHk9iQoPekmRbdl\/zw\/WgmvM4RvbCndAgYzXUOxjChVG3pIktFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"}
00759{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":168,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1649098089567,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649098089567,"pkt":"eJS0JASgYDjgxTWgCABFoAEGfpZAAD8R7rLAqAJkaKahS9gaH8IA8rfKAGAtlAAAIQAAAAAABFNOSQAcADEwNC0xNjYtMTYxLTc1LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAKX2UCEar3dNMPGtldPVRNmQ34X8ajeoM6TdWbZjDkFFQUQEAEFFU0dQVUJTQQAE6Cg10bM\/s1\/AQlysPUPvJxLM50KHpzktiZkWalUHk9iQoPekmRbdl\/zw\/WgmvM4RvbCndAgYzXUOxjChVG3pIktFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":181,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649098094676,"flow_last_seen":1649098094676,"flow_idle_time":200000,"flow_min_l4_payload_len":233,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"flow_avg_l4_payload_len":233,"midstream":0,"thread_ts_msec":1649098094676,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.233.218","src_port":55322,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00597{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":181,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649098094676,"flow_last_seen":1649098094676,"flow_idle_time":200000,"flow_min_l4_payload_len":233,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"midstream":0,"thread_ts_msec":1649098094676,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.233.218","src_port":55322,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00759{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1649098094676,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"thread_ts_msec":1649098094676,"pkt":"eJS0JASgYDjgxTWgCABFoAEFnadAAD8Rb7jAqAJkgAHp2tgaH8IA8ZNOAIvfcAAAIQAAAAAABFNOSQAbADEyOC0xLTIzMy0yMTguZWRnZS5hZ29yYS5pb1BETUQAAENQVE+BAE5PTkMgAAAApfs6FeucFt3UJmlHV\/+qfWl4ZO66hJe2FMaw985tQUVBRAQAQUVTR1BVQlNBAASl7alnNwBac\/EM8\/e3OTwxYjqU4L8L+DfMIlwLYBmF2RVcj8IsWMZ8xtI3LcXYd4rg7aVow0QpJr1ImfC\/7ik+S0VYUwQAUDI1NkNDUlQoAP+XwY\/lEZgfcG0Exgi4J5nZFgkMuGiQFhKUln7foXlIqEex7RofPmI="}
00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":181,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649098094676,"flow_last_seen":1649098094676,"flow_idle_time":200000,"flow_min_l4_payload_len":233,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"flow_avg_l4_payload_len":233,"midstream":0,"thread_ts_msec":1649098094676,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.233.218","src_port":55322,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00656{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":181,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649098094676,"flow_last_seen":1649098094676,"flow_idle_time":200000,"flow_min_l4_payload_len":233,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"midstream":0,"thread_ts_msec":1649098094676,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.233.218","src_port":55322,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00759{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1649098094676,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"thread_ts_msec":1649098094676,"pkt":"eJS0JASgYDjgxTWgCABFoAEFnahAAD8Rb7fAqAJkgAHp2tgaH8IA8ZNOAIvfcAAAIQAAAAAABFNOSQAbADEyOC0xLTIzMy0yMTguZWRnZS5hZ29yYS5pb1BETUQAAENQVE+BAE5PTkMgAAAApfs6FeucFt3UJmlHV\/+qfWl4ZO66hJe2FMaw985tQUVBRAQAQUVTR1BVQlNBAASl7alnNwBac\/EM8\/e3OTwxYjqU4L8L+DfMIlwLYBmF2RVcj8IsWMZ8xtI3LcXYd4rg7aVow0QpJr1ImfC\/7ik+S0VYUwQAUDI1NkNDUlQoAP+XwY\/lEZgfcG0Exgi4J5nZFgkMuGiQFhKUln7foXlIqEex7RofPmI="}
00759{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1649098094676,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"thread_ts_msec":1649098094676,"pkt":"eJS0JASgYDjgxTWgCABFoAEFnalAAD8Rb7bAqAJkgAHp2tgaH8IA8ZNOAIvfcAAAIQAAAAAABFNOSQAbADEyOC0xLTIzMy0yMTguZWRnZS5hZ29yYS5pb1BETUQAAENQVE+BAE5PTkMgAAAApfs6FeucFt3UJmlHV\/+qfWl4ZO66hJe2FMaw985tQUVBRAQAQUVTR1BVQlNBAASl7alnNwBac\/EM8\/e3OTwxYjqU4L8L+DfMIlwLYBmF2RVcj8IsWMZ8xtI3LcXYd4rg7aVow0QpJr1ImfC\/7ik+S0VYUwQAUDI1NkNDUlQoAP+XwY\/lEZgfcG0Exgi4J5nZFgkMuGiQFhKUln7foXlIqEex7RofPmI="}
00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":196,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649098129676,"flow_last_seen":1649098129676,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649098129676,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"193.118.52.182","src_port":55322,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":196,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649098129676,"flow_last_seen":1649098129676,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649098129676,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"193.118.52.182","src_port":55322,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00756{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":196,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1649098129676,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649098129676,"pkt":"eJS0JASgYDjgxTWgCABFoAEG8ltAAD8RjrLAqAJkwXY0ttgaH8IA8j0KAHm3rAAAIQAAAAAABFNOSQAcADE5My0xMTgtNTItMTgyLmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAKYe5uMMeslRB3XNb4oIMtxM1Kq4uVO9ATPzLnBeCEFFQUQEAEFFU0dQVUJTQQAEfMIBHrlyhJSJQxs1oKYK9vHZz2ftsZjVFavleGiXwVxs5oZBr4mTdCDKj32Pfmb663V\/iNj2FyPr9qh0qRkaWEtFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"}
00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":196,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649098129676,"flow_last_seen":1649098129676,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649098129676,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"193.118.52.182","src_port":55322,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":196,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649098129676,"flow_last_seen":1649098129676,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649098129676,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"193.118.52.182","src_port":55322,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00756{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":197,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1649098129676,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649098129676,"pkt":"eJS0JASgYDjgxTWgCABFoAEG8lxAAD8RjrHAqAJkwXY0ttgaH8IA8j0KAHm3rAAAIQAAAAAABFNOSQAcADE5My0xMTgtNTItMTgyLmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAKYe5uMMeslRB3XNb4oIMtxM1Kq4uVO9ATPzLnBeCEFFQUQEAEFFU0dQVUJTQQAEfMIBHrlyhJSJQxs1oKYK9vHZz2ftsZjVFavleGiXwVxs5oZBr4mTdCDKj32Pfmb663V\/iNj2FyPr9qh0qRkaWEtFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"}
00756{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":198,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1649098129677,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649098129677,"pkt":"eJS0JASgYDjgxTWgCABFoAEG8l1AAD8RjrDAqAJkwXY0ttgaH8IA8j0KAHm3rAAAIQAAAAAABFNOSQAcADE5My0xMTgtNTItMTgyLmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAKYe5uMMeslRB3XNb4oIMtxM1Kq4uVO9ATPzLnBeCEFFQUQEAEFFU0dQVUJTQQAEfMIBHrlyhJSJQxs1oKYK9vHZz2ftsZjVFavleGiXwVxs5oZBr4mTdCDKj32Pfmb663V\/iNj2FyPr9qh0qRkaWEtFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"}
00565{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":211,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","packets-captured":211,"packets-processed":210,"total-skipped-flows":0,"total-l4-payload-len":50011,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":14,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":14,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":82,"global_ts_msec":1649098819739}
00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":226,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1649098069706,"flow_last_seen":1649098069706,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":492,"flow_tot_l4_payload_len":3368,"flow_avg_l4_payload_len":224,"midstream":0,"thread_ts_msec":1649098819802,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":47453,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":226,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1649098094676,"flow_last_seen":1649098094756,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":492,"flow_tot_l4_payload_len":3114,"flow_avg_l4_payload_len":207,"midstream":0,"thread_ts_msec":1649098819802,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.233.218","src_port":55322,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":226,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1649098070259,"flow_last_seen":1649098070310,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":492,"flow_tot_l4_payload_len":3300,"flow_avg_l4_payload_len":220,"midstream":0,"thread_ts_msec":1649098819802,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"104.166.161.75","src_port":40393,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":226,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1649098069656,"flow_last_seen":1649098069706,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":818,"flow_tot_l4_payload_len":3732,"flow_avg_l4_payload_len":248,"midstream":0,"thread_ts_msec":1649098819802,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":40393,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":226,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1649098129676,"flow_last_seen":1649098129719,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":492,"flow_tot_l4_payload_len":3245,"flow_avg_l4_payload_len":216,"midstream":0,"thread_ts_msec":1649098819802,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"193.118.52.182","src_port":55322,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00694{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":226,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1649098089567,"flow_last_seen":1649098819802,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":944,"flow_tot_l4_payload_len":7165,"flow_avg_l4_payload_len":238,"midstream":0,"thread_ts_msec":1649098819802,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"104.166.161.75","src_port":55322,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":226,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649098849713,"flow_last_seen":1649098849713,"flow_idle_time":200000,"flow_min_l4_payload_len":233,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"flow_avg_l4_payload_len":233,"midstream":0,"thread_ts_msec":1649098849713,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.193.223","src_port":55322,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":226,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":3,"flow_first_seen":1649098069706,"flow_last_seen":1649098069706,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":492,"flow_tot_l4_payload_len":3368,"midstream":0,"thread_ts_msec":1649098819802,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":47453,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":226,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":4,"flow_first_seen":1649098094676,"flow_last_seen":1649098094756,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":492,"flow_tot_l4_payload_len":3114,"midstream":0,"thread_ts_msec":1649098819802,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.233.218","src_port":55322,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":226,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":3,"flow_first_seen":1649098070259,"flow_last_seen":1649098070310,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":492,"flow_tot_l4_payload_len":3300,"midstream":0,"thread_ts_msec":1649098819802,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"104.166.161.75","src_port":40393,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":226,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":3,"flow_first_seen":1649098069656,"flow_last_seen":1649098069706,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":818,"flow_tot_l4_payload_len":3732,"midstream":0,"thread_ts_msec":1649098819802,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":40393,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":226,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":3,"flow_first_seen":1649098129676,"flow_last_seen":1649098129719,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":492,"flow_tot_l4_payload_len":3245,"midstream":0,"thread_ts_msec":1649098819802,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"193.118.52.182","src_port":55322,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00699{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":226,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":6,"flow_first_seen":1649098089567,"flow_last_seen":1649098819802,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":944,"flow_tot_l4_payload_len":7165,"midstream":0,"thread_ts_msec":1649098819802,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"104.166.161.75","src_port":55322,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00597{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":226,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649098849713,"flow_last_seen":1649098849713,"flow_idle_time":200000,"flow_min_l4_payload_len":233,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"midstream":0,"thread_ts_msec":1649098849713,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.193.223","src_port":55322,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00757{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1649098849713,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"thread_ts_msec":1649098849713,"pkt":"eJS0JASgYDjgxTWgCABFoAEFjY5AAD8Rp8zAqAJkgAHB39gaH8IA8ZWbALrcNQAAIQAAAAAABFNOSQAbADEyOC0xLTE5My0yMjMuZWRnZS5hZ29yYS5pb1BETUQAAENQVE+BAE5PTkMgAAAAqO653g\/hCRLYJiWr5HwhPLNmBmFf1jZ6sWoE3wYWQUVBRAQAQUVTR1BVQlNBAAShXWD9bdPdTqNRd9XnrAbDYLUfMQlth+FXkrmXNCnpwnaRd1+zUbpvZZqEZL8R\/FHgoWlN8+rWWaa4DpcfkLsbS0VYUwQAUDI1NkNDUlQoAP+XwY\/lEZgfcG0Exgi4J5nZFgkMuGiQFhKUln7foXlIqEex7RofPmI="}
00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":226,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649098849713,"flow_last_seen":1649098849713,"flow_idle_time":200000,"flow_min_l4_payload_len":233,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"flow_avg_l4_payload_len":233,"midstream":0,"thread_ts_msec":1649098849713,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.193.223","src_port":55322,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00656{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":226,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649098849713,"flow_last_seen":1649098849713,"flow_idle_time":200000,"flow_min_l4_payload_len":233,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"midstream":0,"thread_ts_msec":1649098849713,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.193.223","src_port":55322,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00757{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":227,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1649098849713,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"thread_ts_msec":1649098849713,"pkt":"eJS0JASgYDjgxTWgCABFoAEFjY9AAD8Rp8vAqAJkgAHB39gaH8IA8ZWbALrcNQAAIQAAAAAABFNOSQAbADEyOC0xLTE5My0yMjMuZWRnZS5hZ29yYS5pb1BETUQAAENQVE+BAE5PTkMgAAAAqO653g\/hCRLYJiWr5HwhPLNmBmFf1jZ6sWoE3wYWQUVBRAQAQUVTR1BVQlNBAAShXWD9bdPdTqNRd9XnrAbDYLUfMQlth+FXkrmXNCnpwnaRd1+zUbpvZZqEZL8R\/FHgoWlN8+rWWaa4DpcfkLsbS0VYUwQAUDI1NkNDUlQoAP+XwY\/lEZgfcG0Exgi4J5nZFgkMuGiQFhKUln7foXlIqEex7RofPmI="}
00757{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":228,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1649098849714,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"thread_ts_msec":1649098849714,"pkt":"eJS0JASgYDjgxTWgCABFoAEFjZBAAD8Rp8rAqAJkgAHB39gaH8IA8ZWbALrcNQAAIQAAAAAABFNOSQAbADEyOC0xLTE5My0yMjMuZWRnZS5hZ29yYS5pb1BETUQAAENQVE+BAE5PTkMgAAAAqO653g\/hCRLYJiWr5HwhPLNmBmFf1jZ6sWoE3wYWQUVBRAQAQUVTR1BVQlNBAAShXWD9bdPdTqNRd9XnrAbDYLUfMQlth+FXkrmXNCnpwnaRd1+zUbpvZZqEZL8R\/FHgoWlN8+rWWaa4DpcfkLsbS0VYUwQAUDI1NkNDUlQoAP+XwY\/lEZgfcG0Exgi4J5nZFgkMuGiQFhKUln7foXlIqEex7RofPmI="}
00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":241,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649098879720,"flow_last_seen":1649098879720,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649098879720,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.180","src_port":55322,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":241,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649098879720,"flow_last_seen":1649098879720,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649098879720,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.180","src_port":55322,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00759{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":241,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1649098879720,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649098879720,"pkt":"eJS0JASgYDjgxTWgCABFoAEGd\/pAAD8RLJTAqAJkF\/i6tNgaH8IA8lmLAAvF0QAAIQAAAAAABFNOSQAcADIzLTI0OC0xODYtMTgwLmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAKkMl1gIyv+w78yvVi1\/kuox+eyErqTnp6Gof+weXkFFQUQEAEFFU0dQVUJTQQAEARJ6wuFU0FclpuLErlZIBuYOHSiMTxKbnkNZkTr3XWhuScUrr\/UN5B3XPbFSiNGAO2v5lJKJeGbxaqRfZNKmhUtFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"}
00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":241,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649098879720,"flow_last_seen":1649098879720,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649098879720,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.180","src_port":55322,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":241,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649098879720,"flow_last_seen":1649098879720,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649098879720,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.180","src_port":55322,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00759{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":242,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1649098879721,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649098879721,"pkt":"eJS0JASgYDjgxTWgCABFoAEGd\/tAAD8RLJPAqAJkF\/i6tNgaH8IA8lmLAAvF0QAAIQAAAAAABFNOSQAcADIzLTI0OC0xODYtMTgwLmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAKkMl1gIyv+w78yvVi1\/kuox+eyErqTnp6Gof+weXkFFQUQEAEFFU0dQVUJTQQAEARJ6wuFU0FclpuLErlZIBuYOHSiMTxKbnkNZkTr3XWhuScUrr\/UN5B3XPbFSiNGAO2v5lJKJeGbxaqRfZNKmhUtFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"}
00759{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":243,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1649098879721,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649098879721,"pkt":"eJS0JASgYDjgxTWgCABFoAEGd\/xAAD8RLJLAqAJkF\/i6tNgaH8IA8lmLAAvF0QAAIQAAAAAABFNOSQAcADIzLTI0OC0xODYtMTgwLmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAKkMl1gIyv+w78yvVi1\/kuox+eyErqTnp6Gof+weXkFFQUQEAEFFU0dQVUJTQQAEARJ6wuFU0FclpuLErlZIBuYOHSiMTxKbnkNZkTr3XWhuScUrr\/UN5B3XPbFSiNGAO2v5lJKJeGbxaqRfZNKmhUtFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":256,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649098909723,"flow_last_seen":1649098909723,"flow_idle_time":200000,"flow_min_l4_payload_len":233,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"flow_avg_l4_payload_len":233,"midstream":0,"thread_ts_msec":1649098909723,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.193.224","src_port":55322,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00597{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":256,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649098909723,"flow_last_seen":1649098909723,"flow_idle_time":200000,"flow_min_l4_payload_len":233,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"midstream":0,"thread_ts_msec":1649098909723,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.193.224","src_port":55322,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00755{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1649098909723,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"thread_ts_msec":1649098909723,"pkt":"eJS0JASgYDjgxTWgCABFoAEFGSNAAD8RHDfAqAJkgAHB4NgaH8IA8W8oABnDswAAIQAAAAAABFNOSQAbADEyOC0xLTE5My0yMjQuZWRnZS5hZ29yYS5pb1BETUQAAENQVE+BAE5PTkMgAAAAqSoMe28oLnTDTmFeZOxmr5z18RrVGKy0+BCCWv+4QUVBRAQAQUVTR1BVQlNBAARSVYAJA6zdDWRpxM9St9qL6qOzgsZyDxIhgwJn+9A1PzyRNecioV1qTytu3xhK7heOGRXDffzXhEsFb1T6Y89aS0VYUwQAUDI1NkNDUlQoAP+XwY\/lEZgfcG0Exgi4J5nZFgkMuGiQFhKUln7foXlIqEex7RofPmI="}
00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":256,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649098909723,"flow_last_seen":1649098909723,"flow_idle_time":200000,"flow_min_l4_payload_len":233,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"flow_avg_l4_payload_len":233,"midstream":0,"thread_ts_msec":1649098909723,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.193.224","src_port":55322,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00656{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":256,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649098909723,"flow_last_seen":1649098909723,"flow_idle_time":200000,"flow_min_l4_payload_len":233,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"midstream":0,"thread_ts_msec":1649098909723,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.193.224","src_port":55322,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00755{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1649098909723,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"thread_ts_msec":1649098909723,"pkt":"eJS0JASgYDjgxTWgCABFoAEFGSRAAD8RHDbAqAJkgAHB4NgaH8IA8W8oABnDswAAIQAAAAAABFNOSQAbADEyOC0xLTE5My0yMjQuZWRnZS5hZ29yYS5pb1BETUQAAENQVE+BAE5PTkMgAAAAqSoMe28oLnTDTmFeZOxmr5z18RrVGKy0+BCCWv+4QUVBRAQAQUVTR1BVQlNBAARSVYAJA6zdDWRpxM9St9qL6qOzgsZyDxIhgwJn+9A1PzyRNecioV1qTytu3xhK7heOGRXDffzXhEsFb1T6Y89aS0VYUwQAUDI1NkNDUlQoAP+XwY\/lEZgfcG0Exgi4J5nZFgkMuGiQFhKUln7foXlIqEex7RofPmI="}
00755{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":258,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1649098909724,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"thread_ts_msec":1649098909724,"pkt":"eJS0JASgYDjgxTWgCABFoAEFGSVAAD8RHDXAqAJkgAHB4NgaH8IA8W8oABnDswAAIQAAAAAABFNOSQAbADEyOC0xLTE5My0yMjQuZWRnZS5hZ29yYS5pb1BETUQAAENQVE+BAE5PTkMgAAAAqSoMe28oLnTDTmFeZOxmr5z18RrVGKy0+BCCWv+4QUVBRAQAQUVTR1BVQlNBAARSVYAJA6zdDWRpxM9St9qL6qOzgsZyDxIhgwJn+9A1PzyRNecioV1qTytu3xhK7heOGRXDffzXhEsFb1T6Y89aS0VYUwQAUDI1NkNDUlQoAP+XwY\/lEZgfcG0Exgi4J5nZFgkMuGiQFhKUln7foXlIqEex7RofPmI="}
00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":271,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649099059734,"flow_last_seen":1649099059734,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649099059734,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":55322,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":271,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649099059734,"flow_last_seen":1649099059734,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649099059734,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":55322,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00759{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":271,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1649099059734,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649099059734,"pkt":"eJS0JASgYDjgxTWgCABFoAEGCvBAAD8RmZ\/AqAJkF\/i6s9gaH8IA8sWMAKdi5wAAIQAAAAAABFNOSQAcADIzLTI0OC0xODYtMTc5LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAKnA1WVsO9r1ChMt0XY1\/s7+bxVQZKY84CKBGHuirkFFQUQEAEFFU0dQVUJTQQAEwPE37Uh0C9lVLegJsesdDFxpMXWkUMh\/zYukPvJ8bBbb4hy1zyNJBepECcuZCiPlqG+1po4g9g26rcDODuBErktFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"}
00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":271,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649099059734,"flow_last_seen":1649099059734,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649099059734,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":55322,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":271,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649099059734,"flow_last_seen":1649099059734,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649099059734,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":55322,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00758{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":272,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1649099059734,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649099059734,"pkt":"eJS0JASgYDjgxTWgCABFoAEGCvFAAD8RmZ7AqAJkF\/i6s9gaH8IA8sWMAKdi5wAAIQAAAAAABFNOSQAcADIzLTI0OC0xODYtMTc5LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAKnA1WVsO9r1ChMt0XY1\/s7+bxVQZKY84CKBGHuirkFFQUQEAEFFU0dQVUJTQQAEwPE37Uh0C9lVLegJsesdDFxpMXWkUMh\/zYukPvJ8bBbb4hy1zyNJBepECcuZCiPlqG+1po4g9g26rcDODuBErktFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"}
00758{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":273,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1649099059734,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649099059734,"pkt":"eJS0JASgYDjgxTWgCABFoAEGCvJAAD8RmZ3AqAJkF\/i6s9gaH8IA8sWMAKdi5wAAIQAAAAAABFNOSQAcADIzLTI0OC0xODYtMTc5LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAKnA1WVsO9r1ChMt0XY1\/s7+bxVQZKY84CKBGHuirkFFQUQEAEFFU0dQVUJTQQAEwPE37Uh0C9lVLegJsesdDFxpMXWkUMh\/zYukPvJ8bBbb4hy1zyNJBepECcuZCiPlqG+1po4g9g26rcDODuBErktFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"}
00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":286,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1649098879720,"flow_last_seen":1649098879767,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":492,"flow_tot_l4_payload_len":3117,"flow_avg_l4_payload_len":207,"midstream":0,"thread_ts_msec":1649099059780,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.180","src_port":55322,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":286,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1649098849713,"flow_last_seen":1649098849898,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":492,"flow_tot_l4_payload_len":3135,"flow_avg_l4_payload_len":209,"midstream":0,"thread_ts_msec":1649099059780,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.193.223","src_port":55322,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":286,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1649098089567,"flow_last_seen":1649098819802,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":944,"flow_tot_l4_payload_len":7165,"flow_avg_l4_payload_len":238,"midstream":0,"thread_ts_msec":1649099059780,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"104.166.161.75","src_port":55322,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":286,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":3,"flow_first_seen":1649098879720,"flow_last_seen":1649098879767,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":492,"flow_tot_l4_payload_len":3117,"midstream":0,"thread_ts_msec":1649099059780,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.180","src_port":55322,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":286,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":3,"flow_first_seen":1649098849713,"flow_last_seen":1649098849898,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":492,"flow_tot_l4_payload_len":3135,"midstream":0,"thread_ts_msec":1649099059780,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.193.223","src_port":55322,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":286,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":6,"flow_first_seen":1649098089567,"flow_last_seen":1649098819802,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":944,"flow_tot_l4_payload_len":7165,"midstream":0,"thread_ts_msec":1649099059780,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"104.166.161.75","src_port":55322,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00567{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":286,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","packets-captured":286,"packets-processed":285,"total-skipped-flows":0,"total-l4-payload-len":65673,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":18,"total-detection-updates":0,"total-updates":1,"current-active-flows":2,"total-active-flows":18,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":112,"global_ts_msec":1649336870173}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":286,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649336870173,"flow_last_seen":1649336870173,"flow_idle_time":200000,"flow_min_l4_payload_len":233,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"flow_avg_l4_payload_len":233,"midstream":0,"thread_ts_msec":1649336870173,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.193.223","src_port":47805,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00597{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":286,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649336870173,"flow_last_seen":1649336870173,"flow_idle_time":200000,"flow_min_l4_payload_len":233,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"midstream":0,"thread_ts_msec":1649336870173,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.193.223","src_port":47805,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00759{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":286,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1649336870173,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"thread_ts_msec":1649336870173,"pkt":"eJS0JASgYDjgxTWgCABFoAEFneZAAD8Rl3TAqAJkgAHB37q9H8IA8S9\/AAspDQAAIQAAAAAABFNOSQAbADEyOC0xLTE5My0yMjMuZWRnZS5hZ29yYS5pb1BETUQAAENQVE+BAE5PTkMgAAABGFQvya+GSZZFzLP9EmcPktq84Ka2wtV92C\/TcDdPQUVBRAQAQUVTR1BVQlNBAASFAA2pu76c15hPua6baGLo0ixMN8vwRYUqc\/ifFG78vI1pPMSohtWw1XeLlA8Q9eztjAFhjuBR3Q4\/us8bcbydS0VYUwQAUDI1NkNDUlQoAP+XwY\/lEZgfcG0Exgi4J5nZFgkMuGiQFhKUln7foXlIqEex7RofPmI="}
00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":286,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649336870173,"flow_last_seen":1649336870173,"flow_idle_time":200000,"flow_min_l4_payload_len":233,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"flow_avg_l4_payload_len":233,"midstream":0,"thread_ts_msec":1649336870173,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.193.223","src_port":47805,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00656{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":286,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649336870173,"flow_last_seen":1649336870173,"flow_idle_time":200000,"flow_min_l4_payload_len":233,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"midstream":0,"thread_ts_msec":1649336870173,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.193.223","src_port":47805,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00759{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":287,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1649336870173,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"thread_ts_msec":1649336870173,"pkt":"eJS0JASgYDjgxTWgCABFoAEFnedAAD8Rl3PAqAJkgAHB37q9H8IA8S9\/AAspDQAAIQAAAAAABFNOSQAbADEyOC0xLTE5My0yMjMuZWRnZS5hZ29yYS5pb1BETUQAAENQVE+BAE5PTkMgAAABGFQvya+GSZZFzLP9EmcPktq84Ka2wtV92C\/TcDdPQUVBRAQAQUVTR1BVQlNBAASFAA2pu76c15hPua6baGLo0ixMN8vwRYUqc\/ifFG78vI1pPMSohtWw1XeLlA8Q9eztjAFhjuBR3Q4\/us8bcbydS0VYUwQAUDI1NkNDUlQoAP+XwY\/lEZgfcG0Exgi4J5nZFgkMuGiQFhKUln7foXlIqEex7RofPmI="}
00759{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":288,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1649336870176,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"thread_ts_msec":1649336870176,"pkt":"eJS0JASgYDjgxTWgCABFoAEFnehAAD8Rl3LAqAJkgAHB37q9H8IA8S9\/AAspDQAAIQAAAAAABFNOSQAbADEyOC0xLTE5My0yMjMuZWRnZS5hZ29yYS5pb1BETUQAAENQVE+BAE5PTkMgAAABGFQvya+GSZZFzLP9EmcPktq84Ka2wtV92C\/TcDdPQUVBRAQAQUVTR1BVQlNBAASFAA2pu76c15hPua6baGLo0ixMN8vwRYUqc\/ifFG78vI1pPMSohtWw1XeLlA8Q9eztjAFhjuBR3Q4\/us8bcbydS0VYUwQAUDI1NkNDUlQoAP+XwY\/lEZgfcG0Exgi4J5nZFgkMuGiQFhKUln7foXlIqEex7RofPmI="}
00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":301,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649336879948,"flow_last_seen":1649336879948,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649336879948,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"202.226.25.166","src_port":47805,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":301,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649336879948,"flow_last_seen":1649336879948,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649336879948,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"202.226.25.166","src_port":47805,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00758{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":301,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1649336879948,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649336879948,"pkt":"eJS0JASgYDjgxTWgCABFoAEGMi1AAD8RYIXAqAJkyuIZprq9H8IA8k9OANTVMgAAIQAAAAAABFNOSQAcADIwMi0yMjYtMjUtMTY2LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAARheVm\/xGNkXAa1xNZ6cn0qvjdWopEZUUWf8s\/f0iUFFQUQEAEFFU0dQVUJTQQAE+soIXAdiUu8GIwli\/IgUTbAepdduPriQYSEeX7rQ80xwWJSYOHpV9skpNpuh2S8GXC5t77JsflyRwRm0127PPktFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"}
00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":301,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649336879948,"flow_last_seen":1649336879948,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649336879948,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"202.226.25.166","src_port":47805,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":301,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649336879948,"flow_last_seen":1649336879948,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649336879948,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"202.226.25.166","src_port":47805,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00758{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":302,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1649336879948,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649336879948,"pkt":"eJS0JASgYDjgxTWgCABFoAEGMi5AAD8RYITAqAJkyuIZprq9H8IA8k9OANTVMgAAIQAAAAAABFNOSQAcADIwMi0yMjYtMjUtMTY2LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAARheVm\/xGNkXAa1xNZ6cn0qvjdWopEZUUWf8s\/f0iUFFQUQEAEFFU0dQVUJTQQAE+soIXAdiUu8GIwli\/IgUTbAepdduPriQYSEeX7rQ80xwWJSYOHpV9skpNpuh2S8GXC5t77JsflyRwRm0127PPktFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"}
00758{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1649336879948,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649336879948,"pkt":"eJS0JASgYDjgxTWgCABFoAEGMi9AAD8RYIPAqAJkyuIZprq9H8IA8k9OANTVMgAAIQAAAAAABFNOSQAcADIwMi0yMjYtMjUtMTY2LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAARheVm\/xGNkXAa1xNZ6cn0qvjdWopEZUUWf8s\/f0iUFFQUQEAEFFU0dQVUJTQQAE+soIXAdiUu8GIwli\/IgUTbAepdduPriQYSEeX7rQ80xwWJSYOHpV9skpNpuh2S8GXC5t77JsflyRwRm0127PPktFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"}
00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":307,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1649099059734,"flow_last_seen":1649099059780,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":492,"flow_tot_l4_payload_len":3162,"flow_avg_l4_payload_len":210,"midstream":0,"thread_ts_msec":1649336880100,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":55322,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":307,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1649098909723,"flow_last_seen":1649098909909,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":492,"flow_tot_l4_payload_len":3103,"flow_avg_l4_payload_len":206,"midstream":0,"thread_ts_msec":1649336880100,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.193.224","src_port":55322,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":316,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649336894950,"flow_last_seen":1649336894950,"flow_idle_time":200000,"flow_min_l4_payload_len":235,"flow_max_l4_payload_len":235,"flow_tot_l4_payload_len":235,"flow_avg_l4_payload_len":235,"midstream":0,"thread_ts_msec":1649336894950,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"103.104.168.244","src_port":47805,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":307,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":3,"flow_first_seen":1649099059734,"flow_last_seen":1649099059780,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":492,"flow_tot_l4_payload_len":3162,"midstream":0,"thread_ts_msec":1649336880100,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":55322,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":307,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":3,"flow_first_seen":1649098909723,"flow_last_seen":1649098909909,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":492,"flow_tot_l4_payload_len":3103,"midstream":0,"thread_ts_msec":1649336880100,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.193.224","src_port":55322,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":316,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649336894950,"flow_last_seen":1649336894950,"flow_idle_time":200000,"flow_min_l4_payload_len":235,"flow_max_l4_payload_len":235,"flow_tot_l4_payload_len":235,"midstream":0,"thread_ts_msec":1649336894950,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"103.104.168.244","src_port":47805,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00762{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":316,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1649336894950,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":277,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":277,"pkt_l4_len":243,"thread_ts_msec":1649336894950,"pkt":"eJS0JASgYDjgxTWgCABFoAEHIDxAAD8RRqHAqAJkZ2io9Lq9H8IA8xyaAPT7iQAAIQAAAAAABFNOSQAdADEwMy0xMDQtMTY4LTI0NC5lZGdlLmFnb3JhLmlvUERNRAAAQ1BUT4EATk9OQyAAAAEYbST35dCSgu\/oSnUR68F1zmWE4lAIXeVnuX\/spWFBRUFEBABBRVNHUFVCU0EABCxrWMSJi3cMLo\/DcWomBJZiLPz9wNFAvUHb5Ktqfn+HKAOaK2+kuXH+Fid9l8Sz2DtqO3av9OcynM+pLX4g3fFLRVhTBABQMjU2Q0NSVCgA\/5fBj+URmB9wbQTGCLgnmdkWCQy4aJAWEpSWft+heUioR7HtGh8+Yg=="}
00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":316,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649336894950,"flow_last_seen":1649336894950,"flow_idle_time":200000,"flow_min_l4_payload_len":235,"flow_max_l4_payload_len":235,"flow_tot_l4_payload_len":235,"flow_avg_l4_payload_len":235,"midstream":0,"thread_ts_msec":1649336894950,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"103.104.168.244","src_port":47805,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":316,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649336894950,"flow_last_seen":1649336894950,"flow_idle_time":200000,"flow_min_l4_payload_len":235,"flow_max_l4_payload_len":235,"flow_tot_l4_payload_len":235,"midstream":0,"thread_ts_msec":1649336894950,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"103.104.168.244","src_port":47805,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00762{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":317,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1649336894951,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":277,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":277,"pkt_l4_len":243,"thread_ts_msec":1649336894951,"pkt":"eJS0JASgYDjgxTWgCABFoAEHID1AAD8RRqDAqAJkZ2io9Lq9H8IA8xyaAPT7iQAAIQAAAAAABFNOSQAdADEwMy0xMDQtMTY4LTI0NC5lZGdlLmFnb3JhLmlvUERNRAAAQ1BUT4EATk9OQyAAAAEYbST35dCSgu\/oSnUR68F1zmWE4lAIXeVnuX\/spWFBRUFEBABBRVNHUFVCU0EABCxrWMSJi3cMLo\/DcWomBJZiLPz9wNFAvUHb5Ktqfn+HKAOaK2+kuXH+Fid9l8Sz2DtqO3av9OcynM+pLX4g3fFLRVhTBABQMjU2Q0NSVCgA\/5fBj+URmB9wbQTGCLgnmdkWCQy4aJAWEpSWft+heUioR7HtGh8+Yg=="}
00763{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":318,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1649336894951,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":277,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":277,"pkt_l4_len":243,"thread_ts_msec":1649336894951,"pkt":"eJS0JASgYDjgxTWgCABFoAEHID5AAD8RRp\/AqAJkZ2io9Lq9H8IA8xyaAPT7iQAAIQAAAAAABFNOSQAdADEwMy0xMDQtMTY4LTI0NC5lZGdlLmFnb3JhLmlvUERNRAAAQ1BUT4EATk9OQyAAAAEYbST35dCSgu\/oSnUR68F1zmWE4lAIXeVnuX\/spWFBRUFEBABBRVNHUFVCU0EABCxrWMSJi3cMLo\/DcWomBJZiLPz9wNFAvUHb5Ktqfn+HKAOaK2+kuXH+Fid9l8Sz2DtqO3av9OcynM+pLX4g3fFLRVhTBABQMjU2Q0NSVCgA\/5fBj+URmB9wbQTGCLgnmdkWCQy4aJAWEpSWft+heUioR7HtGh8+Yg=="}
00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":331,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649336897978,"flow_last_seen":1649336897978,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649336897978,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"199.190.44.135","src_port":47805,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":331,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649336897978,"flow_last_seen":1649336897978,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649336897978,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"199.190.44.135","src_port":47805,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00756{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":331,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1649336897978,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649336897978,"pkt":"eJS0JASgYDjgxTWgCABFoAEGsfxAAD8R0PjAqAJkx74sh7q9H8IA8lE2AGPBagAAIQAAAAAABFNOSQAcADE5OS0xOTAtNDQtMTM1LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAARhWspSev4bzOG6wPmQQKUboN8Gv4KKtUlkLZKbYgUFFQUQEAEFFU0dQVUJTQQAE\/uPsUJ+bwmSDxeW3DfmCaDuvCSEjPerODHPdU7+ne1r1GiXACFb9BWan+QfnXj1zHCijdF+kn513z2pa56JEA0tFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"}
00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":331,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649336897978,"flow_last_seen":1649336897978,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649336897978,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"199.190.44.135","src_port":47805,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":331,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649336897978,"flow_last_seen":1649336897978,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649336897978,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"199.190.44.135","src_port":47805,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00756{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":332,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1649336897978,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649336897978,"pkt":"eJS0JASgYDjgxTWgCABFoAEGsf1AAD8R0PfAqAJkx74sh7q9H8IA8lE2AGPBagAAIQAAAAAABFNOSQAcADE5OS0xOTAtNDQtMTM1LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAARhWspSev4bzOG6wPmQQKUboN8Gv4KKtUlkLZKbYgUFFQUQEAEFFU0dQVUJTQQAE\/uPsUJ+bwmSDxeW3DfmCaDuvCSEjPerODHPdU7+ne1r1GiXACFb9BWan+QfnXj1zHCijdF+kn513z2pa56JEA0tFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"}
00756{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":333,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":1649336897978,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649336897978,"pkt":"eJS0JASgYDjgxTWgCABFoAEGsf5AAD8R0PbAqAJkx74sh7q9H8IA8lE2AGPBagAAIQAAAAAABFNOSQAcADE5OS0xOTAtNDQtMTM1LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAARhWspSev4bzOG6wPmQQKUboN8Gv4KKtUlkLZKbYgUFFQUQEAEFFU0dQVUJTQQAE\/uPsUJ+bwmSDxeW3DfmCaDuvCSEjPerODHPdU7+ne1r1GiXACFb9BWan+QfnXj1zHCijdF+kn513z2pa56JEA0tFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":346,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649336954948,"flow_last_seen":1649336954948,"flow_idle_time":200000,"flow_min_l4_payload_len":233,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"flow_avg_l4_payload_len":233,"midstream":0,"thread_ts_msec":1649336954948,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.193.224","src_port":47805,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00597{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":346,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649336954948,"flow_last_seen":1649336954948,"flow_idle_time":200000,"flow_min_l4_payload_len":233,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"midstream":0,"thread_ts_msec":1649336954948,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.193.224","src_port":47805,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00758{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1649336954948,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"thread_ts_msec":1649336954948,"pkt":"eJS0JASgYDjgxTWgCABFoAEF4wlAAD8RUlDAqAJkgAHB4Lq9H8IA8axfABWxMwAAIQAAAAAABFNOSQAbADEyOC0xLTE5My0yMjQuZWRnZS5hZ29yYS5pb1BETUQAAENQVE+BAE5PTkMgAAABGKkp\/CNorO\/XtfrOePWN81A9C9MAoawVdiTlkB5YQUVBRAQAQUVTR1BVQlNBAARS2JQLkIR0s0U+a9LbirTcsZ9Vc9wcY7Rv6+\/oeg89wuq8mG2Fa8SOZxeJGZ5O5HkduxX+YHHWArj227MAvDIiS0VYUwQAUDI1NkNDUlQoAP+XwY\/lEZgfcG0Exgi4J5nZFgkMuGiQFhKUln7foXlIqEex7RofPmI="}
00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":346,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649336954948,"flow_last_seen":1649336954948,"flow_idle_time":200000,"flow_min_l4_payload_len":233,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"flow_avg_l4_payload_len":233,"midstream":0,"thread_ts_msec":1649336954948,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.193.224","src_port":47805,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00656{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":346,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649336954948,"flow_last_seen":1649336954948,"flow_idle_time":200000,"flow_min_l4_payload_len":233,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"midstream":0,"thread_ts_msec":1649336954948,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.193.224","src_port":47805,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00759{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1649336954948,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"thread_ts_msec":1649336954948,"pkt":"eJS0JASgYDjgxTWgCABFoAEF4wpAAD8RUk\/AqAJkgAHB4Lq9H8IA8axfABWxMwAAIQAAAAAABFNOSQAbADEyOC0xLTE5My0yMjQuZWRnZS5hZ29yYS5pb1BETUQAAENQVE+BAE5PTkMgAAABGKkp\/CNorO\/XtfrOePWN81A9C9MAoawVdiTlkB5YQUVBRAQAQUVTR1BVQlNBAARS2JQLkIR0s0U+a9LbirTcsZ9Vc9wcY7Rv6+\/oeg89wuq8mG2Fa8SOZxeJGZ5O5HkduxX+YHHWArj227MAvDIiS0VYUwQAUDI1NkNDUlQoAP+XwY\/lEZgfcG0Exgi4J5nZFgkMuGiQFhKUln7foXlIqEex7RofPmI="}
00758{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":348,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1649336954949,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"thread_ts_msec":1649336954949,"pkt":"eJS0JASgYDjgxTWgCABFoAEF4wtAAD8RUk7AqAJkgAHB4Lq9H8IA8axfABWxMwAAIQAAAAAABFNOSQAbADEyOC0xLTE5My0yMjQuZWRnZS5hZ29yYS5pb1BETUQAAENQVE+BAE5PTkMgAAABGKkp\/CNorO\/XtfrOePWN81A9C9MAoawVdiTlkB5YQUVBRAQAQUVTR1BVQlNBAARS2JQLkIR0s0U+a9LbirTcsZ9Vc9wcY7Rv6+\/oeg89wuq8mG2Fa8SOZxeJGZ5O5HkduxX+YHHWArj227MAvDIiS0VYUwQAUDI1NkNDUlQoAP+XwY\/lEZgfcG0Exgi4J5nZFgkMuGiQFhKUln7foXlIqEex7RofPmI="}
00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":361,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649336960165,"flow_last_seen":1649336960165,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649336960165,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":47805,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":361,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649336960165,"flow_last_seen":1649336960165,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649336960165,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":47805,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00757{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":361,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1649336960165,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649336960165,"pkt":"eJS0JASgYDjgxTWgCABFoAEGpW5AAD8R\/yDAqAJkF\/i6s7q9H8IA8oQKAESwUAAAIQAAAAAABFNOSQAcADIzLTI0OC0xODYtMTc5LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAARivCCej2aaoROMARk9sMb0XKldVwG681Q77zoC7SEFFQUQEAEFFU0dQVUJTQQAE5YgDI5g5+QGR1stX7QhavuK7KqX6oED0uD4Fc2TkyI7XxLsWQr7+f4R1SzrhxtNatAeysc511jU5dmeO5Y1oxktFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"}
00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":361,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649336960165,"flow_last_seen":1649336960165,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649336960165,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":47805,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":361,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649336960165,"flow_last_seen":1649336960165,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649336960165,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":47805,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00758{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1649336960166,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649336960166,"pkt":"eJS0JASgYDjgxTWgCABFoAEGpW9AAD8R\/x\/AqAJkF\/i6s7q9H8IA8oQKAESwUAAAIQAAAAAABFNOSQAcADIzLTI0OC0xODYtMTc5LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAARivCCej2aaoROMARk9sMb0XKldVwG681Q77zoC7SEFFQUQEAEFFU0dQVUJTQQAE5YgDI5g5+QGR1stX7QhavuK7KqX6oED0uD4Fc2TkyI7XxLsWQr7+f4R1SzrhxtNatAeysc511jU5dmeO5Y1oxktFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"}
00757{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":363,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_last_seen":1649336960166,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649336960166,"pkt":"eJS0JASgYDjgxTWgCABFoAEGpXBAAD8R\/x7AqAJkF\/i6s7q9H8IA8oQKAESwUAAAIQAAAAAABFNOSQAcADIzLTI0OC0xODYtMTc5LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAARivCCej2aaoROMARk9sMb0XKldVwG681Q77zoC7SEFFQUQEAEFFU0dQVUJTQQAE5YgDI5g5+QGR1stX7QhavuK7KqX6oED0uD4Fc2TkyI7XxLsWQr7+f4R1SzrhxtNatAeysc511jU5dmeO5Y1oxktFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":376,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649336960225,"flow_last_seen":1649336960225,"flow_idle_time":200000,"flow_min_l4_payload_len":233,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"flow_avg_l4_payload_len":233,"midstream":0,"thread_ts_msec":1649336960225,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.193.223","src_port":55094,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00597{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":376,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649336960225,"flow_last_seen":1649336960225,"flow_idle_time":200000,"flow_min_l4_payload_len":233,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"midstream":0,"thread_ts_msec":1649336960225,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.193.223","src_port":55094,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00757{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":376,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1649336960225,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"thread_ts_msec":1649336960225,"pkt":"eJS0JASgYDjgxTWgCABFoAEFndlAAD8Rl4HAqAJkgAHB39c2H8IA8ZOLAOX2hQAAIQAAAAAABFNOSQAbADEyOC0xLTE5My0yMjMuZWRnZS5hZ29yYS5pb1BETUQAAENQVE+BAE5PTkMgAAABGFS\/AsDN3E0MNs1Tty30iNlSbZLZAsCEHJVAePrqQUVBRAQAQUVTR1BVQlNBAAQqYroImCQdoRbDik\/ymuTlszSH0nDax6AHnZ1weDXnkcuKbi1RntRVdWy9AbKpXFvYI3K9BK3zZkKCIaTC3smwS0VYUwQAUDI1NkNDUlQoAP+XwY\/lEZgfcG0Exgi4J5nZFgkMuGiQFhKUln7foXlIqEex7RofPmI="}
00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":376,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649336960225,"flow_last_seen":1649336960225,"flow_idle_time":200000,"flow_min_l4_payload_len":233,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"flow_avg_l4_payload_len":233,"midstream":0,"thread_ts_msec":1649336960225,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.193.223","src_port":55094,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00656{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":376,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649336960225,"flow_last_seen":1649336960225,"flow_idle_time":200000,"flow_min_l4_payload_len":233,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"midstream":0,"thread_ts_msec":1649336960225,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.193.223","src_port":55094,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00757{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":377,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1649336960225,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"thread_ts_msec":1649336960225,"pkt":"eJS0JASgYDjgxTWgCABFoAEFndpAAD8Rl4DAqAJkgAHB39c2H8IA8ZOLAOX2hQAAIQAAAAAABFNOSQAbADEyOC0xLTE5My0yMjMuZWRnZS5hZ29yYS5pb1BETUQAAENQVE+BAE5PTkMgAAABGFS\/AsDN3E0MNs1Tty30iNlSbZLZAsCEHJVAePrqQUVBRAQAQUVTR1BVQlNBAAQqYroImCQdoRbDik\/ymuTlszSH0nDax6AHnZ1weDXnkcuKbi1RntRVdWy9AbKpXFvYI3K9BK3zZkKCIaTC3smwS0VYUwQAUDI1NkNDUlQoAP+XwY\/lEZgfcG0Exgi4J5nZFgkMuGiQFhKUln7foXlIqEex7RofPmI="}
00758{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":378,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1649336960225,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"thread_ts_msec":1649336960225,"pkt":"eJS0JASgYDjgxTWgCABFoAEFndtAAD8Rl3\/AqAJkgAHB39c2H8IA8ZOLAOX2hQAAIQAAAAAABFNOSQAbADEyOC0xLTE5My0yMjMuZWRnZS5hZ29yYS5pb1BETUQAAENQVE+BAE5PTkMgAAABGFS\/AsDN3E0MNs1Tty30iNlSbZLZAsCEHJVAePrqQUVBRAQAQUVTR1BVQlNBAAQqYroImCQdoRbDik\/ymuTlszSH0nDax6AHnZ1weDXnkcuKbi1RntRVdWy9AbKpXFvYI3K9BK3zZkKCIaTC3smwS0VYUwQAUDI1NkNDUlQoAP+XwY\/lEZgfcG0Exgi4J5nZFgkMuGiQFhKUln7foXlIqEex7RofPmI="}
00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":386,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649336965165,"flow_last_seen":1649336965165,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649336965165,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.180","src_port":47805,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":386,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649336965165,"flow_last_seen":1649336965165,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649336965165,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.180","src_port":47805,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00757{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":386,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1649336965165,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649336965165,"pkt":"eJS0JASgYDjgxTWgCABFoAEGAFRAAD8RpDrAqAJkF\/i6tLq9H8IA8ukWAHKNlwAAIQAAAAAABFNOSQAcADIzLTI0OC0xODYtMTgwLmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAARi0N1CFxirRT+Qnnrz\/pyBDu6aGfdoDtspPZ5eKK0FFQUQEAEFFU0dQVUJTQQAE3Cx8VYdzNil7sFRPDWbBkTVwDhDpZB0H1ndvXVYUqBYfSWs33e8hvSgcWboTgtdnoWm6BanWQW5l3Pfuz5zOwktFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"}
00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":386,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649336965165,"flow_last_seen":1649336965165,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649336965165,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.180","src_port":47805,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":386,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649336965165,"flow_last_seen":1649336965165,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649336965165,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.180","src_port":47805,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00757{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":387,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1649336965165,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649336965165,"pkt":"eJS0JASgYDjgxTWgCABFoAEGAFVAAD8RpDnAqAJkF\/i6tLq9H8IA8ukWAHKNlwAAIQAAAAAABFNOSQAcADIzLTI0OC0xODYtMTgwLmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAARi0N1CFxirRT+Qnnrz\/pyBDu6aGfdoDtspPZ5eKK0FFQUQEAEFFU0dQVUJTQQAE3Cx8VYdzNil7sFRPDWbBkTVwDhDpZB0H1ndvXVYUqBYfSWs33e8hvSgcWboTgtdnoWm6BanWQW5l3Pfuz5zOwktFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"}
00757{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":388,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1649336965166,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649336965166,"pkt":"eJS0JASgYDjgxTWgCABFoAEGAFZAAD8RpDjAqAJkF\/i6tLq9H8IA8ukWAHKNlwAAIQAAAAAABFNOSQAcADIzLTI0OC0xODYtMTgwLmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAARi0N1CFxirRT+Qnnrz\/pyBDu6aGfdoDtspPZ5eKK0FFQUQEAEFFU0dQVUJTQQAE3Cx8VYdzNil7sFRPDWbBkTVwDhDpZB0H1ndvXVYUqBYfSWs33e8hvSgcWboTgtdnoWm6BanWQW5l3Pfuz5zOwktFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"}
00567{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":401,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","packets-captured":401,"packets-processed":400,"total-skipped-flows":0,"total-l4-payload-len":94737,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":26,"total-detection-updates":0,"total-updates":1,"current-active-flows":8,"total-active-flows":26,"total-idle-flows":18,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":155,"global_ts_msec":1649337802272}
00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":403,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1649336960225,"flow_last_seen":1649336960225,"flow_idle_time":200000,"flow_min_l4_payload_len":233,"flow_max_l4_payload_len":498,"flow_tot_l4_payload_len":4167,"flow_avg_l4_payload_len":416,"midstream":0,"thread_ts_msec":1649337802273,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.193.223","src_port":55094,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":403,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1649336897978,"flow_last_seen":1649337802273,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":4212,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649337802273,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"199.190.44.135","src_port":47805,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":403,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1649336965165,"flow_last_seen":1649336968493,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":3510,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649337802273,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.180","src_port":47805,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":403,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1649336960165,"flow_last_seen":1649336960225,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":492,"flow_tot_l4_payload_len":3290,"flow_avg_l4_payload_len":219,"midstream":0,"thread_ts_msec":1649337802273,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":47805,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":403,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1649336894950,"flow_last_seen":1649336897978,"flow_idle_time":200000,"flow_min_l4_payload_len":235,"flow_max_l4_payload_len":235,"flow_tot_l4_payload_len":3525,"flow_avg_l4_payload_len":235,"midstream":0,"thread_ts_msec":1649337802273,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"103.104.168.244","src_port":47805,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":403,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1649336954948,"flow_last_seen":1649336955151,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":492,"flow_tot_l4_payload_len":3288,"flow_avg_l4_payload_len":219,"midstream":0,"thread_ts_msec":1649337802273,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.193.224","src_port":47805,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":403,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1649336870173,"flow_last_seen":1649336870432,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":492,"flow_tot_l4_payload_len":3490,"flow_avg_l4_payload_len":232,"midstream":0,"thread_ts_msec":1649337802273,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.193.223","src_port":47805,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":403,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1649336879948,"flow_last_seen":1649336882923,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":492,"flow_tot_l4_payload_len":4284,"flow_avg_l4_payload_len":285,"midstream":0,"thread_ts_msec":1649337802273,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"202.226.25.166","src_port":47805,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":403,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":7,"flow_first_seen":1649336960225,"flow_last_seen":1649336960225,"flow_idle_time":200000,"flow_min_l4_payload_len":233,"flow_max_l4_payload_len":498,"flow_tot_l4_payload_len":4167,"midstream":0,"thread_ts_msec":1649337802273,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.193.223","src_port":55094,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":403,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":0,"flow_first_seen":1649336897978,"flow_last_seen":1649337802273,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":4212,"midstream":0,"thread_ts_msec":1649337802273,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"199.190.44.135","src_port":47805,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":403,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":0,"flow_first_seen":1649336965165,"flow_last_seen":1649336968493,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":3510,"midstream":0,"thread_ts_msec":1649337802273,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.180","src_port":47805,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":403,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":3,"flow_first_seen":1649336960165,"flow_last_seen":1649336960225,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":492,"flow_tot_l4_payload_len":3290,"midstream":0,"thread_ts_msec":1649337802273,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":47805,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":403,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":0,"flow_first_seen":1649336894950,"flow_last_seen":1649336897978,"flow_idle_time":200000,"flow_min_l4_payload_len":235,"flow_max_l4_payload_len":235,"flow_tot_l4_payload_len":3525,"midstream":0,"thread_ts_msec":1649337802273,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"103.104.168.244","src_port":47805,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":403,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":3,"flow_first_seen":1649336954948,"flow_last_seen":1649336955151,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":492,"flow_tot_l4_payload_len":3288,"midstream":0,"thread_ts_msec":1649337802273,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.193.224","src_port":47805,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":403,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":3,"flow_first_seen":1649336870173,"flow_last_seen":1649336870432,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":492,"flow_tot_l4_payload_len":3490,"midstream":0,"thread_ts_msec":1649337802273,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.193.223","src_port":47805,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":403,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":3,"flow_first_seen":1649336879948,"flow_last_seen":1649336882923,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":492,"flow_tot_l4_payload_len":4284,"midstream":0,"thread_ts_msec":1649337802273,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"202.226.25.166","src_port":47805,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}}
00569{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":403,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","packets-captured":403,"packets-processed":403,"total-skipped-flows":0,"total-l4-payload-len":95439,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":26,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":26,"total-idle-flows":26,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":164,"global_ts_msec":1649337802273}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 403/403
@@ -170,8 +170,8 @@
~~ total active/idle flows...: 26/26
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6041264 bytes
~~ total memory freed........: 6041264 bytes
~~ total memory allocated....: 6041472 bytes
~~ total memory freed........: 6041472 bytes
~~ total allocations/frees...: 121379/121379
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 468 chars

16
test/results/ah.pcapng.out
View File

@@ -1,16 +1,16 @@
00455{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ah.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00544{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"ah.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1587338929051}
00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ah.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587338929051,"flow_last_seen":1587338929051,"flow_idle_time":200000,"flow_min_l4_payload_len":358,"flow_max_l4_payload_len":358,"flow_tot_l4_payload_len":358,"flow_avg_l4_payload_len":358,"midstream":0,"thread_ts_msec":1587338929051,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","src_port":500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ah.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587338929051,"flow_last_seen":1587338929051,"flow_idle_time":200000,"flow_min_l4_payload_len":358,"flow_max_l4_payload_len":358,"flow_tot_l4_payload_len":358,"midstream":0,"thread_ts_msec":1587338929051,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","src_port":500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00912{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ah.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1587338929051,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":400,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":400,"pkt_l4_len":366,"thread_ts_msec":1587338929051,"pkt":"qrvMAAMQqrvMAAIQCABFwAGCAJ4AAP8RngIKAgMCCgMEBAH0AfQBbieYHBhp9tKboMwAAAAAAAAAACEgIggAAAAAAAABZiIAADAAAAAsAQEABAMAAAwBAAAMgA4BAAMAAAgCAAAGAwAACAMAAA0AAAAIBAAAFCgAAGgAFAAAop90y3jHmNMWVGIbNRerOVFzMP5JoRLlIVT+uGcaHcUDAfZ9agub4v3ifShq9iAjKtd\/XZoIX76e0SSPXecxSXzgS1HJOpsJtzfXg96dFLBFkvBpXPHiUb1T29i2BXzdKwAAJGy943MOgVw+17TTE3RGnNSeH1Br3ZzttJxYzZbae2KMKwAAF0NJU0NPLURFTEVURS1SRUFTT04rAAATQ0lTQ09WUE4tUkVWLTAyKwAAF0NJU0NPLURZTkFNSUMtUk9VVEUpAAAVRkxFWFZQTi1TVVBQT1JURUQpAAAcAABABCNvuAsA4SMheroNDIs0se1c2REJAAAAHAAAQAUSA9ZB8IS5r14gXhydhU2hTnWD2w=="}
00618{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"ah.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587338929051,"flow_last_seen":1587338929051,"flow_idle_time":200000,"flow_min_l4_payload_len":358,"flow_max_l4_payload_len":358,"flow_tot_l4_payload_len":358,"flow_avg_l4_payload_len":358,"midstream":0,"thread_ts_msec":1587338929051,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","src_port":500,"dst_port":500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}}
00623{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"ah.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587338929051,"flow_last_seen":1587338929051,"flow_idle_time":200000,"flow_min_l4_payload_len":358,"flow_max_l4_payload_len":358,"flow_tot_l4_payload_len":358,"midstream":0,"thread_ts_msec":1587338929051,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","src_port":500,"dst_port":500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}}
00912{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ah.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1587338929058,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":400,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":400,"pkt_l4_len":366,"thread_ts_msec":1587338929058,"pkt":"qrvMAAIQqrvMAAMQCABFwAGCAJUAAP4RnwsKAwQECgIDAgH0AfQBbpMTHBhp9tKboMxXKornVXrZ7CEgIiAAAAAAAAABZiIAADAAAAAsAQEABAMAAAwBAAAMgA4BAAMAAAgCAAAGAwAACAMAAA0AAAAIBAAAFCgAAGgAFAAA3\/NdSHtjsuV9lwu7r3PG72M7PTs97w7W7XWrjiKy83GusQxHzpqo7SyUw6CdLyZlI6GlvRXFFZQ37DazOAEOXk0lG8t6jBRQFWWSD0tGhA1+E9jC73KPJu4MHQQrp0dlKwAAJMsSzp7FMBmLLwjNerQt3fDJwl4MLQ75rKamBuCoU9JFKwAAF0NJU0NPLURFTEVURS1SRUFTT04rAAATQ0lTQ09WUE4tUkVWLTAyKwAAF0NJU0NPLURZTkFNSUMtUk9VVEUpAAAVRkxFWFZQTi1TVVBQT1JURUQpAAAcAABABLSbKQHg76sTvA2s+iqtHO17zN+1AAAAHAAAQAXEF0AGtBGCSamsYpymSQTNLPEeng=="}
00876{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ah.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1587338929067,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":370,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":370,"pkt_l4_len":336,"thread_ts_msec":1587338929067,"pkt":"qrvMAAMQqrvMAAIQCABFwAFkAJ8AAP8Rnh8KAgMCCgMEBAH0AfQBUGzjHBhp9tKboMxXKornVXrZ7C4gIwgAAAABAAABSCsAASyBDTrs2Pxvpq7JTnlskHs3y\/lcA4L2kN8fdzJ8fVpYrZTlpuZPtrueSIpYdb+qQTDV2NvMTrxEqmRiytNcmsMUgiqFEXykJmS3P10k8AYBydJ7jb5c3eyLXb1Xq+36+2tgOS1TpUTMh9FvAJkjDZuy9dxuXzbWMy9Bia4cikOr17km8gYu1TAmwh\/g9n514pWnNcM6640AaIdVe6A4QpHHMQEvu1nLtY9OQj13tjKJXcfVHJL\/tVSVAMUi+K5X3aJOMKyYeZBbVZrNRi8RFtvjXQRLRPFCTuUeShJfFRDznRua5syxQXi+6dd5t3q5F806SIRRAk975bBTw\/\/FxVkvix8dHReWdnoNuDuSDSHK8wVobcjOktkOzVZUVL8vxTTf4rHWn7VO+g=="}
00535{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"ah.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587338931051,"flow_last_seen":1587338931051,"flow_idle_time":620000,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":104,"midstream":0,"thread_ts_msec":1587338931051,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","l4_proto":51,"flow_datalink":1,"flow_max_packets":3}
00540{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"ah.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587338931051,"flow_last_seen":1587338931051,"flow_idle_time":620000,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"midstream":0,"thread_ts_msec":1587338931051,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","l4_proto":51,"flow_datalink":1,"flow_max_packets":3}
00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"ah.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1587338931051,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_msec":1587338931051,"pkt":"qrvMAAMQqrvMAAIQCABFAAB8ABMAAP8zoDEKAgMCCgMEBAEEAABgSBb2AAAAAecyq6zhxgBG7sZB7QgAZwQABQABAAAAAAAUFyyrzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavN"}
00585{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"ah.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587338931051,"flow_last_seen":1587338931051,"flow_idle_time":620000,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":104,"midstream":0,"thread_ts_msec":1587338931051,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","l4_proto":51,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}}
00590{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"ah.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587338931051,"flow_last_seen":1587338931051,"flow_idle_time":620000,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"midstream":0,"thread_ts_msec":1587338931051,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","l4_proto":51,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}}
00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"ah.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1587338931051,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_msec":1587338931051,"pkt":"qrvMAAIQqrvMAAMQCABFAAB8ABMAAP4zoTEKAwQECgIDAgEEAACvhoPvAAAAAQLuLdf7aFTxy+gQnAAAbwQABQABAAAAAAAUFyyrzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavN"}
00658{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"ah.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1587338929051,"flow_last_seen":1587338929075,"flow_idle_time":200000,"flow_min_l4_payload_len":280,"flow_max_l4_payload_len":358,"flow_tot_l4_payload_len":1324,"flow_avg_l4_payload_len":331,"midstream":0,"thread_ts_msec":1587338931051,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","src_port":500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}}
00624{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"ah.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587338931051,"flow_last_seen":1587338931051,"flow_idle_time":620000,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":104,"midstream":0,"thread_ts_msec":1587338931051,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","l4_proto":51,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}}
00663{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"ah.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1587338929051,"flow_last_seen":1587338929075,"flow_idle_time":200000,"flow_min_l4_payload_len":280,"flow_max_l4_payload_len":358,"flow_tot_l4_payload_len":1324,"midstream":0,"thread_ts_msec":1587338931051,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","src_port":500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}}
00629{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"ah.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587338931051,"flow_last_seen":1587338931051,"flow_idle_time":620000,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":208,"midstream":0,"thread_ts_msec":1587338931051,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","l4_proto":51,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}}
00550{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"ah.pcapng","alias":"nDPId-test","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":1532,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_msec":1587338931051}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 6/6
@@ -20,8 +20,8 @@
~~ total active/idle flows...: 2/2
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6004311 bytes
~~ total memory freed........: 6004311 bytes
~~ total memory allocated....: 6004327 bytes
~~ total memory freed........: 6004327 bytes
~~ total allocations/frees...: 120886/120886
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 460 chars

32
test/results/aimini-http.pcap.out
View File

@@ -1,29 +1,29 @@
00462{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"aimini-http.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00551{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"aimini-http.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1614860228394}
00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614860229383,"flow_last_seen":1614860229383,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614860229383,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28501,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614860229383,"flow_last_seen":1614860229383,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614860229383,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28501,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1614860229383,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614860229383,"pkt":"5kBKB+riApXG95NLCABFAAAwBPkAAIAGAAAKZQACCmYAAm9VAFCbu4XRAAAAAHACgAEU8QAAAgQFtAMDAQA="}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1614860229383,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614860229383,"pkt":"ApXG95WRWgXZu6TVCABFAAAwBPkAAH8GIgEKZQACCmYAAm9VAFCbu4XRAAAAAHACgAFeHQAAAgQFtAMDAQA="}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1614860229384,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614860229384,"pkt":"WgXZu6TVApXG95WRCABFAAAwBQQAAIAGAAAKZgACCmUAAgBQb1Wbu5n7m7uF0nASgAEU8QAAAgQFtAMDAQA="}
00854{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1614860229383,"flow_last_seen":1614860229384,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":595,"flow_tot_l4_payload_len":595,"flow_avg_l4_payload_len":99,"midstream":0,"thread_ts_msec":1614860229384,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28501,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Aimini","breed":"Fun","category":"Download"},"http": {"hostname":"www.aimini.net","url":"www.aimini.net\/member\/signup\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.17) Gecko\/20110420 Firefox\/3.6.17"}}
00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614860229385,"flow_last_seen":1614860229385,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614860229385,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28502,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00860{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1614860229383,"flow_last_seen":1614860229384,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":595,"flow_tot_l4_payload_len":595,"midstream":0,"thread_ts_msec":1614860229384,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28501,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Aimini","breed":"Fun","category":"Download"},"http": {"hostname":"www.aimini.net","url":"www.aimini.net\/member\/signup\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.17) Gecko\/20110420 Firefox\/3.6.17"}}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614860229385,"flow_last_seen":1614860229385,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614860229385,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28502,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1614860229385,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614860229385,"pkt":"5kBKB+riApXG95NLCABFAAAwBP8AAIAGAAAKZQACCmYAAm9WAFCbu7tlAAAAAHACgAEU8QAAAgQFtAMDAQA="}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1614860229386,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614860229386,"pkt":"ApXG95WRWgXZu6TVCABFAAAwBP8AAH8GIfsKZQACCmYAAm9WAFCbu7tlAAAAAHACgAEoiAAAAgQFtAMDAQA="}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1614860229386,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614860229386,"pkt":"WgXZu6TVApXG95WRCABFAAAwBQ0AAIAGAAAKZgACCmUAAgBQb1abu8Cxm7u7ZnASgAEU8QAAAgQFtAMDAQA="}
00956{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1614860229385,"flow_last_seen":1614860229386,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":524,"flow_tot_l4_payload_len":524,"flow_avg_l4_payload_len":87,"midstream":0,"thread_ts_msec":1614860229386,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28502,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Aimini","breed":"Fun","category":"Download"},"http": {"hostname":"www.aimini.com","url":"www.aimini.com\/webcounter\/w.php?___hm=.net_SignUp_&_lh_=http:\/\/www.aimini.net\/member\/signup\/&__Refer_=http:\/\/www.aimini.net\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.17) Gecko\/20110420 Firefox\/3.6.17"}}
00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":95,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614860229388,"flow_last_seen":1614860229388,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614860229388,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28503,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00962{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1614860229385,"flow_last_seen":1614860229386,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":524,"flow_tot_l4_payload_len":524,"midstream":0,"thread_ts_msec":1614860229386,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28502,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Aimini","breed":"Fun","category":"Download"},"http": {"hostname":"www.aimini.com","url":"www.aimini.com\/webcounter\/w.php?___hm=.net_SignUp_&_lh_=http:\/\/www.aimini.net\/member\/signup\/&__Refer_=http:\/\/www.aimini.net\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.17) Gecko\/20110420 Firefox\/3.6.17"}}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":95,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614860229388,"flow_last_seen":1614860229388,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614860229388,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28503,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1614860229388,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614860229388,"pkt":"5kBKB+riApXG95NLCABFAAAwBREAAIAGAAAKZQACCmYAAm9XAFCbu+drAAAAAHACgAEU8QAAAgQFtAMDAQA="}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1614860229389,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614860229389,"pkt":"ApXG95WRWgXZu6TVCABFAAAwBREAAH8GIekKZQACCmYAAm9XAFCbu+drAAAAAHACgAH8gAAAAgQFtAMDAQA="}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1614860229389,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614860229389,"pkt":"WgXZu6TVApXG95WRCABFAAAwBRkAAIAGAAAKZgACCmUAAgBQb1ebu+vKm7vnbHASgAEU8QAAAgQFtAMDAQA="}
00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":102,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1614860229388,"flow_last_seen":1614860229389,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":604,"flow_tot_l4_payload_len":604,"flow_avg_l4_payload_len":100,"midstream":0,"thread_ts_msec":1614860229389,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28503,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Aimini","breed":"Fun","category":"Download"},"http": {"hostname":"www.aimini.net","url":"www.aimini.net\/search\/?q=pictures&sca=","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.17) Gecko\/20110420 Firefox\/3.6.17"}}
00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":119,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614860229389,"flow_last_seen":1614860229389,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614860229389,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28504,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00869{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":102,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1614860229388,"flow_last_seen":1614860229389,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":604,"flow_tot_l4_payload_len":604,"midstream":0,"thread_ts_msec":1614860229389,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28503,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Aimini","breed":"Fun","category":"Download"},"http": {"hostname":"www.aimini.net","url":"www.aimini.net\/search\/?q=pictures&sca=","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.17) Gecko\/20110420 Firefox\/3.6.17"}}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":119,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614860229389,"flow_last_seen":1614860229389,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614860229389,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28504,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1614860229389,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614860229389,"pkt":"5kBKB+riApXG95NLCABFAAAwBRcAAIAGAAAKZQACCmYAAm9YAFCbu\/hqAAAAAHACgAEU8QAAAgQFtAMDAQA="}
00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":127,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1614860229390,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614860229390,"pkt":"ApXG95WRWgXZu6TVCABFAAAwBRcAAH8GIeMKZQACCmYAAm9YAFCbu\/hqAAAAAHACgAHrgAAAAgQFtAMDAQA="}
00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1614860229390,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614860229390,"pkt":"WgXZu6TVApXG95WRCABFAAAwBSIAAIAGAAAKZgACCmUAAgBQb1ibu\/tYm7v4a3ASgAEU8QAAAgQFtAMDAQA="}
00965{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":132,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1614860229389,"flow_last_seen":1614860229390,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":542,"flow_tot_l4_payload_len":542,"flow_avg_l4_payload_len":90,"midstream":0,"thread_ts_msec":1614860229390,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28504,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Aimini","breed":"Fun","category":"Download"},"http": {"hostname":"www.aimini.com","url":"www.aimini.com\/webcounter\/w.php?___hm=.net_Search_&_lh_=http:\/\/www.aimini.net\/search\/?q=pictures&sca=&__Refer_=http:\/\/www.aimini.net\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.17) Gecko\/20110420 Firefox\/3.6.17"}}
00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":139,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":72,"flow_first_seen":1614860229383,"flow_last_seen":1614860229388,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":60714,"flow_avg_l4_payload_len":843,"midstream":0,"thread_ts_msec":1614860229390,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28501,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Aimini","breed":"Fun","category":"Download"}}
00681{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":139,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1614860229385,"flow_last_seen":1614860229388,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":531,"flow_tot_l4_payload_len":3194,"flow_avg_l4_payload_len":177,"midstream":0,"thread_ts_msec":1614860229390,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28502,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Aimini","breed":"Fun","category":"Download"}}
00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":139,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1614860229388,"flow_last_seen":1614860229390,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":13568,"flow_avg_l4_payload_len":452,"midstream":0,"thread_ts_msec":1614860229390,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28503,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Aimini","breed":"Fun","category":"Download"}}
00681{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":139,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1614860229389,"flow_last_seen":1614860229390,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":542,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":127,"midstream":0,"thread_ts_msec":1614860229390,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28504,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Aimini","breed":"Fun","category":"Download"}}
00971{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":132,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1614860229389,"flow_last_seen":1614860229390,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":542,"flow_tot_l4_payload_len":542,"midstream":0,"thread_ts_msec":1614860229390,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28504,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Aimini","breed":"Fun","category":"Download"},"http": {"hostname":"www.aimini.com","url":"www.aimini.com\/webcounter\/w.php?___hm=.net_Search_&_lh_=http:\/\/www.aimini.net\/search\/?q=pictures&sca=&__Refer_=http:\/\/www.aimini.net\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.17) Gecko\/20110420 Firefox\/3.6.17"}}
00689{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":139,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":38,"flow_dst_packets_processed":34,"flow_first_seen":1614860229383,"flow_last_seen":1614860229388,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":60714,"midstream":0,"thread_ts_msec":1614860229390,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28501,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Aimini","breed":"Fun","category":"Download"}}
00686{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":139,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":8,"flow_first_seen":1614860229385,"flow_last_seen":1614860229388,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":531,"flow_tot_l4_payload_len":3194,"midstream":0,"thread_ts_msec":1614860229390,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28502,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Aimini","breed":"Fun","category":"Download"}}
00689{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":139,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":18,"flow_first_seen":1614860229388,"flow_last_seen":1614860229390,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":13568,"midstream":0,"thread_ts_msec":1614860229390,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28503,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Aimini","breed":"Fun","category":"Download"}}
00685{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":139,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":5,"flow_first_seen":1614860229389,"flow_last_seen":1614860229390,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":542,"flow_tot_l4_payload_len":1654,"midstream":0,"thread_ts_msec":1614860229390,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28504,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Aimini","breed":"Fun","category":"Download"}}
00564{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":139,"source":"aimini-http.pcap","alias":"nDPId-test","packets-captured":139,"packets-processed":133,"total-skipped-flows":0,"total-l4-payload-len":79130,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":27,"global_ts_msec":1614860229390}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 139/133
@@ -33,10 +33,10 @@
~~ total active/idle flows...: 4/4
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6010950 bytes
~~ total memory freed........: 6010950 bytes
~~ total memory allocated....: 6010982 bytes
~~ total memory freed........: 6010982 bytes
~~ total allocations/frees...: 121037/121037
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 467 chars
~~ json string max len.......: 970 chars
~~ json string avg len.......: 717 chars
~~ json string max len.......: 976 chars
~~ json string avg len.......: 720 chars

16
test/results/ajp.pcap.out
View File

@@ -1,12 +1,12 @@
00454{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ajp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00543{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"ajp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1505154584447}
00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1505154584447,"flow_last_seen":1505154584447,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1505154584447,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1505154584447,"flow_last_seen":1505154584447,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1505154584447,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1505154584447,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_msec":1505154584447,"pkt":"AFBWg47zAFBWg11YgQAABwgARQAAPLLIQABABhyUrB0JkqwdCZOXyB9JcsXbLwAAAACgAjkI5g0AAAIEBbQEAggKTpxp5wAAAAABAwMH"}
00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1505154584447,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_msec":1505154584447,"pkt":"AFBWg11YAFBWg47zgQAABwgARQAAPAAAQABABs9crB0Jk6wdCZIfSZfIk6AuuHLF2zCgEjiQFewAAAIEBbQEAggKHlfv2E6caecBAwMH"}
00197{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":3,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":1505154584447}
00392{"packet_event_id":1,"packet_event_name":"packet","packet_id":3,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":1505154584447,"pkt":"Agq9AAAAAgq8AAAAiQNAIABQVoNdWABQVoOO84EAAAcIAEUAADwAAEAAQAbPXKwdCZOsHQmSH0mXyJOgLrhyxdswoBI4kBXsAAACBAW0BAIICh5X79hOnGnnAQMDBw=="}
00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1505154584447,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_msec":1505154584447,"pkt":"AFBWg47zAFBWg11YgQAABwgARQAANLLJQABABhybrB0JkqwdCZOXyB9JcsXbMJOgLrmAEABzfNQAAAEBCApOnGnoHlfv2A=="}
00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1505154584447,"flow_last_seen":1505154584447,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":5,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1505154584447,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8009,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AJP","breed":"Acceptable","category":"Web"}}
00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1505154584447,"flow_last_seen":1505154584447,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":5,"midstream":0,"thread_ts_msec":1505154584447,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8009,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AJP","breed":"Acceptable","category":"Web"}}
00197{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":6,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":1505154584447}
00392{"packet_event_id":1,"packet_event_name":"packet","packet_id":6,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":1505154584447,"pkt":"Agq8AAAAAgq9AAAAiQNAIABQVoOO8wBQVoNdWIEAAAcIAEUAADyyyEAAQAYclKwdCZKsHQmTl8gfSXLF2y8AAAAAoAI5COYNAAACBAW0BAIICk6caecAAAAAAQMDBw=="}
00197{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":8,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1505154584447}
@@ -17,13 +17,13 @@
01488{"packet_event_id":1,"packet_event_name":"packet","packet_id":11,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":912,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":912,"pkt_l4_len":0,"thread_ts_msec":1505154584448,"pkt":"Agq8AAAAAgq9AAAAiQNAIABQVoOO8wBQVoNdWIEAAAcIAEUAA26yzEAAQAYZXqwdCZKsHQmTl8gfSXLF2zWToC6+gBgAc\/j3AAABAQgKTpxp6B5X79kSNAM2AgQACEhUVFAvMS4xAAA0L0NDUC9wYWdlcy9yZWxhdG9yaW9zL3JlbGF0b3Jpb0RlT3JkZW1EZVNlcnZpY28uc2VhbQAADDE3Mi4yOS4wLjEyOQD\/\/wAXc2lzdGVtYXNjY3AuaW5lcC5nb3YuYnIAAFAAAA6gBgAKa2VlcC1hbGl2ZQAADUNhY2hlLUNvbnRyb2wAAAltYXgtYWdlPTAAAAZPcmlnaW4AAB5odHRwOi8vc2lzdGVtYXNjY3AuaW5lcC5nb3YuYnIAABlVcGdyYWRlLUluc2VjdXJlLVJlcXVlc3RzAAABMQCgDgBpTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvNjAuMC4zMTEyLjExMyBTYWZhcmkvNTM3LjM2AKAHACFhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQAoAEAVXRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LGltYWdlL3dlYnAsaW1hZ2UvYXBuZywqLyo7cT0wLjgAoA0AW2h0dHA6Ly9zaXN0ZW1hc2NjcC5pbmVwLmdvdi5ici9DQ1AvcGFnZXMvcmVsYXRvcmlvcy9yZWxhdG9yaW9EZU9yZGVtRGVTZXJ2aWNvLnNlYW0\/Y2lkPTY4MDgAAA9BY2NlcHQtRW5jb2RpbmcAAARnemlwAAAPQWNjZXB0LUxhbmd1YWdlAAAjcHQtQlIscHQ7cT0wLjgsZW4tVVM7cT0wLjYsZW47cT0wLjQAoAgAAzIxOQCgCQAySlNFU1NJT05JRD0wODUzOTA3RDhFMzI0Nzc2QTc0QzJBNTBBMzI2NjRFMi4wMDkxNDcAoAsAF3Npc3RlbWFzY2NwLmluZXAuZ292LmJyAAAMWC1JTUZvcndhcmRzAAACMjAABgAGMDA5MTQ3AAoAD0FKUF9SRU1PVEVfUE9SVAAABDU3MDUACgAQSktfTEJfQUNUSVZBVElPTgAAA0FDVAD\/"}
00198{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":16,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1505154584448}
00381{"packet_event_id":1,"packet_event_name":"packet","packet_id":16,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1505154584448,"pkt":"Agq9AAAAAgq8AAAAiQNAIABQVoNdWABQVoOO84EAAAcIAEUAADTBYkAAQAYOAqwdCZOsHQmSH0mXyJOgLr5yxd9QgBAAi3iVAAABAQgKHlfv2k6caeg="}
00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"ajp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1505154584618,"flow_last_seen":1505154584618,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1505154584618,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"ajp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1505154584618,"flow_last_seen":1505154584618,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1505154584618,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"ajp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1505154584618,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_msec":1505154584618,"pkt":"AFBWg47zAFBWg11YgQAABwgARQAAPLLIQABABhyUrB0JkqwdCZOXyB9KcsXbLwAAAACgAjkI5gwAAAIEBbQEAggKTpxp5wAAAAABAwMH"}
00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"ajp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1505154584618,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_msec":1505154584618,"pkt":"AFBWg11YAFBWg47zgQAABwgARQAAPAAAQABABs9crB0Jk6wdCZIfSpfIk6AuuHLF2zCgEjiQFesAAAIEBbQEAggKHlfv2E6caecBAwMH"}
00198{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":22,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":1505154584618}
00393{"packet_event_id":1,"packet_event_name":"packet","packet_id":22,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":1505154584618,"pkt":"Agq9AAAAAgq8AAAAiQNAIABQVoNdWABQVoOO84EAAAcIAEUAADwAAEAAQAbPXKwdCZOsHQmSH0mXyJOgLrhyxdswoBI4kBXsAAACBAW0BAIICh5X79hOnGnnAQMDBw=="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"ajp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1505154584618,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_msec":1505154584618,"pkt":"AFBWg47zAFBWg11YgQAABwgARQAANLLJQABABhybrB0JkqwdCZOXyB9KcsXbMJOgLrmAEABzfNMAAAEBCApOnGnoHlfv2A=="}
00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"ajp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1505154584618,"flow_last_seen":1505154584618,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":5,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1505154584618,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8010,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AJP","breed":"Acceptable","category":"Web"}}
00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"ajp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1505154584618,"flow_last_seen":1505154584618,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":5,"midstream":0,"thread_ts_msec":1505154584618,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8010,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AJP","breed":"Acceptable","category":"Web"}}
00198{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":25,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":1505154584618}
00393{"packet_event_id":1,"packet_event_name":"packet","packet_id":25,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":1505154584618,"pkt":"Agq8AAAAAgq9AAAAiQNAIABQVoOO8wBQVoNdWIEAAAcIAEUAADyyyEAAQAYclKwdCZKsHQmTl8gfSXLF2y8AAAAAoAI5COYNAAACBAW0BAIICk6caecAAAAAAQMDBw=="}
00198{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":27,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1505154584618}
@@ -34,8 +34,8 @@
01488{"packet_event_id":1,"packet_event_name":"packet","packet_id":30,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":912,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":912,"pkt_l4_len":0,"thread_ts_msec":1505154584618,"pkt":"Agq8AAAAAgq9AAAAiQNAIABQVoOO8wBQVoNdWIEAAAcIAEUAA26yzEAAQAYZXqwdCZKsHQmTl8gfSXLF2zWToC6+gBgAc\/j3AAABAQgKTpxp6B5X79kSNAM2AgQACEhUVFAvMS4xAAA0L0NDUC9wYWdlcy9yZWxhdG9yaW9zL3JlbGF0b3Jpb0RlT3JkZW1EZVNlcnZpY28uc2VhbQAADDE3Mi4yOS4wLjEyOQD\/\/wAXc2lzdGVtYXNjY3AuaW5lcC5nb3YuYnIAAFAAAA6gBgAKa2VlcC1hbGl2ZQAADUNhY2hlLUNvbnRyb2wAAAltYXgtYWdlPTAAAAZPcmlnaW4AAB5odHRwOi8vc2lzdGVtYXNjY3AuaW5lcC5nb3YuYnIAABlVcGdyYWRlLUluc2VjdXJlLVJlcXVlc3RzAAABMQCgDgBpTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvNjAuMC4zMTEyLjExMyBTYWZhcmkvNTM3LjM2AKAHACFhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQAoAEAVXRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LGltYWdlL3dlYnAsaW1hZ2UvYXBuZywqLyo7cT0wLjgAoA0AW2h0dHA6Ly9zaXN0ZW1hc2NjcC5pbmVwLmdvdi5ici9DQ1AvcGFnZXMvcmVsYXRvcmlvcy9yZWxhdG9yaW9EZU9yZGVtRGVTZXJ2aWNvLnNlYW0\/Y2lkPTY4MDgAAA9BY2NlcHQtRW5jb2RpbmcAAARnemlwAAAPQWNjZXB0LUxhbmd1YWdlAAAjcHQtQlIscHQ7cT0wLjgsZW4tVVM7cT0wLjYsZW47cT0wLjQAoAgAAzIxOQCgCQAySlNFU1NJT05JRD0wODUzOTA3RDhFMzI0Nzc2QTc0QzJBNTBBMzI2NjRFMi4wMDkxNDcAoAsAF3Npc3RlbWFzY2NwLmluZXAuZ292LmJyAAAMWC1JTUZvcndhcmRzAAACMjAABgAGMDA5MTQ3AAoAD0FKUF9SRU1PVEVfUE9SVAAABDU3MDUACgAQSktfTEJfQUNUSVZBVElPTgAAA0FDVAD\/"}
00198{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":35,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1505154584618}
00381{"packet_event_id":1,"packet_event_name":"packet","packet_id":35,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1505154584618,"pkt":"Agq9AAAAAgq8AAAAiQNAIABQVoNdWABQVoOO84EAAAcIAEUAADTBYkAAQAYOAqwdCZOsHQmSH0mXyJOgLr5yxd9QgBAAi3iVAAABAQgKHlfv2k6caeg="}
00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1505154584447,"flow_last_seen":1505154584618,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":826,"flow_tot_l4_payload_len":1297,"flow_avg_l4_payload_len":99,"midstream":0,"thread_ts_msec":1505154584618,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AJP","breed":"Acceptable","category":"Web"}}
00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"ajp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1505154584618,"flow_last_seen":1505154584618,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":826,"flow_tot_l4_payload_len":1297,"flow_avg_l4_payload_len":99,"midstream":0,"thread_ts_msec":1505154584618,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AJP","breed":"Acceptable","category":"Web"}}
00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":6,"flow_first_seen":1505154584447,"flow_last_seen":1505154584618,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":826,"flow_tot_l4_payload_len":1297,"midstream":0,"thread_ts_msec":1505154584618,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AJP","breed":"Acceptable","category":"Web"}}
00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"ajp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":6,"flow_first_seen":1505154584618,"flow_last_seen":1505154584618,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":826,"flow_tot_l4_payload_len":1297,"midstream":0,"thread_ts_msec":1505154584618,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AJP","breed":"Acceptable","category":"Web"}}
00552{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":38,"source":"ajp.pcap","alias":"nDPId-test","packets-captured":38,"packets-processed":26,"total-skipped-flows":0,"total-l4-payload-len":2594,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":39,"global_ts_msec":1505154584618}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 38/26
@@ -45,8 +45,8 @@
~~ total active/idle flows...: 2/2
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6004891 bytes
~~ total memory freed........: 6004891 bytes
~~ total memory allocated....: 6004907 bytes
~~ total memory freed........: 6004907 bytes
~~ total allocations/frees...: 120906/120906
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 202 chars

1254
test/results/alexa-app.pcapng.out
View File

File diff suppressed because it is too large Load Diff

14
test/results/among_us.pcap.out
View File

@@ -1,9 +1,9 @@
00459{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"among_us.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00547{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"among_us.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":946681200000}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"among_us.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_idle_time":200000,"flow_min_l4_payload_len":15,"flow_max_l4_payload_len":15,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":946681200000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.105.251.170","src_port":64260,"dst_port":22023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"among_us.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_idle_time":200000,"flow_min_l4_payload_len":15,"flow_max_l4_payload_len":15,"flow_tot_l4_payload_len":15,"midstream":0,"thread_ts_msec":946681200000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.105.251.170","src_port":64260,"dst_port":22023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"among_us.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":946681200000,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":57,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":57,"pkt_l4_len":23,"thread_ts_msec":946681200000,"pkt":"eJS0JASgYDjgxTWgCABFAAArJhEAAH8RqpAKAAABrGn7qvsEVgcAF2toCAABAIDZAgMGQUFBQUFB"}
00628{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"among_us.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_idle_time":200000,"flow_min_l4_payload_len":15,"flow_max_l4_payload_len":15,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":946681200000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.105.251.170","src_port":64260,"dst_port":22023,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AmongUs","breed":"Fun","category":"Game"}}
00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"among_us.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_idle_time":200000,"flow_min_l4_payload_len":15,"flow_max_l4_payload_len":15,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":946681200000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.105.251.170","src_port":64260,"dst_port":22023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AmongUs","breed":"Fun","category":"Game"}}
00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"among_us.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_idle_time":200000,"flow_min_l4_payload_len":15,"flow_max_l4_payload_len":15,"flow_tot_l4_payload_len":15,"midstream":0,"thread_ts_msec":946681200000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.105.251.170","src_port":64260,"dst_port":22023,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AmongUs","breed":"Fun","category":"Game"}}
00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"among_us.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_idle_time":200000,"flow_min_l4_payload_len":15,"flow_max_l4_payload_len":15,"flow_tot_l4_payload_len":15,"midstream":0,"thread_ts_msec":946681200000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.105.251.170","src_port":64260,"dst_port":22023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AmongUs","breed":"Fun","category":"Game"}}
00550{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"among_us.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":15,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_msec":946681200000}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 1/1
@@ -13,10 +13,10 @@
~~ total active/idle flows...: 1/1
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6003106 bytes
~~ total memory freed........: 6003106 bytes
~~ total memory allocated....: 6003114 bytes
~~ total memory freed........: 6003114 bytes
~~ total allocations/frees...: 120877/120877
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 455 chars
~~ json string max len.......: 672 chars
~~ json string avg len.......: 550 chars
~~ json string max len.......: 678 chars
~~ json string avg len.......: 553 chars

22
test/results/amqp.pcap.out
View File

@@ -1,23 +1,23 @@
00455{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"amqp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00544{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"amqp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1490904166118}
00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490904166118,"flow_last_seen":1490904166118,"flow_idle_time":7580000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":1,"thread_ts_msec":1490904166118,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44205,"dst_port":5672,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490904166118,"flow_last_seen":1490904166118,"flow_idle_time":7580000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"midstream":1,"thread_ts_msec":1490904166118,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44205,"dst_port":5672,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1490904166118,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"thread_ts_msec":1490904166118,"pkt":"AAAAAAAAAAAAAAAACABFAABdxi1AAEAGdWt\/AAABfwABAaytFihPdGXjNxAmEoAYAV7\/UQAAAQEICgC+1cIAvtPNAQABAAAAIQA8ACgAAAhjZWxlcnlldhB3b3JrZXIuaGVhcnRiZWF0AM4="}
00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490904166118,"flow_last_seen":1490904166118,"flow_idle_time":7580000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":1,"thread_ts_msec":1490904166118,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44205,"dst_port":5672,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AMQP","breed":"Acceptable","category":"RPC"}}
00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490904166118,"flow_last_seen":1490904166118,"flow_idle_time":7580000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"midstream":1,"thread_ts_msec":1490904166118,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44205,"dst_port":5672,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AMQP","breed":"Acceptable","category":"RPC"}}
00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1490904166118,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490904166118,"pkt":"AAAAAAAAAAAAAAAACABFAAA0puJAAEAGlN9\/AAEBfwAAARYorK03ECYST3RmDIAQSfD\/KAAAAQEICgC+1cIAvtXC"}
00595{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1490904166119,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":162,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":162,"pkt_l4_len":128,"thread_ts_msec":1490904166119,"pkt":"AAAAAAAAAAAAAAAACABFAACUxi5AAEAGdTN\/AAABfwABAaytFihPdGYMNxAmEoAYAV7\/iAAAAQEICgC+1cIAvtXCAgABAAAAWAA8AAAAAAAAAAABJ\/gAEGFwcGxpY2F0aW9uL2pzb24FdXRmLTgAAAAtCGhvc3RuYW1lUwAAAB9jZWxlcnlAdGVzdC5jb2duaXRvbmV0d29ya3MuY29tAgDO"}
00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"amqp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490904166119,"flow_last_seen":1490904166119,"flow_idle_time":7580000,"flow_min_l4_payload_len":448,"flow_max_l4_payload_len":448,"flow_tot_l4_payload_len":448,"flow_avg_l4_payload_len":448,"midstream":1,"thread_ts_msec":1490904166119,"l3_proto":"ip4","src_ip":"127.0.1.1","dst_ip":"127.0.0.1","src_port":5672,"dst_port":44204,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"amqp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490904166119,"flow_last_seen":1490904166119,"flow_idle_time":7580000,"flow_min_l4_payload_len":448,"flow_max_l4_payload_len":448,"flow_tot_l4_payload_len":448,"midstream":1,"thread_ts_msec":1490904166119,"l3_proto":"ip4","src_ip":"127.0.1.1","dst_ip":"127.0.0.1","src_port":5672,"dst_port":44204,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
01065{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"amqp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1490904166119,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":514,"pkt_l4_len":480,"thread_ts_msec":1490904166119,"pkt":"AAAAAAAAAAAAAAAACABFAAH0AQRAAEAGOP5\/AAEBfwAAARYorKyekqFfoHNnjIAYAXcA6QAAAQEICgC+1cIAvtPXAQADAAAAKQA8ADwBMwAAAAAAAGF2AAhjZWxlcnlldhB3b3JrZXIuaGVhcnRiZWF0zgIAAwAAAFgAPAAAAAAAAAAAASf4ABBhcHBsaWNhdGlvbi9qc29uBXV0Zi04AAAALQhob3N0bmFtZVMAAAAfY2VsZXJ5QHRlc3QuY29nbml0b25ldHdvcmtzLmNvbQIAzgMAAwAAASd7InN3X3N5cyI6ICJMaW51eCIsICJjbG9jayI6IDM5MTcyNSwgInRpbWVzdGFtcCI6IDE0OTA5MDQxNjYuMTE4NTgzLCAiaG9zdG5hbWUiOiAiY2VsZXJ5QHRlc3QuY29nbml0b25ldHdvcmtzLmNvbSIsICJwaWQiOiAxODk0LCAic3dfdmVyIjogIjMuMS4xOCIsICJ1dGNvZmZzZXQiOiAwLCAibG9hZGF2ZyI6IFswLjc4LCAwLjU2LCAwLjQyXSwgInByb2Nlc3NlZCI6IDExMzk0MiwgImFjdGl2ZSI6IDAsICJmcmVxIjogMi4wLCAidHlwZSI6ICJ3b3JrZXItaGVhcnRiZWF0IiwgInN3X2lkZW50IjogInB5LWNlbGVyeSJ9zg=="}
00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"amqp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1490904166119,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490904166119,"pkt":"AAAAAAAAAAAAAAAACABFAAA0HMNAAEAGHv9\/AAABfwABAaysFiigc2eMnpKjH4AQDjX\/KAAAAQEICgC+1cIAvtXC"}
01066{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"amqp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1490904168121,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":514,"pkt_l4_len":480,"thread_ts_msec":1490904168121,"pkt":"AAAAAAAAAAAAAAAACABFAAH0AQVAAEAGOP1\/AAEBfwAAARYorKyekqMfoHNnjIAYAXcA6QAAAQEICgC+17YAvtXCAQADAAAAKQA8ADwBMwAAAAAAAGF3AAhjZWxlcnlldhB3b3JrZXIuaGVhcnRiZWF0zgIAAwAAAFgAPAAAAAAAAAAAASf4ABBhcHBsaWNhdGlvbi9qc29uBXV0Zi04AAAALQhob3N0bmFtZVMAAAAfY2VsZXJ5QHRlc3QuY29nbml0b25ldHdvcmtzLmNvbQIAzgMAAwAAASd7InN3X3N5cyI6ICJMaW51eCIsICJjbG9jayI6IDM5MTcyNywgInRpbWVzdGFtcCI6IDE0OTA5MDQxNjguMTIwNTc2LCAiaG9zdG5hbWUiOiAiY2VsZXJ5QHRlc3QuY29nbml0b25ldHdvcmtzLmNvbSIsICJwaWQiOiAxODk0LCAic3dfdmVyIjogIjMuMS4xOCIsICJ1dGNvZmZzZXQiOiAwLCAibG9hZGF2ZyI6IFswLjc4LCAwLjU2LCAwLjQyXSwgInByb2Nlc3NlZCI6IDExMzk0MiwgImFjdGl2ZSI6IDAsICJmcmVxIjogMi4wLCAidHlwZSI6ICJ3b3JrZXItaGVhcnRiZWF0IiwgInN3X2lkZW50IjogInB5LWNlbGVyeSJ9zg=="}
00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"amqp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490904169152,"flow_last_seen":1490904169152,"flow_idle_time":7580000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":1,"thread_ts_msec":1490904169152,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44206,"dst_port":5672,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"amqp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490904169152,"flow_last_seen":1490904169152,"flow_idle_time":7580000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"midstream":1,"thread_ts_msec":1490904169152,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44206,"dst_port":5672,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"amqp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1490904169152,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_msec":1490904169152,"pkt":"AAAAAAAAAAAAAAAACABFAABTPztAAEAG\/Gd\/AAABfwABAayuFiiKm04N2t+K4IAYAV7\/RwAAAQEICgC+2LgAvtO2AQABAAAAFwA8ACgAAAdkZWZhdWx0B3Rhc2tzLiMAzg=="}
00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"amqp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490904169152,"flow_last_seen":1490904169152,"flow_idle_time":7580000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":1,"thread_ts_msec":1490904169152,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44206,"dst_port":5672,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AMQP","breed":"Acceptable","category":"RPC"}}
00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"amqp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490904169152,"flow_last_seen":1490904169152,"flow_idle_time":7580000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"midstream":1,"thread_ts_msec":1490904169152,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44206,"dst_port":5672,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AMQP","breed":"Acceptable","category":"RPC"}}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"amqp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1490904169152,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490904169152,"pkt":"AAAAAAAAAAAAAAAACABFAAA01sFAAEAGZQB\/AAEBfwAAARYorK7a34rgiptOLIAQDAj\/KAAAAQEICgC+2LgAvti4"}
00656{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"amqp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1490904169152,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1490904169152,"pkt":"AAAAAAAAAAAAAAAACABFAADAPzxAAEAG+\/l\/AAABfwABAayuFiiKm04s2t+K4IAYAV7\/tAAAAQEICgC+2LgAvti4AgABAAAAhAA8AAAAAAAAAAAA7v4AHmFwcGxpY2F0aW9uL3gtcHl0aG9uLXNlcmlhbGl6ZQZiaW5hcnkAAAAAAgAkZjMzYWFlMjctNjlmNC00ZjQ4LWIwYmMtMmVmZGM0NTVjMTI4JGFiZjI3YmI1LTAxNDktM2RiZC1hMmRiLWQzNTcyYzMwOTc5MM4="}
00629{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"amqp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490904166119,"flow_last_seen":1490904169156,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":448,"flow_tot_l4_payload_len":1342,"flow_avg_l4_payload_len":191,"midstream":1,"thread_ts_msec":1490904169156,"l3_proto":"ip4","src_ip":"127.0.1.1","dst_ip":"127.0.0.1","src_port":5672,"dst_port":44204,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AMQP","breed":"Acceptable","category":"RPC"}}
00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":160,"source":"amqp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1490904166119,"flow_last_seen":1490904170242,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":448,"flow_tot_l4_payload_len":3574,"flow_avg_l4_payload_len":162,"midstream":1,"thread_ts_msec":1490904170243,"l3_proto":"ip4","src_ip":"127.0.1.1","dst_ip":"127.0.0.1","src_port":5672,"dst_port":44204,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AMQP","breed":"Acceptable","category":"RPC"}}
00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":160,"source":"amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":108,"flow_first_seen":1490904166118,"flow_last_seen":1490904170243,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":7295,"flow_avg_l4_payload_len":67,"midstream":1,"thread_ts_msec":1490904170243,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44205,"dst_port":5672,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AMQP","breed":"Acceptable","category":"RPC"}}
00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":160,"source":"amqp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1490904169152,"flow_last_seen":1490904170195,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":246,"flow_tot_l4_payload_len":2085,"flow_avg_l4_payload_len":69,"midstream":1,"thread_ts_msec":1490904170243,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44206,"dst_port":5672,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AMQP","breed":"Acceptable","category":"RPC"}}
00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"amqp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1490904166119,"flow_last_seen":1490904169156,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":448,"flow_tot_l4_payload_len":1342,"midstream":1,"thread_ts_msec":1490904169156,"l3_proto":"ip4","src_ip":"127.0.1.1","dst_ip":"127.0.0.1","src_port":5672,"dst_port":44204,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AMQP","breed":"Acceptable","category":"RPC"}}
00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":160,"source":"amqp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":9,"flow_first_seen":1490904166119,"flow_last_seen":1490904170242,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":448,"flow_tot_l4_payload_len":3574,"midstream":1,"thread_ts_msec":1490904170243,"l3_proto":"ip4","src_ip":"127.0.1.1","dst_ip":"127.0.0.1","src_port":5672,"dst_port":44204,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AMQP","breed":"Acceptable","category":"RPC"}}
00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":160,"source":"amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":54,"flow_dst_packets_processed":54,"flow_first_seen":1490904166118,"flow_last_seen":1490904170243,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":7295,"midstream":1,"thread_ts_msec":1490904170243,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44205,"dst_port":5672,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AMQP","breed":"Acceptable","category":"RPC"}}
00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":160,"source":"amqp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":15,"flow_first_seen":1490904169152,"flow_last_seen":1490904170195,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":246,"flow_tot_l4_payload_len":2085,"midstream":1,"thread_ts_msec":1490904170243,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44206,"dst_port":5672,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AMQP","breed":"Acceptable","category":"RPC"}}
00557{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":160,"source":"amqp.pcap","alias":"nDPId-test","packets-captured":160,"packets-processed":160,"total-skipped-flows":0,"total-l4-payload-len":12954,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_msec":1490904170243}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 160/160
@@ -27,8 +27,8 @@
~~ total active/idle flows...: 3/3
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6015981 bytes
~~ total memory freed........: 6015981 bytes
~~ total memory allocated....: 6016005 bytes
~~ total memory freed........: 6016005 bytes
~~ total allocations/frees...: 121047/121047
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 460 chars

472
test/results/android.pcap.out
View File

@@ -1,286 +1,286 @@
00458{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"android.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00547{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"android.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1582454769772}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"android.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454769772,"flow_last_seen":1582454769772,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":1,"thread_ts_msec":1582454769772,"l3_proto":"ip4","src_ip":"95.101.24.53","dst_ip":"192.168.2.17","src_port":443,"dst_port":50677,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"android.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454769772,"flow_last_seen":1582454769772,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"midstream":1,"thread_ts_msec":1582454769772,"l3_proto":"ip4","src_ip":"95.101.24.53","dst_ip":"192.168.2.17","src_port":443,"dst_port":50677,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"android.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1582454769772,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1582454769772,"pkt":"xGGLNYKpxiwDYGpkCABFAABMMy4AADUGGCtfZRg1wKgCEQG7xfVNnd4qbhnKg4AYAUXNDgAAAQEICmx+XigR4ZkoFwMDABMwxZA0Xbk6ucnG2OFNZYAG8R1y"}
00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"android.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454769772,"flow_last_seen":1582454769772,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":1,"thread_ts_msec":1582454769772,"l3_proto":"ip4","src_ip":"95.101.24.53","dst_ip":"192.168.2.17","src_port":443,"dst_port":50677,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"android.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454779631,"flow_last_seen":1582454779631,"flow_idle_time":7580000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":1,"thread_ts_msec":1582454779631,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50584,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"android.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454769772,"flow_last_seen":1582454769772,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"midstream":1,"thread_ts_msec":1582454769772,"l3_proto":"ip4","src_ip":"95.101.24.53","dst_ip":"192.168.2.17","src_port":443,"dst_port":50677,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"android.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454779631,"flow_last_seen":1582454779631,"flow_idle_time":7580000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"midstream":1,"thread_ts_msec":1582454779631,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50584,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"android.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1582454779631,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"thread_ts_msec":1582454779631,"pkt":"xGGLNYKpxiwDYGpkCABFAgBirQcAAC4GWpAR+LBLwKgCEQG7xZj0WotEsqX09IAYBCokkgAAAQEIClsVyooR3+x3FwMDACkAAAAAAAAABGgk1MfD1SR1H5v5Q6dSq6XAgQAjDJnQ9jro2uiXnku8Hg=="}
00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"android.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454779631,"flow_last_seen":1582454779631,"flow_idle_time":7580000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":1,"thread_ts_msec":1582454779631,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50584,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"android.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454779631,"flow_last_seen":1582454779631,"flow_idle_time":7580000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"midstream":1,"thread_ts_msec":1582454779631,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50584,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"android.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1582454779631,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_msec":1582454779631,"pkt":"xGGLNYKpxiwDYGpkCABFAgBTrQgAAC4GWp4R+LBLwKgCEQG7xZj0WotysqX09IAZBCpyhAAAAQEIClsVyooR3+x3FQMDABoAAAAAAAAABZSZBhugqn7IvMs7ScmDJ6yQxA=="}
00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"android.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1582454779931,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"thread_ts_msec":1582454779931,"pkt":"xGGLNYKpxiwDYGpkCABFAACBrQkAAC4GWnER+LBLwKgCEQG7xZj0WotEsqX09IAZBCq7DgAAAQEIClsVy7YR3+x3FwMDACkAAAAAAAAABGgk1MfD1SR1H5v5Q6dSq6XAgQAjDJnQ9jro2uiXnku8HhUDAwAaAAAAAAAAAAWUmQYboKp+yLzLO0nJgyeskMQ="}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"android.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454780612,"flow_last_seen":1582454780612,"flow_idle_time":7580000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":1,"thread_ts_msec":1582454780612,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50580,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"android.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454780612,"flow_last_seen":1582454780612,"flow_idle_time":7580000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"midstream":1,"thread_ts_msec":1582454780612,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50580,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"android.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1582454780612,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"thread_ts_msec":1582454780612,"pkt":"xGGLNYKpxiwDYGpkCABFAgBiArsAAC4GBN0R+LBLwKgCEQG7xZQAd+\/fhij6wYAYBTCNMgAAAQEIClsVzl8R3+\/bFwMDACkAAAAAAAAACH\/oI1Kw++l3rtTYoEdnoXbMNGznM5xRQS6qcOaP89cv8Q=="}
00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"android.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454780612,"flow_last_seen":1582454780612,"flow_idle_time":7580000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":1,"thread_ts_msec":1582454780612,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50580,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"android.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454780612,"flow_last_seen":1582454780612,"flow_idle_time":7580000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"midstream":1,"thread_ts_msec":1582454780612,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50580,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"android.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1582454780612,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_msec":1582454780612,"pkt":"xGGLNYKpxiwDYGpkCABFAgBTArwAAC4GBOsR+LBLwKgCEQG7xZQAd\/ANhij6wYAZBTCw2QAAAQEIClsVzl8R3+\/bFQMDABoAAAAAAAAACeuqoxCRLc0dnl7lMGJ\/SkF\/RQ=="}
00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"android.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1582454780907,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"thread_ts_msec":1582454780907,"pkt":"xGGLNYKpxiwDYGpkCABFAACBAr0AAC4GBL4R+LBLwKgCEQG7xZQAd+\/fhij6wYAZBTC0SwAAAQEIClsVz4YR3+\/bFwMDACkAAAAAAAAACH\/oI1Kw++l3rtTYoEdnoXbMNGznM5xRQS6qcOaP89cv8RUDAwAaAAAAAAAAAAnrqqMQkS3NHZ5e5TBif0pBf0U="}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"android.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454784313,"flow_last_seen":1582454784313,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1582454784313,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"android.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454784313,"flow_last_seen":1582454784313,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"midstream":0,"thread_ts_msec":1582454784313,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00849{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"android.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1582454784313,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":1582454784313,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIeDQAAP8RQnEAAAAA\/\/\/\/\/wBEAEMBNI1GAQEGAHhURwsAAAAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"}
00732{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"android.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454784313,"flow_last_seen":1582454784313,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1582454784313,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"lucas-imac","fingerprint":"1,121,3,6,15,119,252,95,44,46","class_ident":""}}
00737{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"android.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454784313,"flow_last_seen":1582454784313,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"midstream":0,"thread_ts_msec":1582454784313,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"lucas-imac","fingerprint":"1,121,3,6,15,119,252,95,44,46","class_ident":""}}
00849{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"android.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1582454786281,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":1582454786281,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIeDUAAP8RQnAAAAAA\/\/\/\/\/wBEAEMBNI1EAQEGAHhURwsAAgAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"android.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454787658,"flow_last_seen":1582454787658,"flow_idle_time":7580000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":1,"thread_ts_msec":1582454787658,"l3_proto":"ip4","src_ip":"17.248.185.10","dst_ip":"192.168.2.17","src_port":443,"dst_port":50702,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"android.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454787658,"flow_last_seen":1582454787658,"flow_idle_time":7580000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"midstream":1,"thread_ts_msec":1582454787658,"l3_proto":"ip4","src_ip":"17.248.185.10","dst_ip":"192.168.2.17","src_port":443,"dst_port":50702,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"android.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1582454787658,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_msec":1582454787658,"pkt":"xGGLNYKpxiwDYGpkCABFAgBThkMAADAGdqQR+LkKwKgCEQG7xg7EYLJptSIfH4AYBDV85QAAAQEIChoMpyQR4cyfFQMDABoAAAAAAAAAArlWa60ADWOMgYlfYrlhFGv+Kg=="}
00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"android.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454787658,"flow_last_seen":1582454787658,"flow_idle_time":7580000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":1,"thread_ts_msec":1582454787658,"l3_proto":"ip4","src_ip":"17.248.185.10","dst_ip":"192.168.2.17","src_port":443,"dst_port":50702,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"android.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454787658,"flow_last_seen":1582454787658,"flow_idle_time":7580000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"midstream":1,"thread_ts_msec":1582454787658,"l3_proto":"ip4","src_ip":"17.248.185.10","dst_ip":"192.168.2.17","src_port":443,"dst_port":50702,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"android.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1582454787658,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454787658,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0hkQAADAGdsQR+LkKwKgCEQG7xg7EYLKItSIfH4ARBDUyJQAAAQEIChoMpyQR4cyf"}
00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"android.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1582454788086,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_msec":1582454788086,"pkt":"xGGLNYKpxiwDYGpkCABFAABThkUAADAGdqQR+LkKwKgCEQG7xg7EYLJptSIfH4AZBDV7OQAAAQEIChoMqM8R4cyfFQMDABoAAAAAAAAAArlWa60ADWOMgYlfYrlhFGv+Kg=="}
00849{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"android.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1582454789207,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":1582454789207,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIeDYAAP8RQm8AAAAA\/\/\/\/\/wBEAEMBNI1BAQEGAHhURwsABQAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"android.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454792980,"flow_last_seen":1582454792980,"flow_idle_time":200000,"flow_min_l4_payload_len":510,"flow_max_l4_payload_len":510,"flow_tot_l4_payload_len":510,"flow_avg_l4_payload_len":510,"midstream":0,"thread_ts_msec":1582454792980,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"android.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454792980,"flow_last_seen":1582454792980,"flow_idle_time":200000,"flow_min_l4_payload_len":510,"flow_max_l4_payload_len":510,"flow_tot_l4_payload_len":510,"midstream":0,"thread_ts_msec":1582454792980,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01124{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"android.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1582454792980,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":552,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":552,"pkt_l4_len":518,"thread_ts_msec":1582454792980,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAIangkAAEARVHnAqAIBwKgC\/0RcRFwCBr34eyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAzMzA0MDI2MjQwMTMxNjcxMTI3MTc3MTQ1ODMyOTcxNTM2ODg0ODIsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFsyNzUwMzcwNTYwLCA3ODUyNjYxNzcsIDE1MjYyNjMwNDUsIDEzMzg2NTkyMDEsIDE0ODE5MzM3LCA0ODEwNTkxNzYwLCA0NTE0NzI2NTgsIDczNjM0MTUyOCwgOTM4ODEzODQ5LCAxMjY3Njk1MTA5LCA1NDQwNDA3MDcyLCA1ODM0NDk5NiwgOTk2MzA2MjE1LCA1MzAzMzAxMjQ4LCAyODUyMTYwNywgNDA1NjQ2MjU5MiwgNzA1MzYyNzE4NCwgMTUyMjE3NzU4NywgMTQyMTExNDM5OSwgMTI1MjExNjQyOSwgOTk0Njk3NzMsIDcwNzk2MzY2ODgsIDE3Njk2NDMwNywgMTI1NTQwNTY2LCAxMDQ3NDI4MTg5LCA0NzE2MTkwMDQ4LCA1NDY3MTYzMDg4LCAxMTk1MDQ0MDcxLCA5Njg1MzIyNCwgMTc2MDk5NjMsIDY0NzgzMDM0NDAsIDUxMTcwNjY0MiwgNjI5Nzk1NTE4NCwgMTQxNTYyMDM1MF19"}
00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"android.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454792980,"flow_last_seen":1582454792980,"flow_idle_time":200000,"flow_min_l4_payload_len":510,"flow_max_l4_payload_len":510,"flow_tot_l4_payload_len":510,"flow_avg_l4_payload_len":510,"midstream":0,"thread_ts_msec":1582454792980,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"android.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454796360,"flow_last_seen":1582454796360,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1582454796360,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"android.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454792980,"flow_last_seen":1582454792980,"flow_idle_time":200000,"flow_min_l4_payload_len":510,"flow_max_l4_payload_len":510,"flow_tot_l4_payload_len":510,"midstream":0,"thread_ts_msec":1582454792980,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"android.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454796360,"flow_last_seen":1582454796360,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"midstream":0,"thread_ts_msec":1582454796360,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"android.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1582454796360,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1582454796360,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAABIV+oAAEARnGrAqAIBwKgC\/+EV4RUANNgcU3BvdFVkcDDcFXQoLlJiTAABAARIlcIDokHeIIm5eNggVkvVDJHA6KPmCng="}
00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"android.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454796360,"flow_last_seen":1582454796360,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1582454796360,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}}
00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"android.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454796360,"flow_last_seen":1582454796360,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"midstream":0,"thread_ts_msec":1582454796360,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}}
01125{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"android.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1582454823029,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":552,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":552,"pkt_l4_len":518,"thread_ts_msec":1582454823029,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAIavtMAAEARM6\/AqAIBwKgC\/0RcRFwCBr34eyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAzMzA0MDI2MjQwMTMxNjcxMTI3MTc3MTQ1ODMyOTcxNTM2ODg0ODIsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFsyNzUwMzcwNTYwLCA3ODUyNjYxNzcsIDE1MjYyNjMwNDUsIDEzMzg2NTkyMDEsIDE0ODE5MzM3LCA0ODEwNTkxNzYwLCA0NTE0NzI2NTgsIDczNjM0MTUyOCwgOTM4ODEzODQ5LCAxMjY3Njk1MTA5LCA1NDQwNDA3MDcyLCA1ODM0NDk5NiwgOTk2MzA2MjE1LCA1MzAzMzAxMjQ4LCAyODUyMTYwNywgNDA1NjQ2MjU5MiwgNzA1MzYyNzE4NCwgMTUyMjE3NzU4NywgMTQyMTExNDM5OSwgMTI1MjExNjQyOSwgOTk0Njk3NzMsIDcwNzk2MzY2ODgsIDE3Njk2NDMwNywgMTI1NTQwNTY2LCAxMDQ3NDI4MTg5LCA0NzE2MTkwMDQ4LCA1NDY3MTYzMDg4LCAxMTk1MDQ0MDcxLCA5Njg1MzIyNCwgMTc2MDk5NjMsIDY0NzgzMDM0NDAsIDUxMTcwNjY0MiwgNjI5Nzk1NTE4NCwgMTQxNTYyMDM1MF19"}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"android.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454823653,"flow_last_seen":1582454823653,"flow_idle_time":200000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454823653,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"android.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454823653,"flow_last_seen":1582454823653,"flow_idle_time":200000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454823653,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"android.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1582454823653,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"thread_ts_msec":1582454823653,"pkt":"AQBeAAD72DBiVgAcCABFAABJmVsAAP8RtXWp\/uHY4AAA+xTpFOkANUGgAAAAAAABAAAAAAAAEF9zcG90aWZ5LWNvbm5lY3QEX3RjcAVsb2NhbAAADAAB"}
00688{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"android.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454823653,"flow_last_seen":1582454823653,"flow_idle_time":200000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454823653,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_spotify-connect._tcp.local"}}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"android.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454823653,"flow_last_seen":1582454823653,"flow_idle_time":200000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454823653,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00694{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"android.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454823653,"flow_last_seen":1582454823653,"flow_idle_time":200000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454823653,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_spotify-connect._tcp.local"}}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"android.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454823653,"flow_last_seen":1582454823653,"flow_idle_time":200000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454823653,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"android.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1582454823653,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"thread_ts_msec":1582454823653,"pkt":"AQBeAAD7xiwDYGpkCABFAABJ7RwAAAERKOPAqAIB4AAA+xTpFOkANQrOAAAAAAABAAAAAAAAEF9zcG90aWZ5LWNvbm5lY3QEX3RjcAVsb2NhbAAADAAB"}
00684{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"android.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454823653,"flow_last_seen":1582454823653,"flow_idle_time":200000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454823653,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_spotify-connect._tcp.local"}}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"android.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454825628,"flow_last_seen":1582454825628,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1582454825628,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"239.255.255.250","src_port":60538,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00690{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"android.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454823653,"flow_last_seen":1582454823653,"flow_idle_time":200000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454823653,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_spotify-connect._tcp.local"}}
00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"android.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454825628,"flow_last_seen":1582454825628,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"midstream":0,"thread_ts_msec":1582454825628,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"239.255.255.250","src_port":60538,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"android.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1582454825628,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1582454825628,"pkt":"AQBef\/\/62DBiVgAcCABFAACa4oMAAP8RXP2p\/uHY7\/\/\/+ux6B2wAhmGgTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KDQoA"}
00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"android.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454825628,"flow_last_seen":1582454825628,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1582454825628,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"239.255.255.250","src_port":60538,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"android.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454825629,"flow_last_seen":1582454825629,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1582454825629,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"239.255.255.250","src_port":51411,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"android.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454825628,"flow_last_seen":1582454825628,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"midstream":0,"thread_ts_msec":1582454825628,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"239.255.255.250","src_port":60538,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"android.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454825629,"flow_last_seen":1582454825629,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"midstream":0,"thread_ts_msec":1582454825629,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"239.255.255.250","src_port":51411,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"android.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1582454825629,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1582454825629,"pkt":"AQBef\/\/6xiwDYGpkCABFAACaWhcAAAERrJjAqAIB7\/\/\/+sjTB2wAhk51TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KDQoA"}
00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"android.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454825629,"flow_last_seen":1582454825629,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1582454825629,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"239.255.255.250","src_port":51411,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"android.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454825629,"flow_last_seen":1582454825629,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"midstream":0,"thread_ts_msec":1582454825629,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"239.255.255.250","src_port":51411,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"android.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1582454826369,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1582454826369,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAABItCAAAEARQDTAqAIBwKgC\/+EV4RUANNgcU3BvdFVkcDDcFXQoLlJiTAABAARIlcIDokHeIIm5eNggVkvVDJHA6KPmCng="}
01124{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"android.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1582454853081,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":552,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":552,"pkt_l4_len":518,"thread_ts_msec":1582454853081,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAIaAQwAAEAR8XbAqAIBwKgC\/0RcRFwCBr34eyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAzMzA0MDI2MjQwMTMxNjcxMTI3MTc3MTQ1ODMyOTcxNTM2ODg0ODIsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFsyNzUwMzcwNTYwLCA3ODUyNjYxNzcsIDE1MjYyNjMwNDUsIDEzMzg2NTkyMDEsIDE0ODE5MzM3LCA0ODEwNTkxNzYwLCA0NTE0NzI2NTgsIDczNjM0MTUyOCwgOTM4ODEzODQ5LCAxMjY3Njk1MTA5LCA1NDQwNDA3MDcyLCA1ODM0NDk5NiwgOTk2MzA2MjE1LCA1MzAzMzAxMjQ4LCAyODUyMTYwNywgNDA1NjQ2MjU5MiwgNzA1MzYyNzE4NCwgMTUyMjE3NzU4NywgMTQyMTExNDM5OSwgMTI1MjExNjQyOSwgOTk0Njk3NzMsIDcwNzk2MzY2ODgsIDE3Njk2NDMwNywgMTI1NTQwNTY2LCAxMDQ3NDI4MTg5LCA0NzE2MTkwMDQ4LCA1NDY3MTYzMDg4LCAxMTk1MDQ0MDcxLCA5Njg1MzIyNCwgMTc2MDk5NjMsIDY0NzgzMDM0NDAsIDUxMTcwNjY0MiwgNjI5Nzk1NTE4NCwgMTQxNTYyMDM1MF19"}
00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"android.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1582454856384,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1582454856384,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAABIA+oAAEAR8GrAqAIBwKgC\/+EV4RUANNgcU3BvdFVkcDDcFXQoLlJiTAABAARIlcIDokHeIIm5eNggVkvVDJHA6KPmCng="}
00544{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":64,"source":"android.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454865794,"flow_last_seen":1582454865794,"flow_idle_time":140000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1582454865794,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff9f:f627","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3}
00550{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":64,"source":"android.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454865794,"flow_last_seen":1582454865794,"flow_idle_time":140000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"midstream":0,"thread_ts_msec":1582454865794,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff9f:f627","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3}
00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"android.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1582454865794,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":78,"pkt_l4_len":24,"thread_ts_msec":1582454865794,"pkt":"MzP\/n\/YnTGr2n\/Ynht1gAAAAABg6\/wAAAAAAAAAAAAAAAAAAAAD\/AgAAAAAAAAAAAAH\/n\/YnhwBLLgAAAAD+gAAAAAAAAE5q9v\/+n\/Yn"}
00605{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"android.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454865794,"flow_last_seen":1582454865794,"flow_idle_time":140000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1582454865794,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff9f:f627","l4_proto":"icmp6","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
00535{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"android.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454865802,"flow_last_seen":1582454865802,"flow_idle_time":140000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1582454865802,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3}
00611{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"android.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454865794,"flow_last_seen":1582454865794,"flow_idle_time":140000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"midstream":0,"thread_ts_msec":1582454865794,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff9f:f627","l4_proto":"icmp6","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
00541{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"android.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454865802,"flow_last_seen":1582454865802,"flow_idle_time":140000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"midstream":0,"thread_ts_msec":1582454865802,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3}
00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"android.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1582454865802,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":90,"pkt_l4_len":28,"thread_ts_msec":1582454865802,"pkt":"MzMAAAAWTGr2n\/Ynht1gAAAAACQAAQAAAAAAAAAAAAAAAAAAAAD\/AgAAAAAAAAAAAAAAAAAWOgAFAgAAAQCPAHjDAAAAAQQAAAD\/AgAAAAAAAAAAAAH\/n\/Yn"}
00596{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":65,"source":"android.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454865802,"flow_last_seen":1582454865802,"flow_idle_time":140000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1582454865802,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::16","l4_proto":"icmp6","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
00602{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":65,"source":"android.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454865802,"flow_last_seen":1582454865802,"flow_idle_time":140000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"midstream":0,"thread_ts_msec":1582454865802,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::16","l4_proto":"icmp6","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"android.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1582454866026,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":90,"pkt_l4_len":28,"thread_ts_msec":1582454866026,"pkt":"MzMAAAAWTGr2n\/Ynht1gAAAAACQAAQAAAAAAAAAAAAAAAAAAAAD\/AgAAAAAAAAAAAAAAAAAWOgAFAgAAAQCPAHjDAAAAAQQAAAD\/AgAAAAAAAAAAAAH\/n\/Yn"}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":68,"source":"android.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454866407,"flow_last_seen":1582454866407,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1582454866407,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.16","src_port":67,"dst_port":68,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":68,"source":"android.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454866407,"flow_last_seen":1582454866407,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"midstream":0,"thread_ts_msec":1582454866407,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.16","src_port":67,"dst_port":68,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00842{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"android.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1582454866407,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":1582454866407,"pkt":"TGr2n\/YnxiwDYGpkCABFAAFILXYAAP8RB83AqAIBwKgCEABDAEQBNN9OAgEGAO9+0loAAAAAAAAAAMCoAhDAqAIBAAAAAExq9p\/2JwAAAAAAAAAAAABMdWNhcy1pTWFjLmxvY2FsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQECNgTAqAIBMwQAAU4gAQT\/\/\/8AAwTAqAIBBgTAqAIB\/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00695{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"android.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454866407,"flow_last_seen":1582454866407,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1582454866407,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.16","src_port":67,"dst_port":68,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"","fingerprint":"","class_ident":""}}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":69,"source":"android.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454866448,"flow_last_seen":1582454866448,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1582454866448,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00700{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"android.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454866407,"flow_last_seen":1582454866407,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"midstream":0,"thread_ts_msec":1582454866407,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.16","src_port":67,"dst_port":68,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"","fingerprint":"","class_ident":""}}
00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":69,"source":"android.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454866448,"flow_last_seen":1582454866448,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"midstream":0,"thread_ts_msec":1582454866448,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"android.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1582454866448,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":114,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":114,"pkt_l4_len":60,"thread_ts_msec":1582454866448,"pkt":"MzMAAQACTGr2n\/Ynht1gBNipADwRAf6AAAAAAAAATmr2\/\/6f9if\/AgAAAAAAAAAAAAAAAQACAiICIwA8Uc8B2OT+AAEADgABAAEl5RSOTGr2n\/YnAAMADA4ACMoAAAAAAAAAAAAIAAIAAAAGAAQAFwAY"}
00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":69,"source":"android.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454866448,"flow_last_seen":1582454866448,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1582454866448,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCPV6","breed":"Acceptable","category":"Network"}}
00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":69,"source":"android.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454866448,"flow_last_seen":1582454866448,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"midstream":0,"thread_ts_msec":1582454866448,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCPV6","breed":"Acceptable","category":"Network"}}
00842{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"android.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1582454866538,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":1582454866538,"pkt":"TGr2n\/YnxiwDYGpkCABFAAFILXcAAP8RB8zAqAIBwKgCEABDAEQBNNxOAgEGAO9+0loAAAAAAAAAAMCoAhDAqAIBAAAAAExq9p\/2JwAAAAAAAAAAAABMdWNhcy1pTWFjLmxvY2FsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEFNgTAqAIBMwQAAU4gAQT\/\/\/8AAwTAqAIBBgTAqAIB\/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00558{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"android.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454866803,"flow_last_seen":1582454866803,"flow_idle_time":140000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1582454866803,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3}
00564{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"android.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454866803,"flow_last_seen":1582454866803,"flow_idle_time":140000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"midstream":0,"thread_ts_msec":1582454866803,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3}
00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"android.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1582454866803,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":90,"pkt_l4_len":28,"thread_ts_msec":1582454866803,"pkt":"MzMAAAAWTGr2n\/Ynht1gAAAAACQAAf6AAAAAAAAATmr2\/\/6f9if\/AgAAAAAAAAAAAAAAAAAWOgAFAgAAAQCPAEAQAAAAAQQAAAD\/AgAAAAAAAAAAAAH\/n\/Yn"}
00619{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":73,"source":"android.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454866803,"flow_last_seen":1582454866803,"flow_idle_time":140000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1582454866803,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::16","l4_proto":"icmp6","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
00557{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"android.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454866803,"flow_last_seen":1582454866803,"flow_idle_time":140000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1582454866803,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3}
00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":73,"source":"android.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454866803,"flow_last_seen":1582454866803,"flow_idle_time":140000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"midstream":0,"thread_ts_msec":1582454866803,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::16","l4_proto":"icmp6","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
00563{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"android.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454866803,"flow_last_seen":1582454866803,"flow_idle_time":140000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"midstream":0,"thread_ts_msec":1582454866803,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"android.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1582454866803,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":70,"pkt_l4_len":16,"thread_ts_msec":1582454866803,"pkt":"MzMAAAACTGr2n\/Ynht1gAAAAABA6\/\/6AAAAAAAAATmr2\/\/6f9if\/AgAAAAAAAAAAAAAAAAAChQAIygAAAAABAUxq9p\/2Jw=="}
00618{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"android.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454866803,"flow_last_seen":1582454866803,"flow_idle_time":140000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1582454866803,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::2","l4_proto":"icmp6","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
00624{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"android.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454866803,"flow_last_seen":1582454866803,"flow_idle_time":140000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"midstream":0,"thread_ts_msec":1582454866803,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::2","l4_proto":"icmp6","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"android.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1582454866894,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":90,"pkt_l4_len":28,"thread_ts_msec":1582454866894,"pkt":"MzMAAAAWTGr2n\/Ynht1gAAAAACQAAf6AAAAAAAAATmr2\/\/6f9if\/AgAAAAAAAAAAAAAAAAAWOgAFAgAAAQCPAEAQAAAAAQQAAAD\/AgAAAAAAAAAAAAH\/n\/Yn"}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":78,"source":"android.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454867034,"flow_last_seen":1582454867034,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1582454867034,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":52953,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":78,"source":"android.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454867034,"flow_last_seen":1582454867034,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"midstream":0,"thread_ts_msec":1582454867034,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":52953,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"android.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1582454867034,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_msec":1582454867034,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA\/qSJAAEARDCrAqAIQwKgCAc7ZADUAKwPW+6YBAAABAAAAAAAAB2NhcHRpdmUFYXBwbGUDY29tAAABAAE="}
00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"android.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454867034,"flow_last_seen":1582454867034,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1582454867034,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":52953,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"ConnCheck"},"dns": {"query":"captive.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"android.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454867034,"flow_last_seen":1582454867034,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"midstream":0,"thread_ts_msec":1582454867034,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":52953,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"ConnCheck"},"dns": {"query":"captive.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"android.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1582454867075,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"thread_ts_msec":1582454867075,"pkt":"TGr2n\/YnxiwDYGpkCABFAADPTgIAAEARprrAqAIBwKgCEAA1ztkAu4V++6aBgAABAAUAAAAAB2NhcHRpdmUFYXBwbGUDY29tAAABAAHADAAFAAEAABCKACoMY2FwdGl2ZS1jaWRyDG9yaWdpbi1hcHBsZQNjb20GYWthZG5zA25ldADALwAFAAEAAACCAA4LY2FwdGl2ZS1jZG7APMBlAAUAAQAAAVQAFAdjYXB0aXZlAWcHYWFwbGltZ8AawH8AAQABAAAAEwAEEf01ycB\/AAEAAQAAABMABBH9NdA="}
00787{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":79,"source":"android.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454867034,"flow_last_seen":1582454867075,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1582454867075,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":52953,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"ConnCheck"},"dns": {"query":"captive.apple.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.253.53.201"}}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":80,"source":"android.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454867151,"flow_last_seen":1582454867151,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454867151,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"17.253.53.201","src_port":58338,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00792{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":79,"source":"android.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454867034,"flow_last_seen":1582454867075,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":214,"midstream":0,"thread_ts_msec":1582454867075,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":52953,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"ConnCheck"},"dns": {"query":"captive.apple.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.253.53.201"}}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":80,"source":"android.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454867151,"flow_last_seen":1582454867151,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454867151,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"17.253.53.201","src_port":58338,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"android.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1582454867151,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454867151,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8SJ9AAEAG557AqAIQEf01yePiAFBF7HpxAAAAAKAC\/\/9mAgAAAgQFtAQCCAr\/\/zLuAAAAAAEDAwg="}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"android.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1582454867184,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454867184,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8AAAAADQGfD4R\/TXJwKgCEABQ4+KuJAPnRex6cqAScNDonAAAAgQFrAQCCAp2SOQ3\/\/8y7gEDAwg="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"android.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1582454867186,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454867186,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0SKBAAEAG56XAqAIQEf01yePiAFBF7HpyriQD6IAQAVeG0QAAAQEICv\/\/Mvh2SOQ3"}
00862{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"android.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454867151,"flow_last_seen":1582454867196,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1582454867196,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"17.253.53.201","src_port":58338,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Apple","breed":"Safe","category":"ConnCheck"},"http": {"hostname":"captive.apple.com","url":"captive.apple.com\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/60.0.3112.32 Safari\/537.36"}}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":88,"source":"android.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454867244,"flow_last_seen":1582454867244,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1582454867244,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35825,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00868{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"android.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454867151,"flow_last_seen":1582454867196,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"midstream":0,"thread_ts_msec":1582454867196,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"17.253.53.201","src_port":58338,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Apple","breed":"Safe","category":"ConnCheck"},"http": {"hostname":"captive.apple.com","url":"captive.apple.com\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/60.0.3112.32 Safari\/537.36"}}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":88,"source":"android.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454867244,"flow_last_seen":1582454867244,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"midstream":0,"thread_ts_msec":1582454867244,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35825,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"android.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1582454867244,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1582454867244,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA+qTJAAEARDBvAqAIQwKgCAYvxADUAKg90oPQBAAABAAAAAAAABHRpbWUHYW5kcm9pZANjb20AAAEAAQ=="}
00767{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"android.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454867244,"flow_last_seen":1582454867244,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1582454867244,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35825,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"time.android.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"android.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454867244,"flow_last_seen":1582454867244,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"midstream":0,"thread_ts_msec":1582454867244,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35825,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"time.android.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"android.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1582454867284,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_msec":1582454867284,"pkt":"TGr2n\/YnxiwDYGpkCABFAAB+z3oAAEARJZPAqAIBwKgCEAA1i\/EAapnsoPSBgAABAAQAAAAABHRpbWUHYW5kcm9pZANjb20AAAEAAcAMAAEAAQAAARgABNjvIwjADAABAAEAAAEYAATY7yMAwAwAAQABAAABGAAE2O8jBMAMAAEAAQAAARgABNjvIww="}
00781{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":91,"source":"android.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454867244,"flow_last_seen":1582454867284,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":66,"midstream":0,"thread_ts_msec":1582454867284,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35825,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"time.android.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.35.8"}}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":93,"source":"android.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454867323,"flow_last_seen":1582454867323,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1582454867323,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.35.8","src_port":45863,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00787{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":91,"source":"android.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454867244,"flow_last_seen":1582454867284,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":132,"midstream":0,"thread_ts_msec":1582454867284,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35825,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"time.android.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.35.8"}}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":93,"source":"android.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454867323,"flow_last_seen":1582454867323,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"midstream":0,"thread_ts_msec":1582454867323,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.35.8","src_port":45863,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"android.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1582454867323,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1582454867323,"pkt":"xiwDYGpkTGr2n\/YnCABFAABMoTdAAEAR2rnAqAIQ2O8jCLMnAHsAOGfAGwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOH81o7jEm7M"}
00674{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":93,"source":"android.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454867323,"flow_last_seen":1582454867323,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1582454867323,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.35.8","src_port":45863,"dst_port":123,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"},"ntp": {"request_code":0,"version":0}}
00680{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":93,"source":"android.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454867323,"flow_last_seen":1582454867323,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"midstream":0,"thread_ts_msec":1582454867323,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.35.8","src_port":45863,"dst_port":123,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"},"ntp": {"request_code":0,"version":0}}
00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"android.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1582454867358,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1582454867358,"pkt":"TGr2n\/YnxiwDYGpkCABFAABMa8oAAGcRKSfY7yMIwKgCEAB7sycAOKcPHAEA7AAAAAAAAAAMR09PR+H81tNW8KhI4fzWjuMSbszh\/NbTVvCoSeH81tNW8KhL"}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":95,"source":"android.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454867637,"flow_last_seen":1582454867637,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454867637,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":34540,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":95,"source":"android.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454867637,"flow_last_seen":1582454867637,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454867637,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":34540,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"android.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1582454867637,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1582454867637,"pkt":"xiwDYGpkTGr2n\/YnCABFAABBqXVAAEARC9XAqAIQwKgCAYbsADUALQrUr3oBAAABAAAAAAAACGNsaWVudHMxBmdvb2dsZQNjb20AAAEAAQ=="}
00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":95,"source":"android.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454867637,"flow_last_seen":1582454867637,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454867637,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":34540,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"clients1.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":95,"source":"android.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454867637,"flow_last_seen":1582454867637,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454867637,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":34540,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"clients1.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"android.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1582454867639,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_msec":1582454867639,"pkt":"TGr2n\/YnxiwDYGpkCABFAABRpSEAAEARUBnAqAIBwKgCEAA1huwAPTVyr3qBgAABAAEAAAAACGNsaWVudHMxBmdvb2dsZQNjb20AAAEAAcAMAAEAAQAAANoABNjvJng="}
00788{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":96,"source":"android.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454867637,"flow_last_seen":1582454867639,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454867639,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":34540,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"clients1.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":97,"source":"android.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454867688,"flow_last_seen":1582454867688,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454867688,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32974,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00794{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":96,"source":"android.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454867637,"flow_last_seen":1582454867639,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"midstream":0,"thread_ts_msec":1582454867639,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":34540,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"clients1.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":97,"source":"android.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454867688,"flow_last_seen":1582454867688,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454867688,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32974,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"android.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1582454867688,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454867688,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8oxlAAEAG1YLAqAIQ2O8meIDOAbtPCpBsAAAAAKAC\/\/\/waQAAAgQFtAQCCAr\/\/zN1AAAAAAEDAwg="}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"android.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1582454867702,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454867702,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA840EAAHYGn1rY7yZ4wKgCEAG7gM7sufL\/TwqQbaAS6yANxQAAAgQFZAQCCAoG5BEl\/\/8zdQEDAwg="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"android.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1582454867703,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454867703,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0oxpAAEAG1YnAqAIQ2O8meIDOAbtPCpBt7LnzAIAQAVcmCAAAAQEICv\/\/M3kG5BEl"}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":100,"source":"android.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454867723,"flow_last_seen":1582454867723,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454867723,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":54837,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":100,"source":"android.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454867723,"flow_last_seen":1582454867723,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454867723,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":54837,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"android.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1582454867723,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1582454867723,"pkt":"xiwDYGpkTGr2n\/YnCABFAABBqYtAAEARC7\/AqAIQwKgCAdY1ADUALYAStecBAAABAAAAAAAABHBsYXkKZ29vZ2xlYXBpcwNjb20AAAEAAQ=="}
00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":100,"source":"android.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454867723,"flow_last_seen":1582454867723,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454867723,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":54837,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"play.googleapis.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00967{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"android.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454867688,"flow_last_seen":1582454867759,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":166,"flow_tot_l4_payload_len":166,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1582454867759,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32974,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"clients1.google.com","ja3":"c60d01d600aacc2c04844595ce224279","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":100,"source":"android.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454867723,"flow_last_seen":1582454867723,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454867723,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":54837,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"play.googleapis.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00973{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"android.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454867688,"flow_last_seen":1582454867759,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":166,"flow_tot_l4_payload_len":166,"midstream":0,"thread_ts_msec":1582454867759,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32974,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"clients1.google.com","ja3":"c60d01d600aacc2c04844595ce224279","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"android.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1582454867761,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_msec":1582454867761,"pkt":"TGr2n\/YnxiwDYGpkCABFAABRO4cAAEARubPAqAIBwKgCEAA11jUAPbDuteeBgAABAAEAAAAABHBsYXkKZ29vZ2xlYXBpcwNjb20AAAEAAcAMAAEAAQAAARgABKzZFEo="}
00796{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":102,"source":"android.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454867723,"flow_last_seen":1582454867761,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454867761,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":54837,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"play.googleapis.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.20.74"}}
01026{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":104,"source":"android.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454867688,"flow_last_seen":1582454867788,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1584,"flow_avg_l4_payload_len":264,"midstream":0,"thread_ts_msec":1582454867788,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32974,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"clients1.google.com","ja3":"c60d01d600aacc2c04844595ce224279","ja3s":"b31c0b82752ea0e2c48b8ce46e9263e5","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"}}
02356{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":106,"source":"android.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454867688,"flow_last_seen":1582454867789,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3887,"flow_avg_l4_payload_len":485,"midstream":0,"thread_ts_msec":1582454867789,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32974,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"clients1.google.com","server_names":"*.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.crowdsource.google.com,*.g.co,*.gcp.gvt2.com,*.gcpcdn.gvt1.com,*.ggpht.cn,*.gkecnapps.cn,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleadapis.com,*.googleapis.cn,*.googlecnapps.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.cn,*.gstatic.com,*.gstaticcnapps.cn,*.gvt1.com,*.gvt2.com,*.metric.gstatic.com,*.urchin.com,*.url.google.com,*.wear.gkecnapps.cn,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.youtubekids.com,*.yt.be,*.ytimg.com,android.clients.google.com,android.com,developer.android.google.cn,developers.android.google.cn,g.co,ggpht.cn,gkecnapps.cn,goo.gl,google-analytics.com,google.com,googlecnapps.cn,googlecommerce.com,source.android.google.cn,urchin.com,www.goo.gl,youtu.be,youtube.com,youtubeeducation.com,youtubekids.com,yt.be","ja3":"c60d01d600aacc2c04844595ce224279","ja3s":"b31c0b82752ea0e2c48b8ce46e9263e5","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google.com","fingerprint":"80:50:28:F4:84:F5:C4:C6:41:DE:75:67:38:C4:A6:E2:59:FF:75:42"}}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":123,"source":"android.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454868348,"flow_last_seen":1582454868348,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454868348,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52486,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00802{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":102,"source":"android.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454867723,"flow_last_seen":1582454867761,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"midstream":0,"thread_ts_msec":1582454867761,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":54837,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"play.googleapis.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.20.74"}}
01031{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":104,"source":"android.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454867688,"flow_last_seen":1582454867788,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1584,"midstream":0,"thread_ts_msec":1582454867788,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32974,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"clients1.google.com","ja3":"c60d01d600aacc2c04844595ce224279","ja3s":"b31c0b82752ea0e2c48b8ce46e9263e5","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"}}
02361{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":106,"source":"android.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1582454867688,"flow_last_seen":1582454867789,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3887,"midstream":0,"thread_ts_msec":1582454867789,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32974,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"clients1.google.com","server_names":"*.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.crowdsource.google.com,*.g.co,*.gcp.gvt2.com,*.gcpcdn.gvt1.com,*.ggpht.cn,*.gkecnapps.cn,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleadapis.com,*.googleapis.cn,*.googlecnapps.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.cn,*.gstatic.com,*.gstaticcnapps.cn,*.gvt1.com,*.gvt2.com,*.metric.gstatic.com,*.urchin.com,*.url.google.com,*.wear.gkecnapps.cn,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.youtubekids.com,*.yt.be,*.ytimg.com,android.clients.google.com,android.com,developer.android.google.cn,developers.android.google.cn,g.co,ggpht.cn,gkecnapps.cn,goo.gl,google-analytics.com,google.com,googlecnapps.cn,googlecommerce.com,source.android.google.cn,urchin.com,www.goo.gl,youtu.be,youtube.com,youtubeeducation.com,youtubekids.com,yt.be","ja3":"c60d01d600aacc2c04844595ce224279","ja3s":"b31c0b82752ea0e2c48b8ce46e9263e5","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google.com","fingerprint":"80:50:28:F4:84:F5:C4:C6:41:DE:75:67:38:C4:A6:E2:59:FF:75:42"}}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":123,"source":"android.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454868348,"flow_last_seen":1582454868348,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454868348,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52486,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"android.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1582454868348,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454868348,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8A3VAAEAGs2vAqAIQrNkUSs0GAbvbqzdvAAAAAKAC\/\/+uLAAAAgQFtAQCCAr\/\/zQaAAAAAAEDAwg="}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"android.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1582454868386,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454868386,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8PjQAAHUGg6ys2RRKwKgCEAG7zQbWjo3E26s3cKAS6yAJ1AAAAgQFZAQCCAq9hJee\/\/80GgEDAwg="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"android.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1582454868386,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454868386,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0A3ZAAEAGs3LAqAIQrNkUSs0GAbvbqzdw1o6NxYAQAVciEQAAAQEICv\/\/NCS9hJee"}
00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":126,"source":"android.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454868348,"flow_last_seen":1582454868424,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":185,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1582454868424,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52486,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"play.googleapis.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":128,"source":"android.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454868462,"flow_last_seen":1582454868462,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1582454868462,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":47081,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":126,"source":"android.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454868348,"flow_last_seen":1582454868424,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":185,"midstream":0,"thread_ts_msec":1582454868424,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52486,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"play.googleapis.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":128,"source":"android.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454868462,"flow_last_seen":1582454868462,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"midstream":0,"thread_ts_msec":1582454868462,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":47081,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"android.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1582454868462,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1582454868462,"pkt":"xiwDYGpkTGr2n\/YnCABFAABLqjFAAEARCw\/AqAIQwKgCAbfpADUAN\/8RnJ4BAAABAAAAAAAAEWNvbm5lY3Rpdml0eWNoZWNrB2dzdGF0aWMDY29tAAABAAE="}
00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":128,"source":"android.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454868462,"flow_last_seen":1582454868462,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1582454868462,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":47081,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"ConnCheck"},"dns": {"query":"connectivitycheck.gstatic.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00916{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":129,"source":"android.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454868348,"flow_last_seen":1582454868466,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1603,"flow_avg_l4_payload_len":267,"midstream":0,"thread_ts_msec":1582454868466,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52486,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"play.googleapis.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
01590{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":131,"source":"android.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454868348,"flow_last_seen":1582454868466,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3177,"flow_avg_l4_payload_len":397,"midstream":0,"thread_ts_msec":1582454868466,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52486,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"play.googleapis.com","server_names":"*.storage.googleapis.com,*.appspot.com.storage.googleapis.com,*.commondatastorage.googleapis.com,*.content-storage-download.googleapis.com,*.content-storage-upload.googleapis.com,*.content-storage.googleapis.com,*.googleapis.com,*.storage-download.googleapis.com,*.storage-upload.googleapis.com,*.storage.select.googleapis.com,commondatastorage.googleapis.com,storage.googleapis.com,storage.select.googleapis.com,unfiltered.news","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.storage.googleapis.com","alpn":"http\/1.1","fingerprint":"BA:BA:BA:55:69:9F:E0:BD:48:80:23:A4:B3:AD:C1:FF:EA:4E:17:C9"}}
00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":128,"source":"android.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454868462,"flow_last_seen":1582454868462,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"midstream":0,"thread_ts_msec":1582454868462,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":47081,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"ConnCheck"},"dns": {"query":"connectivitycheck.gstatic.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00921{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":129,"source":"android.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454868348,"flow_last_seen":1582454868466,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1603,"midstream":0,"thread_ts_msec":1582454868466,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52486,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"play.googleapis.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
01595{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":131,"source":"android.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1582454868348,"flow_last_seen":1582454868466,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3177,"midstream":0,"thread_ts_msec":1582454868466,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52486,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"play.googleapis.com","server_names":"*.storage.googleapis.com,*.appspot.com.storage.googleapis.com,*.commondatastorage.googleapis.com,*.content-storage-download.googleapis.com,*.content-storage-upload.googleapis.com,*.content-storage.googleapis.com,*.googleapis.com,*.storage-download.googleapis.com,*.storage-upload.googleapis.com,*.storage.select.googleapis.com,commondatastorage.googleapis.com,storage.googleapis.com,storage.select.googleapis.com,unfiltered.news","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.storage.googleapis.com","alpn":"http\/1.1","fingerprint":"BA:BA:BA:55:69:9F:E0:BD:48:80:23:A4:B3:AD:C1:FF:EA:4E:17:C9"}}
00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"android.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1582454868503,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1582454868503,"pkt":"TGr2n\/YnxiwDYGpkCABFAABbmZAAAEARW6DAqAIBwKgCEAA1t+kAR93wnJ6BgAABAAEAAAAAEWNvbm5lY3Rpdml0eWNoZWNrB2dzdGF0aWMDY29tAAABAAHADAABAAEAAACxAASs2RID"}
00804{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":135,"source":"android.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454868462,"flow_last_seen":1582454868503,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1582454868503,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":47081,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"ConnCheck"},"dns": {"query":"connectivitycheck.gstatic.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.18.3"}}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":136,"source":"android.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454868511,"flow_last_seen":1582454868511,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454868511,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36888,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00810{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":135,"source":"android.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454868462,"flow_last_seen":1582454868503,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":110,"midstream":0,"thread_ts_msec":1582454868503,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":47081,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"ConnCheck"},"dns": {"query":"connectivitycheck.gstatic.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.18.3"}}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":136,"source":"android.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454868511,"flow_last_seen":1582454868511,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454868511,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36888,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"android.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1582454868511,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454868511,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8PG9AAEAGfLjAqAIQrNkSA5AYAbuCdQgsAAAAAKAC\/\/91sgAAAgQFtAQCCAr\/\/zRDAAAAAAEDAwg="}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":137,"source":"android.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454868527,"flow_last_seen":1582454868527,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454868527,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36890,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":137,"source":"android.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454868527,"flow_last_seen":1582454868527,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454868527,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36890,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"android.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1582454868527,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454868527,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8stVAAEAGBlLAqAIQrNkSA5AaAbtdpoaTAAAAAKAC\/\/8cFQAAAgQFtAQCCAr\/\/zRGAAAAAAEDAwg="}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":138,"source":"android.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1582454868559,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454868559,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8mn0AAHYGKKqs2RIDwKgCEAG7kBpu4mZiXaaGlKAS6yC\/LgAAAgQFZAQCCApPRk15\/\/80RgEDAwg="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"android.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1582454868563,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454868563,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0stZAAEAGBlnAqAIQrNkSA5AaAbtdpoaUbuJmY4AQAVfXbAAAAQEICv\/\/NE9PRk15"}
00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":140,"source":"android.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454868527,"flow_last_seen":1582454868563,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1582454868563,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36890,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"ConnCheck"},"tls": {"version":"TLSv1.2","client_requested_server_name":"connectivitycheck.gstatic.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":142,"source":"android.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454868597,"flow_last_seen":1582454868597,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454868597,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":51430,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00870{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":140,"source":"android.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454868527,"flow_last_seen":1582454868563,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"midstream":0,"thread_ts_msec":1582454868563,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36890,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"ConnCheck"},"tls": {"version":"TLSv1.2","client_requested_server_name":"connectivitycheck.gstatic.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":142,"source":"android.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454868597,"flow_last_seen":1582454868597,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454868597,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":51430,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"android.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1582454868597,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1582454868597,"pkt":"xiwDYGpkTGr2n\/YnCABFAABBqkFAAEARCwnAqAIQwKgCAcjmADUALYwU2tsBAAABAAAAAAAAD2FwcC1tZWFzdXJlbWVudANjb20AAAEAAQ=="}
00771{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":142,"source":"android.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454868597,"flow_last_seen":1582454868597,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454868597,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":51430,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"app-measurement.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00777{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":142,"source":"android.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454868597,"flow_last_seen":1582454868597,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454868597,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":51430,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"app-measurement.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":143,"source":"android.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1582454868597,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_msec":1582454868597,"pkt":"TGr2n\/YnxiwDYGpkCABFAABRZjUAAEARjwXAqAIBwKgCEAA1yOYAPQ9d2tuBgAABAAEAAAAAD2FwcC1tZWFzdXJlbWVudANjb20AAAEAAcAMAAEAAQAAAEEABKzZqM4="}
00787{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":143,"source":"android.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454868597,"flow_last_seen":1582454868597,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454868597,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":51430,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"app-measurement.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.168.206"}}
00923{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":144,"source":"android.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454868527,"flow_last_seen":1582454868603,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1613,"flow_avg_l4_payload_len":268,"midstream":0,"thread_ts_msec":1582454868603,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36890,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"ConnCheck"},"tls": {"version":"TLSv1.2","client_requested_server_name":"connectivitycheck.gstatic.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
02253{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":146,"source":"android.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454868527,"flow_last_seen":1582454868603,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3903,"flow_avg_l4_payload_len":487,"midstream":0,"thread_ts_msec":1582454868603,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36890,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"ConnCheck"},"tls": {"version":"TLSv1.2","client_requested_server_name":"connectivitycheck.gstatic.com","server_names":"*.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.crowdsource.google.com,*.g.co,*.gcp.gvt2.com,*.gcpcdn.gvt1.com,*.ggpht.cn,*.gkecnapps.cn,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleadapis.com,*.googleapis.cn,*.googlecnapps.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.cn,*.gstatic.com,*.gstaticcnapps.cn,*.gvt1.com,*.gvt2.com,*.metric.gstatic.com,*.urchin.com,*.url.google.com,*.wear.gkecnapps.cn,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.youtubekids.com,*.yt.be,*.ytimg.com,android.clients.google.com,android.com,developer.android.google.cn,developers.android.google.cn,g.co,ggpht.cn,gkecnapps.cn,goo.gl,google-analytics.com,google.com,googlecnapps.cn,googlecommerce.com,source.android.google.cn,urchin.com,www.goo.gl,youtu.be,youtube.com,youtubeeducation.com,youtubekids.com,yt.be","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google.com","alpn":"http\/1.1","fingerprint":"80:50:28:F4:84:F5:C4:C6:41:DE:75:67:38:C4:A6:E2:59:FF:75:42"}}
00793{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":143,"source":"android.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454868597,"flow_last_seen":1582454868597,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"midstream":0,"thread_ts_msec":1582454868597,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":51430,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"app-measurement.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.168.206"}}
00928{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":144,"source":"android.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454868527,"flow_last_seen":1582454868603,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1613,"midstream":0,"thread_ts_msec":1582454868603,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36890,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"ConnCheck"},"tls": {"version":"TLSv1.2","client_requested_server_name":"connectivitycheck.gstatic.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
02258{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":146,"source":"android.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1582454868527,"flow_last_seen":1582454868603,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3903,"midstream":0,"thread_ts_msec":1582454868603,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36890,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"ConnCheck"},"tls": {"version":"TLSv1.2","client_requested_server_name":"connectivitycheck.gstatic.com","server_names":"*.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.crowdsource.google.com,*.g.co,*.gcp.gvt2.com,*.gcpcdn.gvt1.com,*.ggpht.cn,*.gkecnapps.cn,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleadapis.com,*.googleapis.cn,*.googlecnapps.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.cn,*.gstatic.com,*.gstaticcnapps.cn,*.gvt1.com,*.gvt2.com,*.metric.gstatic.com,*.urchin.com,*.url.google.com,*.wear.gkecnapps.cn,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.youtubekids.com,*.yt.be,*.ytimg.com,android.clients.google.com,android.com,developer.android.google.cn,developers.android.google.cn,g.co,ggpht.cn,gkecnapps.cn,goo.gl,google-analytics.com,google.com,googlecnapps.cn,googlecommerce.com,source.android.google.cn,urchin.com,www.goo.gl,youtu.be,youtube.com,youtubeeducation.com,youtubekids.com,yt.be","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google.com","alpn":"http\/1.1","fingerprint":"80:50:28:F4:84:F5:C4:C6:41:DE:75:67:38:C4:A6:E2:59:FF:75:42"}}
00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":150,"source":"android.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1582454868606,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":114,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":114,"pkt_l4_len":60,"thread_ts_msec":1582454868606,"pkt":"MzMAAQACTGr2n\/Ynht1gBNipADwRAf6AAAAAAAAATmr2\/\/6f9if\/AgAAAAAAAAAAAAAAAQACAiICIwA8Uc8B2OT+AAEADgABAAEl5RSOTGr2n\/YnAAMADA4ACMoAAAAAAAAAAAAIAAIAAAAGAAQAFwAY"}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":151,"source":"android.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1582454868843,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454868843,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8fo0AAHYGRJqs2RIDwKgCEAG7kBjGuYRJgnUILaAS6yAZNAAAAgQFZAQCCApRt9Th\/\/80QwEDAwg="}
00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":152,"source":"android.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_last_seen":1582454868844,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454868844,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0PHBAAEAGfL\/AqAIQrNkSA5AYAbuCdQgtxrmESoAQAVcxKAAAAQEICv\/\/NJZRt9Th"}
00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":153,"source":"android.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454868511,"flow_last_seen":1582454868936,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1582454868936,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36888,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"ConnCheck"},"tls": {"version":"TLSv1.2","client_requested_server_name":"connectivitycheck.gstatic.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
00874{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":155,"source":"android.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454868511,"flow_last_seen":1582454869031,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":872,"flow_tot_l4_payload_len":1067,"flow_avg_l4_payload_len":177,"midstream":0,"thread_ts_msec":1582454869031,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36888,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"ConnCheck"},"tls": {"version":"TLSv1.2","client_requested_server_name":"connectivitycheck.gstatic.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":165,"source":"android.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454869361,"flow_last_seen":1582454869361,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1582454869361,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39008,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00870{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":153,"source":"android.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454868511,"flow_last_seen":1582454868936,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"midstream":0,"thread_ts_msec":1582454868936,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36888,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"ConnCheck"},"tls": {"version":"TLSv1.2","client_requested_server_name":"connectivitycheck.gstatic.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
00879{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":155,"source":"android.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454868511,"flow_last_seen":1582454869031,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":872,"flow_tot_l4_payload_len":1067,"midstream":0,"thread_ts_msec":1582454869031,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36888,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"ConnCheck"},"tls": {"version":"TLSv1.2","client_requested_server_name":"connectivitycheck.gstatic.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":165,"source":"android.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454869361,"flow_last_seen":1582454869361,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"midstream":0,"thread_ts_msec":1582454869361,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39008,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":165,"source":"android.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1582454869361,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1582454869361,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA+qnVAAEARCtjAqAIQwKgCAZhgADUAKv996DEBAAABAAAAAAAABW10YWxrBmdvb2dsZQNjb20AAAEAAQ=="}
00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":165,"source":"android.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454869361,"flow_last_seen":1582454869361,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1582454869361,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39008,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"mtalk.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00785{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":165,"source":"android.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454869361,"flow_last_seen":1582454869361,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"midstream":0,"thread_ts_msec":1582454869361,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39008,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"mtalk.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"android.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1582454869363,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1582454869363,"pkt":"TGr2n\/YnxiwDYGpkCABFAABORPIAAEARsEvAqAIBwKgCEAA1mGAAOr6H6DGBgAABAAEAAAAABW10YWxrBmdvb2dsZQNjb20AAAEAAcAMAAEAAQAAANoABNjvJng="}
00794{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":166,"source":"android.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454869361,"flow_last_seen":1582454869363,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":84,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1582454869363,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39008,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"mtalk.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":168,"source":"android.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454869517,"flow_last_seen":1582454869517,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454869517,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.168.206","src_port":50384,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00800{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":166,"source":"android.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454869361,"flow_last_seen":1582454869363,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":84,"midstream":0,"thread_ts_msec":1582454869363,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39008,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"mtalk.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":168,"source":"android.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454869517,"flow_last_seen":1582454869517,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454869517,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.168.206","src_port":50384,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":168,"source":"android.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1582454869517,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454869517,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8ooxAAEAGf8\/AqAIQrNmozsTQAbv86pehAAAAAKAC\/\/+fWQAAAgQFtAQCCAr\/\/zUtAAAAAAEDAwg="}
00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":169,"source":"android.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1582454869556,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454869556,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA80VwAAHUGW\/+s2ajOwKgCEAG7xNCPRbjJ\/OqXoqAS6yAGLQAAAgQFZAQCCApmsf+J\/\/81LQEDAwg="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":170,"source":"android.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_last_seen":1582454869557,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454869557,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0oo1AAEAGf9bAqAIQrNmozsTQAbv86peij0W4yoAQAVceWQAAAQEICv\/\/NUhmsf+J"}
00851{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"android.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454869517,"flow_last_seen":1582454869614,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":185,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1582454869614,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.168.206","src_port":50384,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"app-measurement.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":172,"source":"android.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454869626,"flow_last_seen":1582454869626,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454869626,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":49510,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"android.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454869517,"flow_last_seen":1582454869614,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":185,"midstream":0,"thread_ts_msec":1582454869614,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.168.206","src_port":50384,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"app-measurement.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":172,"source":"android.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454869626,"flow_last_seen":1582454869626,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454869626,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":49510,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"android.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1582454869626,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454869626,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8g2ZAAEAG9TXAqAIQ2O8meMFmFGxVMrY\/AAAAAKAC\/\/9vQQAAAgQFtAQCCAr\/\/zVZAAAAAAEDAwg="}
00908{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":174,"source":"android.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454869517,"flow_last_seen":1582454869657,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1603,"flow_avg_l4_payload_len":267,"midstream":0,"thread_ts_msec":1582454869657,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.168.206","src_port":50384,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"app-measurement.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"9d9ce860f1b1cbef07b019450cb368d8","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
01413{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":176,"source":"android.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454869517,"flow_last_seen":1582454869657,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3386,"flow_avg_l4_payload_len":423,"midstream":0,"thread_ts_msec":1582454869657,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.168.206","src_port":50384,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"app-measurement.com","server_names":"*.google-analytics.com,*.fps.goog,app-measurement.com,fps.goog,google-analytics.com,googleoptimize.com,googletagmanager.com,service.urchin.com,ssl.google-analytics.com,urchin.com,www.google-analytics.com,www.googleoptimize.com,www.googletagmanager.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"9d9ce860f1b1cbef07b019450cb368d8","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google-analytics.com","alpn":"http\/1.1","fingerprint":"B0:D9:D3:57:C2:34:87:2C:FB:F5:E6:BD:7F:9F:54:65:08:61:AF:01"}}
00913{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":174,"source":"android.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454869517,"flow_last_seen":1582454869657,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1603,"midstream":0,"thread_ts_msec":1582454869657,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.168.206","src_port":50384,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"app-measurement.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"9d9ce860f1b1cbef07b019450cb368d8","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
01418{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":176,"source":"android.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1582454869517,"flow_last_seen":1582454869657,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3386,"midstream":0,"thread_ts_msec":1582454869657,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.168.206","src_port":50384,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"app-measurement.com","server_names":"*.google-analytics.com,*.fps.goog,app-measurement.com,fps.goog,google-analytics.com,googleoptimize.com,googletagmanager.com,service.urchin.com,ssl.google-analytics.com,urchin.com,www.google-analytics.com,www.googleoptimize.com,www.googletagmanager.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"9d9ce860f1b1cbef07b019450cb368d8","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google-analytics.com","alpn":"http\/1.1","fingerprint":"B0:D9:D3:57:C2:34:87:2C:FB:F5:E6:BD:7F:9F:54:65:08:61:AF:01"}}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"android.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1582454870649,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454870649,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8g2dAAEAG9TTAqAIQ2O8meMFmFGxVMrY\/AAAAAKAC\/\/9uQgAAAgQFtAQCCAr\/\/zZYAAAAAAEDAwg="}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":200,"source":"android.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454870996,"flow_last_seen":1582454870996,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1582454870996,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":36613,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":200,"source":"android.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454870996,"flow_last_seen":1582454870996,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"midstream":0,"thread_ts_msec":1582454870996,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":36613,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":200,"source":"android.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1582454870996,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1582454870996,"pkt":"xiwDYGpkTGr2n\/YnCABFAABIq6dAAEARCZzAqAIQwKgCAY8FADUANFCq5z4BAAABAAAAAAAAB2FuZHJvaWQHY2xpZW50cwZnb29nbGUDY29tAAABAAE="}
00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":200,"source":"android.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454870996,"flow_last_seen":1582454870996,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1582454870996,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":36613,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"dns": {"query":"android.clients.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00795{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":200,"source":"android.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454870996,"flow_last_seen":1582454870996,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"midstream":0,"thread_ts_msec":1582454870996,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":36613,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"dns": {"query":"android.clients.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"android.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1582454870998,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"thread_ts_msec":1582454870998,"pkt":"TGr2n\/YnxiwDYGpkCABFAABYgb0AAEARc3bAqAIBwKgCEAA1jwUARA+05z6BgAABAAEAAAAAB2FuZHJvaWQHY2xpZW50cwZnb29nbGUDY29tAAABAAHADAABAAEAAADaAATY7yZ4"}
00805{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":201,"source":"android.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454870996,"flow_last_seen":1582454870998,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1582454870998,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":36613,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"dns": {"query":"android.clients.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":202,"source":"android.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871042,"flow_last_seen":1582454871042,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871042,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32986,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00811{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":201,"source":"android.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454870996,"flow_last_seen":1582454870998,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":104,"midstream":0,"thread_ts_msec":1582454870998,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":36613,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"dns": {"query":"android.clients.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":202,"source":"android.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454871042,"flow_last_seen":1582454871042,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871042,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32986,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":202,"source":"android.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1582454871042,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871042,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA83wxAAEAGmY\/AqAIQ2O8meIDaAbu5DOmwAAAAAKAC\/\/8p0AAAAgQFtAQCCAr\/\/za8AAAAAAEDAwg="}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":203,"source":"android.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871051,"flow_last_seen":1582454871051,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454871051,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32412,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":203,"source":"android.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454871051,"flow_last_seen":1582454871051,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454871051,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32412,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":203,"source":"android.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1582454871051,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1582454871051,"pkt":"xiwDYGpkTGr2n\/YnCABFAABBq69AAEARCZvAqAIQwKgCAX6cADUALTLn3DQBAAABAAAAAAAABWNoZWNrCWdvb2dsZXppcANuZXQAAAEAAQ=="}
00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":203,"source":"android.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871051,"flow_last_seen":1582454871051,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454871051,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32412,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"check.googlezip.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":203,"source":"android.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454871051,"flow_last_seen":1582454871051,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454871051,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32412,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"check.googlezip.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":205,"source":"android.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":1582454871056,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871056,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA84WAAAHcGoDvY7yZ4wKgCEAG7gNr8u4aauQzpsaAS6yCywwAAAgQFZAQCCAqJFH+\/\/\/82vAEDAwg="}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":206,"source":"android.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_last_seen":1582454871057,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871057,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA03w1AAEAGmZbAqAIQ2O8meIDaAbu5DOmx\/LuGm4AQAVfLBwAAAQEICv\/\/Nr+JFH+\/"}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":207,"source":"android.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1582454871058,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":70,"pkt_l4_len":16,"thread_ts_msec":1582454871058,"pkt":"MzMAAAACTGr2n\/Ynht1gAAAAABA6\/\/6AAAAAAAAATmr2\/\/6f9if\/AgAAAAAAAAAAAAAAAAAChQAIygAAAAABAUxq9p\/2Jw=="}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":208,"source":"android.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871061,"flow_last_seen":1582454871061,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1582454871061,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":7660,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":208,"source":"android.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454871061,"flow_last_seen":1582454871061,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"midstream":0,"thread_ts_msec":1582454871061,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":7660,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":208,"source":"android.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1582454871061,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"thread_ts_msec":1582454871061,"pkt":"xiwDYGpkTGr2n\/YnCABFAABGq7FAAEARCZTAqAIQwKgCAR3sADUAMs+l\/agBAAABAAAAAAAACWRhdGFzYXZlcgpnb29nbGVhcGlzA2NvbQAAAQAB"}
00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":208,"source":"android.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871061,"flow_last_seen":1582454871061,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1582454871061,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":7660,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"datasaver.googleapis.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":209,"source":"android.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871069,"flow_last_seen":1582454871069,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871069,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32988,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":208,"source":"android.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454871061,"flow_last_seen":1582454871061,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"midstream":0,"thread_ts_msec":1582454871061,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":7660,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"datasaver.googleapis.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":209,"source":"android.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454871069,"flow_last_seen":1582454871069,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871069,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32988,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":209,"source":"android.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1582454871069,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871069,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8\/AdAAEAGfJTAqAIQ2O8meIDcAbs4lMrFAAAAAKAC\/\/\/JKwAAAgQFtAQCCAr\/\/zbCAAAAAAEDAwg="}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":210,"source":"android.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871075,"flow_last_seen":1582454871075,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871075,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32990,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":210,"source":"android.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454871075,"flow_last_seen":1582454871075,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871075,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32990,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"android.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1582454871075,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871075,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8xAhAAEAGtJPAqAIQ2O8meIDeAbsJrvLMAAAAAKAC\/\/\/QBgAAAgQFtAQCCAr\/\/zbEAAAAAAEDAwg="}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":211,"source":"android.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":1582454871083,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871083,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8bmcAAHYGFDXY7yZ4wKgCEAG7gNxV\/jlEOJTKxqAS6yDJiQAAAgQFZAQCCAom516W\/\/82wgEDAwg="}
00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":212,"source":"android.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_last_seen":1582454871087,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871087,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0\/AhAAEAGfJvAqAIQ2O8meIDcAbs4lMrGVf45RYAQAVfhzAAAAQEICv\/\/NsYm516W"}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"android.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1582454871088,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871088,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8Nk0AAHcGS0\/Y7yZ4wKgCEAG7gN4gvysUCa7yzaAS6yD0TQAAAgQFZAQCCApclUhu\/\/82xAEDAwg="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"android.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":1582454871089,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871089,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0xAlAAEAGtJrAqAIQ2O8meIDeAbsJrvLNIL8rFYAQAVcMkgAAAQEICv\/\/NsdclUhu"}
00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"android.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1582454871090,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_msec":1582454871090,"pkt":"TGr2n\/YnxiwDYGpkCABFAABRSjQAAEARqwbAqAIBwKgCEAA1fpwAPWeH3DSBgAABAAEAAAAABWNoZWNrCWdvb2dsZXppcANuZXQAAAEAAcAMAAEAAQAAAQMABK3CT3I="}
00785{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":215,"source":"android.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454871051,"flow_last_seen":1582454871090,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454871090,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32412,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"check.googlezip.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"173.194.79.114"}}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":216,"source":"android.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871094,"flow_last_seen":1582454871094,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871094,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36834,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00791{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":215,"source":"android.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454871051,"flow_last_seen":1582454871090,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"midstream":0,"thread_ts_msec":1582454871090,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32412,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"check.googlezip.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"173.194.79.114"}}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":216,"source":"android.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454871094,"flow_last_seen":1582454871094,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871094,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36834,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"android.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1582454871094,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871094,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8RuFAAEAGM+7AqAIQrcJPco\/iAFBu6HAoAAAAAKAC\/\/\/iBQAAAgQFtAQCCAr\/\/zbJAAAAAAEDAwg="}
00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"android.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1582454871100,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":100,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":100,"pkt_l4_len":66,"thread_ts_msec":1582454871100,"pkt":"TGr2n\/YnxiwDYGpkCABFAABWpmUAAEARTtDAqAIBwKgCEAA1HewAQssi\/aiBgAABAAEAAAAACWRhdGFzYXZlcgpnb29nbGVhcGlzA2NvbQAAAQABwAwAAQABAAABKwAErNkVyg=="}
00790{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":217,"source":"android.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454871061,"flow_last_seen":1582454871100,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1582454871100,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":7660,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"datasaver.googleapis.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.21.202"}}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":218,"source":"android.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871103,"flow_last_seen":1582454871103,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871103,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51928,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00796{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":217,"source":"android.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454871061,"flow_last_seen":1582454871100,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":100,"midstream":0,"thread_ts_msec":1582454871100,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":7660,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"datasaver.googleapis.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.21.202"}}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":218,"source":"android.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454871103,"flow_last_seen":1582454871103,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871103,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51928,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"android.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1582454871103,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871103,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8ApdAAEAGssnAqAIQrNkVysrYAbsvYjRcAAAAAKAC\/\/9bhgAAAgQFtAQCCAr\/\/zbLAAAAAAEDAwg="}
01040{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":219,"source":"android.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871075,"flow_last_seen":1582454871103,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454871103,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32990,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"android.clients.google.com","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01040{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":220,"source":"android.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871042,"flow_last_seen":1582454871105,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454871105,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32986,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"android.clients.google.com","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":221,"source":"android.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871115,"flow_last_seen":1582454871115,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1582454871115,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":40580,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01045{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":219,"source":"android.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454871075,"flow_last_seen":1582454871103,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"midstream":0,"thread_ts_msec":1582454871103,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32990,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"android.clients.google.com","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01045{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":220,"source":"android.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454871042,"flow_last_seen":1582454871105,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"midstream":0,"thread_ts_msec":1582454871105,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32986,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"android.clients.google.com","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":221,"source":"android.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454871115,"flow_last_seen":1582454871115,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"midstream":0,"thread_ts_msec":1582454871115,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":40580,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"android.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1582454871115,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871115,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8q7VAAEARCZrAqAIQwKgCAZ6EADUAKMiehDwBAAABAAAAAAAAA3d3dwZnb29nbGUDY29tAAABAAE="}
00769{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":221,"source":"android.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871115,"flow_last_seen":1582454871115,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1582454871115,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":40580,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"www.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00775{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":221,"source":"android.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454871115,"flow_last_seen":1582454871115,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"midstream":0,"thread_ts_msec":1582454871115,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":40580,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"www.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":223,"source":"android.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1582454871117,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1582454871117,"pkt":"TGr2n\/YnxiwDYGpkCABFAABM2yQAAEARGhvAqAIBwKgCEAA1noQAOIeohDyBgAABAAEAAAAAA3d3dwZnb29nbGUDY29tAAABAAHADAABAAEAAADaAATY7yZ4"}
00784{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":223,"source":"android.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454871115,"flow_last_seen":1582454871117,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1582454871117,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":40580,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"www.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}}
00790{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":223,"source":"android.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454871115,"flow_last_seen":1582454871117,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"midstream":0,"thread_ts_msec":1582454871117,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":40580,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"www.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":225,"source":"android.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_last_seen":1582454871128,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871128,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA83d0AAGcGtfGtwk9ywKgCEABQj+ImKPRybuhwKaAS87giVwAAAgQFlgQCCArBhO\/i\/\/82yQEDAwg="}
00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"android.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_last_seen":1582454871130,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871130,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0RuJAAEAGM\/XAqAIQrcJPco\/iAFBu6HApJij0c4AQAVdDYAAAAQEICv\/\/NtHBhO\/i"}
00889{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":227,"source":"android.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871094,"flow_last_seen":1582454871131,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":74,"midstream":0,"thread_ts_msec":1582454871131,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36834,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.DataSaver","breed":"Fun","category":"Web"},"http": {"hostname":"check.googlezip.net","url":"check.googlezip.net\/connect","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 9; Nokia 2.2) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/79.0.3945.93 Mobile Safari\/537.36"}}
01081{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":228,"source":"android.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871075,"flow_last_seen":1582454871132,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"thread_ts_msec":1582454871132,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32990,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.3","client_requested_server_name":"android.clients.google.com","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00895{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":227,"source":"android.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454871094,"flow_last_seen":1582454871131,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"midstream":0,"thread_ts_msec":1582454871131,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36834,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.DataSaver","breed":"Fun","category":"Web"},"http": {"hostname":"check.googlezip.net","url":"check.googlezip.net\/connect","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 9; Nokia 2.2) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/79.0.3945.93 Mobile Safari\/537.36"}}
01086{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":228,"source":"android.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454871075,"flow_last_seen":1582454871132,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"midstream":0,"thread_ts_msec":1582454871132,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32990,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.3","client_requested_server_name":"android.clients.google.com","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":230,"source":"android.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":1582454871132,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871132,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8KYcAAHYGldms2RXKwKgCEAG7ytjkokMBL2I0XaAS6yDzNwAAAgQFZAQCCAptKuid\/\/82ywEDAwg="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":234,"source":"android.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_last_seen":1582454871135,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871135,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0AphAAEAGstDAqAIQrNkVysrYAbsvYjRd5KJDAoAQAVcLdwAAAQEICv\/\/NtNtKuid"}
01081{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":236,"source":"android.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871042,"flow_last_seen":1582454871135,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"thread_ts_msec":1582454871135,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32986,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.3","client_requested_server_name":"android.clients.google.com","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00919{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":241,"source":"android.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871103,"flow_last_seen":1582454871138,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454871138,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51928,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"datasaver.googleapis.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":243,"source":"android.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871152,"flow_last_seen":1582454871152,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871152,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32996,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
01086{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":236,"source":"android.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454871042,"flow_last_seen":1582454871135,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"midstream":0,"thread_ts_msec":1582454871135,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32986,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.3","client_requested_server_name":"android.clients.google.com","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00924{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":241,"source":"android.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454871103,"flow_last_seen":1582454871138,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"midstream":0,"thread_ts_msec":1582454871138,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51928,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"datasaver.googleapis.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":243,"source":"android.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454871152,"flow_last_seen":1582454871152,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871152,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32996,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":243,"source":"android.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1582454871152,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871152,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA82rlAAEAGneLAqAIQ2O8meIDkAbvMauxuAAAAAKAC\/\/8TjwAAAgQFtAQCCAr\/\/zbXAAAAAAEDAwg="}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":246,"source":"android.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_last_seen":1582454871166,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871166,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA82hIAAHUGqYnY7yZ4wKgCEAG7gOSVNE5IzGrsb6AS6yB0TQAAAgQFZAQCCArIBAje\/\/821wEDAwg="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":249,"source":"android.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_last_seen":1582454871167,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871167,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA02rpAAEAGnenAqAIQ2O8meIDkAbvMauxvlTROSYAQAVeMkAAAAQEICv\/\/NtvIBAje"}
00960{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":250,"source":"android.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871103,"flow_last_seen":1582454871175,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"thread_ts_msec":1582454871175,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51928,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"datasaver.googleapis.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00845{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":256,"source":"android.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871152,"flow_last_seen":1582454871200,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454871200,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32996,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.google.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
01040{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":257,"source":"android.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871069,"flow_last_seen":1582454871207,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454871207,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32988,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"android.clients.google.com","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00904{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":260,"source":"android.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871152,"flow_last_seen":1582454871230,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1598,"flow_avg_l4_payload_len":266,"midstream":0,"thread_ts_msec":1582454871230,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32996,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.google.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
01154{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":261,"source":"android.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1582454871152,"flow_last_seen":1582454871230,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":2734,"flow_avg_l4_payload_len":390,"midstream":0,"thread_ts_msec":1582454871230,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32996,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.google.com","server_names":"www.google.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=www.google.com","alpn":"http\/1.1","fingerprint":"32:07:6C:9F:96:7D:CE:82:15:C6:C5:7B:49:90:53:A1:CF:80:4F:B0"}}
01081{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":264,"source":"android.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871069,"flow_last_seen":1582454871237,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"thread_ts_msec":1582454871237,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32988,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.3","client_requested_server_name":"android.clients.google.com","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":274,"source":"android.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871292,"flow_last_seen":1582454871292,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454871292,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":46359,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00965{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":250,"source":"android.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454871103,"flow_last_seen":1582454871175,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"midstream":0,"thread_ts_msec":1582454871175,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51928,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"datasaver.googleapis.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00851{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":256,"source":"android.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454871152,"flow_last_seen":1582454871200,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":180,"midstream":0,"thread_ts_msec":1582454871200,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32996,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.google.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
01045{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":257,"source":"android.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454871069,"flow_last_seen":1582454871207,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"midstream":0,"thread_ts_msec":1582454871207,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32988,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"android.clients.google.com","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00909{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":260,"source":"android.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454871152,"flow_last_seen":1582454871230,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1598,"midstream":0,"thread_ts_msec":1582454871230,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32996,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.google.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
01159{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":261,"source":"android.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1582454871152,"flow_last_seen":1582454871230,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":2734,"midstream":0,"thread_ts_msec":1582454871230,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32996,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.google.com","server_names":"www.google.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=www.google.com","alpn":"http\/1.1","fingerprint":"32:07:6C:9F:96:7D:CE:82:15:C6:C5:7B:49:90:53:A1:CF:80:4F:B0"}}
01086{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":264,"source":"android.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454871069,"flow_last_seen":1582454871237,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"midstream":0,"thread_ts_msec":1582454871237,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32988,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.3","client_requested_server_name":"android.clients.google.com","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":274,"source":"android.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454871292,"flow_last_seen":1582454871292,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454871292,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":46359,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"android.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1582454871292,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1582454871292,"pkt":"xiwDYGpkTGr2n\/YnCABFAABBq9RAAEARCXbAqAIQwKgCAbUXADUALUF1Da4BAAABAAAAAAAACGFjY291bnRzBmdvb2dsZQNjb20AAAEAAQ=="}
00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":274,"source":"android.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871292,"flow_last_seen":1582454871292,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454871292,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":46359,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"accounts.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":274,"source":"android.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454871292,"flow_last_seen":1582454871292,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454871292,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":46359,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"accounts.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":276,"source":"android.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_last_seen":1582454871294,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_msec":1582454871294,"pkt":"TGr2n\/YnxiwDYGpkCABFAABRfN0AAEAReF3AqAIBwKgCEAA1tRcAPWwTDa6BgAABAAEAAAAACGFjY291bnRzBmdvb2dsZQNjb20AAAEAAcAMAAEAAQAAANoABNjvJng="}
00789{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":276,"source":"android.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454871292,"flow_last_seen":1582454871294,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454871294,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":46359,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"accounts.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":280,"source":"android.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871321,"flow_last_seen":1582454871321,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871321,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32998,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":276,"source":"android.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454871292,"flow_last_seen":1582454871294,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"midstream":0,"thread_ts_msec":1582454871294,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":46359,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"accounts.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":280,"source":"android.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454871321,"flow_last_seen":1582454871321,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871321,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32998,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":280,"source":"android.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1582454871321,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871321,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8nfFAAEAG2qrAqAIQ2O8meIDmAbsuQarwAAAAAKAC\/\/\/zCgAAAgQFtAQCCAr\/\/zcBAAAAAAEDAwg="}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":284,"source":"android.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_last_seen":1582454871334,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871334,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8saEAAHUG0frY7yZ4wKgCEAG7gOY64cVhLkGq8aAS6yCKsAAAAgQFZAQCCAofL14G\/\/83AQEDAwg="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":286,"source":"android.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":3,"flow_last_seen":1582454871335,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871335,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0nfJAAEAG2rHAqAIQ2O8meIDmAbsuQarxOuHFYoAQAVei8wAAAQEICv\/\/NwUfL14G"}
00918{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":288,"source":"android.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871321,"flow_last_seen":1582454871339,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454871339,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32998,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"accounts.google.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":291,"source":"android.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871343,"flow_last_seen":1582454871343,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1582454871343,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35689,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00923{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":288,"source":"android.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454871321,"flow_last_seen":1582454871339,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"midstream":0,"thread_ts_msec":1582454871339,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32998,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"accounts.google.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":291,"source":"android.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454871343,"flow_last_seen":1582454871343,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"midstream":0,"thread_ts_msec":1582454871343,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35689,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"android.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1582454871343,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_msec":1582454871343,"pkt":"xiwDYGpkTGr2n\/YnCABFAABQq9VAAEARCWbAqAIQwKgCAYtpADUAPJHqlgwBAAABAAAAAAAAE3NlbWFudGljbG9jYXRpb24tcGEKZ29vZ2xlYXBpcwNjb20AAAEAAQ=="}
00797{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":291,"source":"android.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871343,"flow_last_seen":1582454871343,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1582454871343,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35689,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"semanticlocation-pa.googleapis.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00959{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":298,"source":"android.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1582454871321,"flow_last_seen":1582454871370,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":276,"midstream":0,"thread_ts_msec":1582454871370,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32998,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"accounts.google.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00803{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":291,"source":"android.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454871343,"flow_last_seen":1582454871343,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"midstream":0,"thread_ts_msec":1582454871343,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35689,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"semanticlocation-pa.googleapis.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00964{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":298,"source":"android.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1582454871321,"flow_last_seen":1582454871370,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"midstream":0,"thread_ts_msec":1582454871370,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32998,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"accounts.google.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":310,"source":"android.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_last_seen":1582454871383,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_msec":1582454871383,"pkt":"TGr2n\/YnxiwDYGpkCABFAABgqGIAAEARTMnAqAIBwKgCEAA1i2kATI9glgyBgAABAAEAAAAAE3NlbWFudGljbG9jYXRpb24tcGEKZ29vZ2xlYXBpcwNjb20AAAEAAcAMAAEAAQAAALIABKzZFEo="}
00812{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":310,"source":"android.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454871343,"flow_last_seen":1582454871383,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1582454871383,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35689,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"semanticlocation-pa.googleapis.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.20.74"}}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":324,"source":"android.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871496,"flow_last_seen":1582454871496,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454871496,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":22850,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00818{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":310,"source":"android.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454871343,"flow_last_seen":1582454871383,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":120,"midstream":0,"thread_ts_msec":1582454871383,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35689,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"semanticlocation-pa.googleapis.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.20.74"}}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":324,"source":"android.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454871496,"flow_last_seen":1582454871496,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454871496,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":22850,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":324,"source":"android.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1582454871496,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1582454871496,"pkt":"xiwDYGpkTGr2n\/YnCABFAABBq+5AAEARCVzAqAIQwKgCAVlCADUALUQf0TEBAAABAAAAAAAABXByb3h5CWdvb2dsZXppcANuZXQAAAEAAQ=="}
00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":324,"source":"android.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871496,"flow_last_seen":1582454871496,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454871496,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":22850,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"proxy.googlezip.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":324,"source":"android.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454871496,"flow_last_seen":1582454871496,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454871496,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":22850,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"proxy.googlezip.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":332,"source":"android.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":1582454871536,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_msec":1582454871536,"pkt":"TGr2n\/YnxiwDYGpkCABFAABRnZYAAEARV6TAqAIBwKgCEAA1WUIAPff70TGBgAABAAEAAAAABXByb3h5CWdvb2dsZXppcANuZXQAAAEAAcAMAAEAAQAAAJMABKzZFEw="}
00784{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":332,"source":"android.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454871496,"flow_last_seen":1582454871536,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454871536,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":22850,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"proxy.googlezip.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.20.76"}}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":335,"source":"android.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871553,"flow_last_seen":1582454871553,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871553,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43634,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00790{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":332,"source":"android.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454871496,"flow_last_seen":1582454871536,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"midstream":0,"thread_ts_msec":1582454871536,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":22850,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"proxy.googlezip.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.20.76"}}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":335,"source":"android.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454871553,"flow_last_seen":1582454871553,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871553,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43634,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":335,"source":"android.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1582454871553,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871553,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8o7ZAAEAGEyjAqAIQrNkUTKpyAbt9gJSNAAAAAKAC\/\/\/OqgAAAgQFtAQCCAr\/\/zc7AAAAAAEDAwg="}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":336,"source":"android.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":1582454871591,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871591,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8n5IAAHUGIkys2RRMwKgCEAG7qnIP+mJJfYCUjqAS6yAAJQAAAgQFZAQCCAqRSuAV\/\/83OwEDAwg="}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":337,"source":"android.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_last_seen":1582454871592,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871592,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0o7dAAEAGEy\/AqAIQrNkUTKpyAbt9gJSOD\/piSoAQAVcYYgAAAQEICv\/\/N0WRSuAV"}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":338,"source":"android.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871600,"flow_last_seen":1582454871600,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454871600,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":58892,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":338,"source":"android.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454871600,"flow_last_seen":1582454871600,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454871600,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":58892,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":338,"source":"android.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_last_seen":1582454871600,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1582454871600,"pkt":"xiwDYGpkTGr2n\/YnCABFAABBq\/ZAAEARCVTAqAIQwKgCAeYMADUALTc\/5u4BAAABAAAAAAAACGFjY291bnRzBmdvb2dsZQNjb20AAAEAAQ=="}
00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":338,"source":"android.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871600,"flow_last_seen":1582454871600,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454871600,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":58892,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"accounts.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":338,"source":"android.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454871600,"flow_last_seen":1582454871600,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454871600,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":58892,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"accounts.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":339,"source":"android.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_last_seen":1582454871601,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_msec":1582454871601,"pkt":"TGr2n\/YnxiwDYGpkCABFAABRUPMAAEARpEfAqAIBwKgCEAA15gwAPWHd5u6BgAABAAEAAAAACGFjY291bnRzBmdvb2dsZQNjb20AAAEAAcAMAAEAAQAAANoABNjvJng="}
00789{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":339,"source":"android.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454871600,"flow_last_seen":1582454871601,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454871601,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":58892,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"accounts.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}}
00913{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":340,"source":"android.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871553,"flow_last_seen":1582454871614,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454871614,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43634,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"proxy.googlezip.net","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":342,"source":"android.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871623,"flow_last_seen":1582454871623,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871623,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33002,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":339,"source":"android.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454871600,"flow_last_seen":1582454871601,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"midstream":0,"thread_ts_msec":1582454871601,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":58892,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"accounts.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}}
00918{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":340,"source":"android.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454871553,"flow_last_seen":1582454871614,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"midstream":0,"thread_ts_msec":1582454871614,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43634,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"proxy.googlezip.net","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":342,"source":"android.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454871623,"flow_last_seen":1582454871623,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871623,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33002,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":342,"source":"android.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1582454871623,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871623,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8E0lAAEAGZVPAqAIQ2O8meIDqAbtXpCQEAAAAAKAC\/\/9QRAAAAgQFtAQCCAr\/\/zdNAAAAAAEDAwg="}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"android.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_last_seen":1582454871636,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871636,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8YK4AAHYGIe7Y7yZ4wKgCEAG7gOoEIWijV6QkBaAS6yBQGwAAAgQFZAQCCAqpXP8l\/\/83TQEDAwg="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"android.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":3,"flow_last_seen":1582454871641,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871641,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0E0pAAEAGZVrAqAIQ2O8meIDqAbtXpCQFBCFopIAQAVdoXgAAAQEICv\/\/N1GpXP8l"}
00954{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":349,"source":"android.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1582454871553,"flow_last_seen":1582454871657,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":276,"midstream":0,"thread_ts_msec":1582454871657,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43634,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"proxy.googlezip.net","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00918{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":357,"source":"android.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871623,"flow_last_seen":1582454871671,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454871671,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33002,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"accounts.google.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":358,"source":"android.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871676,"flow_last_seen":1582454871676,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454871676,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":33240,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00959{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":349,"source":"android.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1582454871553,"flow_last_seen":1582454871657,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"midstream":0,"thread_ts_msec":1582454871657,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43634,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"proxy.googlezip.net","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00923{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":357,"source":"android.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454871623,"flow_last_seen":1582454871671,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"midstream":0,"thread_ts_msec":1582454871671,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33002,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"accounts.google.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":358,"source":"android.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454871676,"flow_last_seen":1582454871676,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454871676,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":33240,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"android.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1582454871676,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1582454871676,"pkt":"xiwDYGpkTGr2n\/YnCABFAABBrABAAEARCUrAqAIQwKgCAYHYADUALeidI0IBAAABAAAAAAAABWNoZWNrCWdvb2dsZXppcANuZXQAAAEAAQ=="}
00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":358,"source":"android.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871676,"flow_last_seen":1582454871676,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454871676,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":33240,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"check.googlezip.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":358,"source":"android.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454871676,"flow_last_seen":1582454871676,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454871676,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":33240,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"check.googlezip.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"android.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_last_seen":1582454871677,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_msec":1582454871677,"pkt":"TGr2n\/YnxiwDYGpkCABFAABRtlYAAEARPuTAqAIBwKgCEAA1gdgAPR0+I0KBgAABAAEAAAAABWNoZWNrCWdvb2dsZXppcANuZXQAAAEAAcAMAAEAAQAAAQMABK3CT3I="}
00785{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":359,"source":"android.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454871676,"flow_last_seen":1582454871677,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454871677,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":33240,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"check.googlezip.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"173.194.79.114"}}
00959{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":361,"source":"android.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871623,"flow_last_seen":1582454871702,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"thread_ts_msec":1582454871702,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33002,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"accounts.google.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":367,"source":"android.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871741,"flow_last_seen":1582454871741,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871741,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52514,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00791{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":359,"source":"android.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454871676,"flow_last_seen":1582454871677,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"midstream":0,"thread_ts_msec":1582454871677,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":33240,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"check.googlezip.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"173.194.79.114"}}
00964{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":361,"source":"android.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454871623,"flow_last_seen":1582454871702,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"midstream":0,"thread_ts_msec":1582454871702,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33002,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"accounts.google.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":367,"source":"android.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454871741,"flow_last_seen":1582454871741,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871741,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52514,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":367,"source":"android.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1582454871741,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871741,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8FotAAEAGoFXAqAIQrNkUSs0iAbsOnCHhAAAAAKAC\/\/+NXgAAAgQFtAQCCAr\/\/zdqAAAAAAEDAwg="}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":368,"source":"android.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871745,"flow_last_seen":1582454871745,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871745,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36848,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":368,"source":"android.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454871745,"flow_last_seen":1582454871745,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871745,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36848,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":368,"source":"android.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_last_seen":1582454871745,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871745,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8bVhAAEAGDXfAqAIQrcJPco\/wAFDXL1ozAAAAAKAC\/\/+PAwAAAgQFtAQCCAr\/\/zdrAAAAAAEDAwg="}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":369,"source":"android.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871772,"flow_last_seen":1582454871772,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871772,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36850,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":369,"source":"android.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454871772,"flow_last_seen":1582454871772,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871772,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36850,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":369,"source":"android.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_last_seen":1582454871772,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871772,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8CzhAAEAGb5fAqAIQrcJPco\/yAFDC1DxKAAAAAKAC\/\/\/BPgAAAgQFtAQCCAr\/\/zdyAAAAAAEDAwg="}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":371,"source":"android.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_last_seen":1582454871781,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871781,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8S\/EAAHUGde+s2RRKwKgCEAG7zSLiUVJTDpwh4qAS6yCWYgAAAgQFZAQCCAoTCsRq\/\/83agEDAwg="}
00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":372,"source":"android.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_last_seen":1582454871784,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871784,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8QWIAAGcGUm2twk9ywKgCEABQj\/AL32zY1y9aNKAS87jv8AAAAgQFlgQCCArQ72G\/\/\/83awEDAwg="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":373,"source":"android.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_last_seen":1582454871786,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871786,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0FoxAAEAGoFzAqAIQrNkUSs0iAbsOnCHi4lFSVIAQAVeungAAAQEICv\/\/N3UTCsRq"}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":374,"source":"android.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":3,"flow_last_seen":1582454871787,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871787,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0bVlAAEAGDX7AqAIQrcJPco\/wAFDXL1o0C99s2YAQAVcQ9wAAAQEICv\/\/N3bQ72G\/"}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":377,"source":"android.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871804,"flow_last_seen":1582454871804,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1582454871804,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":18379,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":377,"source":"android.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454871804,"flow_last_seen":1582454871804,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"midstream":0,"thread_ts_msec":1582454871804,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":18379,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":377,"source":"android.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_last_seen":1582454871804,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"thread_ts_msec":1582454871804,"pkt":"xiwDYGpkTGr2n\/YnCABFAABGrB5AAEARCSfAqAIQwKgCAUfLADUAMmcLPGQBAAABAAAAAAAACWRhdGFzYXZlcgpnb29nbGVhcGlzA2NvbQAAAQAB"}
00775{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":377,"source":"android.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871804,"flow_last_seen":1582454871804,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1582454871804,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":18379,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"datasaver.googleapis.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":377,"source":"android.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454871804,"flow_last_seen":1582454871804,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"midstream":0,"thread_ts_msec":1582454871804,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":18379,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"datasaver.googleapis.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":378,"source":"android.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_last_seen":1582454871805,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":100,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":100,"pkt_l4_len":66,"thread_ts_msec":1582454871805,"pkt":"TGr2n\/YnxiwDYGpkCABFAABWsEQAAEARRPHAqAIBwKgCEAA1R8sAQmKIPGSBgAABAAEAAAAACWRhdGFzYXZlcgpnb29nbGVhcGlzA2NvbQAAAQABwAwAAQABAAABKwAErNkVyg=="}
00791{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":378,"source":"android.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454871804,"flow_last_seen":1582454871805,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1582454871805,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":18379,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"datasaver.googleapis.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.21.202"}}
00797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":378,"source":"android.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454871804,"flow_last_seen":1582454871805,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":100,"midstream":0,"thread_ts_msec":1582454871805,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":18379,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"datasaver.googleapis.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.21.202"}}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":379,"source":"android.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_last_seen":1582454871807,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871807,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8DHkAAGcGh1atwk9ywKgCEABQj\/Jn2o0VwtQ8S6AS87jgEAAAAgQFlgQCCArQTChF\/\/83cgEDAwg="}
00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":380,"source":"android.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":3,"flow_last_seen":1582454871808,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871808,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0CzlAAEAGb57AqAIQrcJPco\/yAFDC1DxLZ9qNFoAQAVcBGQAAAQEICv\/\/N3vQTChF"}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":381,"source":"android.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871814,"flow_last_seen":1582454871814,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871814,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51944,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":381,"source":"android.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454871814,"flow_last_seen":1582454871814,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871814,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51944,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":381,"source":"android.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_last_seen":1582454871814,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871814,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8CFFAAEAGrQ\/AqAIQrNkVysroAbtCYT8sAAAAAKAC\/\/889QAAAgQFtAQCCAr\/\/zd9AAAAAAEDAwg="}
00889{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":382,"source":"android.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871745,"flow_last_seen":1582454871818,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":74,"midstream":0,"thread_ts_msec":1582454871818,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36848,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.DataSaver","breed":"Fun","category":"Web"},"http": {"hostname":"check.googlezip.net","url":"check.googlezip.net\/connect","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 9; Nokia 2.2) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/79.0.3945.93 Mobile Safari\/537.36"}}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":383,"source":"android.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871823,"flow_last_seen":1582454871823,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454871823,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":10677,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00895{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":382,"source":"android.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454871745,"flow_last_seen":1582454871818,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"midstream":0,"thread_ts_msec":1582454871818,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36848,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.DataSaver","breed":"Fun","category":"Web"},"http": {"hostname":"check.googlezip.net","url":"check.googlezip.net\/connect","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 9; Nokia 2.2) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/79.0.3945.93 Mobile Safari\/537.36"}}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":383,"source":"android.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454871823,"flow_last_seen":1582454871823,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454871823,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":10677,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":383,"source":"android.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_last_seen":1582454871823,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1582454871823,"pkt":"xiwDYGpkTGr2n\/YnCABFAABBrCJAAEARCSjAqAIQwKgCASm1ADUALW7k1fkBAAABAAAAAAAABXByb3h5CWdvb2dsZXppcANuZXQAAAEAAQ=="}
00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":383,"source":"android.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871823,"flow_last_seen":1582454871823,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454871823,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":10677,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"proxy.googlezip.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":383,"source":"android.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454871823,"flow_last_seen":1582454871823,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454871823,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":10677,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"proxy.googlezip.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":384,"source":"android.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_last_seen":1582454871824,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_msec":1582454871824,"pkt":"TGr2n\/YnxiwDYGpkCABFAABRS4IAAEARqbjAqAIBwKgCEAA1KbUAPSLB1fmBgAABAAEAAAAABXByb3h5CWdvb2dsZXppcANuZXQAAAEAAcAMAAEAAQAAAJMABKzZFEw="}
00784{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":384,"source":"android.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454871823,"flow_last_seen":1582454871824,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454871824,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":10677,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"proxy.googlezip.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.20.76"}}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":385,"source":"android.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871827,"flow_last_seen":1582454871827,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1582454871827,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32832,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00790{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":384,"source":"android.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454871823,"flow_last_seen":1582454871824,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"midstream":0,"thread_ts_msec":1582454871824,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":10677,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"proxy.googlezip.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.20.76"}}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":385,"source":"android.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454871827,"flow_last_seen":1582454871827,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"midstream":0,"thread_ts_msec":1582454871827,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32832,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":385,"source":"android.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_last_seen":1582454871827,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871827,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8rCNAAEARCSzAqAIQwKgCAYBAADUAKPh7cqMBAAABAAAAAAAAA3d3dwZnb29nbGUDY29tAAABAAE="}
00769{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":385,"source":"android.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871827,"flow_last_seen":1582454871827,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1582454871827,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32832,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"www.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00775{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":385,"source":"android.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454871827,"flow_last_seen":1582454871827,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"midstream":0,"thread_ts_msec":1582454871827,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32832,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"www.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":386,"source":"android.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_last_seen":1582454871827,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1582454871827,"pkt":"TGr2n\/YnxiwDYGpkCABFAABMd48AAEARfbDAqAIBwKgCEAA1gEAAOLeFcqOBgAABAAEAAAAAA3d3dwZnb29nbGUDY29tAAABAAHADAABAAEAAADaAATY7yZ4"}
00784{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":386,"source":"android.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454871827,"flow_last_seen":1582454871827,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1582454871827,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32832,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"www.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":387,"source":"android.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871829,"flow_last_seen":1582454871829,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871829,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43646,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00790{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":386,"source":"android.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454871827,"flow_last_seen":1582454871827,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"midstream":0,"thread_ts_msec":1582454871827,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32832,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"www.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":387,"source":"android.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454871829,"flow_last_seen":1582454871829,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871829,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43646,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":387,"source":"android.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_last_seen":1582454871829,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871829,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8SmpAAEAGbHTAqAIQrNkUTKp+Abul3n3qAAAAAKAC\/\/+8ngAAAgQFtAQCCAr\/\/zeAAAAAAAEDAwg="}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":389,"source":"android.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871839,"flow_last_seen":1582454871839,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871839,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":389,"source":"android.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454871839,"flow_last_seen":1582454871839,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871839,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":389,"source":"android.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_last_seen":1582454871839,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871839,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8witAAEAGtnDAqAIQ2O8meID2AbsYfvWoAAAAAKAC\/\/+9gwAAAgQFtAQCCAr\/\/zeDAAAAAAEDAwg="}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":392,"source":"android.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_last_seen":1582454871848,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871848,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8oe8AAHYGHXGs2RXKwKgCEAG7yuig7Cw9QmE\/LaAS6yAtmgAAAgQFZAQCCArvemfU\/\/83fQEDAwg="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":393,"source":"android.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_last_seen":1582454871853,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871853,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0CFJAAEAGrRbAqAIQrNkVysroAbtCYT8toOwsPoAQAVdF2AAAAQEICv\/\/N4bvemfU"}
@@ -288,97 +288,97 @@
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":395,"source":"android.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":3,"flow_last_seen":1582454871855,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871855,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0wixAAEAGtnfAqAIQ2O8meID2AbsYfvWpTGBDc4AQAVe7FAAAAQEICv\/\/N4fDx9w1"}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":401,"source":"android.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_last_seen":1582454871867,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871867,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8+7cAAHUGxias2RRMwKgCEAG7qn7jcCu5pd5966AS6yBHnwAAAgQFZAQCCArp2ZEZ\/\/83gAEDAwg="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":403,"source":"android.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":3,"flow_last_seen":1582454871873,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871873,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0SmtAAEAGbHvAqAIQrNkUTKp+Abul3n3r43AruoAQAVdf2wAAAQEICv\/\/N4vp2ZEZ"}
00919{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":404,"source":"android.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871814,"flow_last_seen":1582454871879,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":594,"flow_tot_l4_payload_len":594,"flow_avg_l4_payload_len":148,"midstream":0,"thread_ts_msec":1582454871879,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51944,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"datasaver.googleapis.com","ja3":"554719594ba90b02ae410c297c6e50ad","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00913{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":405,"source":"android.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871839,"flow_last_seen":1582454871880,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454871880,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33014,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.google.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":406,"source":"android.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871881,"flow_last_seen":1582454871881,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1582454871881,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39760,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00924{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":404,"source":"android.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454871814,"flow_last_seen":1582454871879,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":594,"flow_tot_l4_payload_len":594,"midstream":0,"thread_ts_msec":1582454871879,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51944,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"datasaver.googleapis.com","ja3":"554719594ba90b02ae410c297c6e50ad","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00918{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":405,"source":"android.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454871839,"flow_last_seen":1582454871880,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"midstream":0,"thread_ts_msec":1582454871880,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33014,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.google.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":406,"source":"android.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454871881,"flow_last_seen":1582454871881,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"midstream":0,"thread_ts_msec":1582454871881,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39760,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"android.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_last_seen":1582454871881,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1582454871881,"pkt":"xiwDYGpkTGr2n\/YnCABFAABErDBAAEARCRfAqAIQwKgCAZtQADUAMNjjuKUBAAABAAAAAAAAB2FuZHJvaWQKZ29vZ2xlYXBpcwNjb20AAAEAAQ=="}
00785{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":406,"source":"android.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871881,"flow_last_seen":1582454871881,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1582454871881,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39760,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"android.googleapis.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00913{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":408,"source":"android.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871829,"flow_last_seen":1582454871890,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454871890,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43646,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"proxy.googlezip.net","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00954{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":434,"source":"android.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871839,"flow_last_seen":1582454871911,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"thread_ts_msec":1582454871911,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33014,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.google.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00958{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":437,"source":"android.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871814,"flow_last_seen":1582454871913,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":594,"flow_tot_l4_payload_len":806,"flow_avg_l4_payload_len":134,"midstream":0,"thread_ts_msec":1582454871913,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51944,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"datasaver.googleapis.com","ja3":"554719594ba90b02ae410c297c6e50ad","ja3s":"2b0648ab686ee45e0e7c35fcfb0eea7e","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":406,"source":"android.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454871881,"flow_last_seen":1582454871881,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"midstream":0,"thread_ts_msec":1582454871881,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39760,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"android.googleapis.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00918{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":408,"source":"android.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454871829,"flow_last_seen":1582454871890,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"midstream":0,"thread_ts_msec":1582454871890,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43646,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"proxy.googlezip.net","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00959{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":434,"source":"android.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454871839,"flow_last_seen":1582454871911,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"midstream":0,"thread_ts_msec":1582454871911,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33014,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.google.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00963{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":437,"source":"android.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454871814,"flow_last_seen":1582454871913,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":594,"flow_tot_l4_payload_len":806,"midstream":0,"thread_ts_msec":1582454871913,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51944,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"datasaver.googleapis.com","ja3":"554719594ba90b02ae410c297c6e50ad","ja3s":"2b0648ab686ee45e0e7c35fcfb0eea7e","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":441,"source":"android.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_last_seen":1582454871920,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_msec":1582454871920,"pkt":"TGr2n\/YnxiwDYGpkCABFAABUFXQAAEAR38PAqAIBwKgCEAA1m1AAQNQ0uKWBgAABAAEAAAAAB2FuZHJvaWQKZ29vZ2xlYXBpcwNjb20AAAEAAcAMAAEAAQAAARcABKzZFgo="}
00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":441,"source":"android.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454871881,"flow_last_seen":1582454871920,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1582454871920,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39760,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"android.googleapis.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.22.10"}}
00954{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":447,"source":"android.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871829,"flow_last_seen":1582454871933,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"thread_ts_msec":1582454871933,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43646,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"proxy.googlezip.net","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":458,"source":"android.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871947,"flow_last_seen":1582454871947,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871947,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.22.10","src_port":44374,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00805{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":441,"source":"android.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454871881,"flow_last_seen":1582454871920,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"midstream":0,"thread_ts_msec":1582454871920,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39760,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"android.googleapis.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.22.10"}}
00959{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":447,"source":"android.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454871829,"flow_last_seen":1582454871933,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"midstream":0,"thread_ts_msec":1582454871933,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43646,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"proxy.googlezip.net","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":458,"source":"android.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454871947,"flow_last_seen":1582454871947,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871947,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.22.10","src_port":44374,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":458,"source":"android.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_last_seen":1582454871947,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871947,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8i1NAAEAGKc3AqAIQrNkWCq1WAbtFj7zOAAAAAKAC\/\/\/ZVgAAAgQFtAQCCAr\/\/zedAAAAAAEDAwg="}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":467,"source":"android.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_last_seen":1582454871972,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871972,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8OOwAAHYGhjSs2RYKwKgCEAG7rVbtvX7+RY+8z6AS6yDuawAAAgQFZAQCCAq7R9gE\/\/83nQEDAwg="}
00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":471,"source":"android.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":3,"flow_last_seen":1582454871974,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871974,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0i1RAAEAGKdTAqAIQrNkWCq1WAbtFj7zP7b1+\/4AQAVcGrAAAAQEICv\/\/N6S7R9gE"}
01035{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":480,"source":"android.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871947,"flow_last_seen":1582454872014,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454872014,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.22.10","src_port":44374,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"android.googleapis.com","ja3":"629b587f706aee60430ec3879c6edb66","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00923{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":481,"source":"android.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871741,"flow_last_seen":1582454872015,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454872015,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52514,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"semanticlocation-pa.googleapis.com","ja3":"33490b1d5377580b19f7f9b5849d7991","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":485,"source":"android.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454872021,"flow_last_seen":1582454872021,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454872021,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":56312,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01040{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":480,"source":"android.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454871947,"flow_last_seen":1582454872014,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"midstream":0,"thread_ts_msec":1582454872014,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.22.10","src_port":44374,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"android.googleapis.com","ja3":"629b587f706aee60430ec3879c6edb66","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00928{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":481,"source":"android.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454871741,"flow_last_seen":1582454872015,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"midstream":0,"thread_ts_msec":1582454872015,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52514,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"semanticlocation-pa.googleapis.com","ja3":"33490b1d5377580b19f7f9b5849d7991","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":485,"source":"android.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454872021,"flow_last_seen":1582454872021,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454872021,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":56312,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":485,"source":"android.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_last_seen":1582454872021,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1582454872021,"pkt":"xiwDYGpkTGr2n\/YnCABFAABBrFBAAEARCPrAqAIQwKgCAdv4ADUALYKcD\/4BAAABAAAAAAAABXByb3h5CWdvb2dsZXppcANuZXQAAAEAAQ=="}
00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":485,"source":"android.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454872021,"flow_last_seen":1582454872021,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454872021,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":56312,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"proxy.googlezip.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":485,"source":"android.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454872021,"flow_last_seen":1582454872021,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454872021,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":56312,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"proxy.googlezip.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":487,"source":"android.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":2,"flow_last_seen":1582454872022,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_msec":1582454872022,"pkt":"TGr2n\/YnxiwDYGpkCABFAABRBMwAAEAR8G7AqAIBwKgCEAA12\/gAPTZ5D\/6BgAABAAEAAAAABXByb3h5CWdvb2dsZXppcANuZXQAAAEAAcAMAAEAAQAAAJMABKzZFEw="}
00784{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":487,"source":"android.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454872021,"flow_last_seen":1582454872022,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454872022,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":56312,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"proxy.googlezip.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.20.76"}}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":491,"source":"android.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454872031,"flow_last_seen":1582454872031,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454872031,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43652,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00790{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":487,"source":"android.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454872021,"flow_last_seen":1582454872022,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"midstream":0,"thread_ts_msec":1582454872022,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":56312,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"proxy.googlezip.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.20.76"}}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":491,"source":"android.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454872031,"flow_last_seen":1582454872031,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454872031,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43652,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":491,"source":"android.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_last_seen":1582454872031,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454872031,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8+JhAAEAGvkXAqAIQrNkUTKqEAbsc\/M8rAAAAAKAC\/\/\/0BgAAAgQFtAQCCAr\/\/zezAAAAAAEDAwg="}
01076{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871947,"flow_last_seen":1582454872047,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.22.10","src_port":44374,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"android.googleapis.com","ja3":"629b587f706aee60430ec3879c6edb66","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00674{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1582454780612,"flow_last_seen":1582454799515,"flow_idle_time":7580000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":539,"flow_avg_l4_payload_len":67,"midstream":1,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50580,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
00674{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1582454779631,"flow_last_seen":1582454799004,"flow_idle_time":7580000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":539,"flow_avg_l4_payload_len":67,"midstream":1,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50584,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871115,"flow_last_seen":1582454871117,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":40580,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}}
00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871051,"flow_last_seen":1582454871090,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32412,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"}}
00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1582454784313,"flow_last_seen":1582454866536,"flow_idle_time":200000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":3584,"flow_avg_l4_payload_len":298,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}}
00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454867034,"flow_last_seen":1582454867075,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":52953,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"ConnCheck"}}
00673{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1582454787658,"flow_last_seen":1582454801077,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":186,"flow_avg_l4_payload_len":26,"midstream":1,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"17.248.185.10","dst_ip":"192.168.2.17","src_port":443,"dst_port":50702,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454867637,"flow_last_seen":1582454867639,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":34540,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}}
00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454870996,"flow_last_seen":1582454870998,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":36613,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.PlayStore","breed":"Safe","category":"SoftwareUpdate"}}
00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1582454869517,"flow_last_seen":1582454872012,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":5382,"flow_avg_l4_payload_len":269,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.168.206","src_port":50384,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"}}
00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1582454825629,"flow_last_seen":1582454825629,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"239.255.255.250","src_port":51411,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1582454868348,"flow_last_seen":1582454870097,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":5016,"flow_avg_l4_payload_len":228,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52486,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"}}
00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871741,"flow_last_seen":1582454872015,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52514,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454823653,"flow_last_seen":1582454823653,"flow_idle_time":200000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1582454871947,"flow_last_seen":1582454872047,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.22.10","src_port":44374,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"}}
00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871804,"flow_last_seen":1582454871805,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":18379,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"}}
00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454868462,"flow_last_seen":1582454868503,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":47081,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"ConnCheck"}}
00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871827,"flow_last_seen":1582454871827,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32832,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}}
00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1582454867151,"flow_last_seen":1582454867312,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":715,"flow_tot_l4_payload_len":918,"flow_avg_l4_payload_len":83,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"17.253.53.201","src_port":58338,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Apple","breed":"Safe","category":"ConnCheck"}}
00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454866407,"flow_last_seen":1582454866538,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.16","src_port":67,"dst_port":68,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}}
00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454869361,"flow_last_seen":1582454869363,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":84,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39008,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"}}
00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1582454792980,"flow_last_seen":1582454853081,"flow_idle_time":200000,"flow_min_l4_payload_len":510,"flow_max_l4_payload_len":510,"flow_tot_l4_payload_len":1530,"flow_avg_l4_payload_len":510,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1582454825628,"flow_last_seen":1582454825628,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"239.255.255.250","src_port":60538,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454866448,"flow_last_seen":1582454868606,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCPV6","breed":"Acceptable","category":"Network"}}
00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454868597,"flow_last_seen":1582454868597,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":51430,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871496,"flow_last_seen":1582454871536,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":22850,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"}}
00823{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1582454867688,"flow_last_seen":1582454868211,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":5497,"flow_avg_l4_payload_len":239,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32974,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
00832{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1582454871042,"flow_last_seen":1582454871531,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":6624,"flow_avg_l4_payload_len":315,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32986,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"}}
00832{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1582454871069,"flow_last_seen":1582454872035,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":5325,"flow_avg_l4_payload_len":355,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32988,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"}}
00832{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1582454871075,"flow_last_seen":1582454871428,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":6802,"flow_avg_l4_payload_len":323,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32990,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"}}
00636{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454865802,"flow_last_seen":1582454866026,"flow_idle_time":140000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
00645{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1582454865794,"flow_last_seen":1582454865794,"flow_idle_time":140000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff9f:f627","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1582454871152,"flow_last_seen":1582454871906,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":11647,"flow_avg_l4_payload_len":363,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32996,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
00687{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1582454871321,"flow_last_seen":1582454871375,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3562,"flow_avg_l4_payload_len":254,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32998,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1582454871623,"flow_last_seen":1582454871978,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":6380,"flow_avg_l4_payload_len":212,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33002,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1582454871839,"flow_last_seen":1582454872035,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4381,"flow_avg_l4_payload_len":243,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871823,"flow_last_seen":1582454871824,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":10677,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"}}
00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454823653,"flow_last_seen":1582454823653,"flow_idle_time":200000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871676,"flow_last_seen":1582454871677,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":33240,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"}}
00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1582454871094,"flow_last_seen":1582454871395,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":458,"flow_tot_l4_payload_len":1510,"flow_avg_l4_payload_len":116,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36834,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.DataSaver","breed":"Fun","category":"Web"}}
00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1582454871745,"flow_last_seen":1582454871859,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":458,"flow_tot_l4_payload_len":755,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36848,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.DataSaver","breed":"Fun","category":"Web"}}
00658{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1582454871772,"flow_last_seen":1582454871808,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36850,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"},"http": {}}
00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1582454871772,"flow_last_seen":1582454871808,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36850,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1582454796360,"flow_last_seen":1582454856384,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}}
00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1582454868511,"flow_last_seen":1582454870126,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4841,"flow_avg_l4_payload_len":302,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36888,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"ConnCheck"}}
00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1582454868527,"flow_last_seen":1582454869366,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4841,"flow_avg_l4_payload_len":302,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36890,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"ConnCheck"}}
00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454867323,"flow_last_seen":1582454867358,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.35.8","src_port":45863,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"}}
00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871881,"flow_last_seen":1582454871920,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39760,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"}}
00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871343,"flow_last_seen":1582454871383,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35689,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"}}
00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454867244,"flow_last_seen":1582454867284,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":66,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35825,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454872021,"flow_last_seen":1582454872022,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":56312,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"}}
00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454769772,"flow_last_seen":1582454769772,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":1,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"95.101.24.53","dst_ip":"192.168.2.17","src_port":443,"dst_port":50677,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00644{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454869626,"flow_last_seen":1582454870649,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":49510,"dst_port":5228,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Google","breed":"Acceptable","category":"Web"}}
00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454869626,"flow_last_seen":1582454870649,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":49510,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00658{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454866803,"flow_last_seen":1582454871058,"flow_idle_time":140000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
00659{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454866803,"flow_last_seen":1582454866894,"flow_idle_time":140000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1582454871553,"flow_last_seen":1582454871667,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3573,"flow_avg_l4_payload_len":255,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43634,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"}}
00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1582454871829,"flow_last_seen":1582454872026,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3573,"flow_avg_l4_payload_len":255,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43646,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"}}
00646{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454872031,"flow_last_seen":1582454872031,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43652,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454872031,"flow_last_seen":1582454872031,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43652,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871292,"flow_last_seen":1582454871294,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":46359,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}}
00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1582454871103,"flow_last_seen":1582454871450,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":5661,"flow_avg_l4_payload_len":209,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51928,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"}}
00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1582454871814,"flow_last_seen":1582454872019,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":594,"flow_tot_l4_payload_len":3276,"flow_avg_l4_payload_len":136,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51944,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"}}
00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871061,"flow_last_seen":1582454871100,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":7660,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"}}
00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871600,"flow_last_seen":1582454871601,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":58892,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}}
00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454867723,"flow_last_seen":1582454867761,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":54837,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"}}
01081{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454871947,"flow_last_seen":1582454872047,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.22.10","src_port":44374,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"android.googleapis.com","ja3":"629b587f706aee60430ec3879c6edb66","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00680{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1582454780612,"flow_last_seen":1582454799515,"flow_idle_time":7580000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":539,"midstream":1,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50580,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
00680{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1582454779631,"flow_last_seen":1582454799004,"flow_idle_time":7580000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":539,"midstream":1,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50584,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454871115,"flow_last_seen":1582454871117,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":40580,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}}
00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454871051,"flow_last_seen":1582454871090,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32412,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"}}
00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":0,"flow_first_seen":1582454784313,"flow_last_seen":1582454866536,"flow_idle_time":200000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":3584,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}}
00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454867034,"flow_last_seen":1582454867075,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":214,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":52953,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"ConnCheck"}}
00679{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1582454787658,"flow_last_seen":1582454801077,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":186,"midstream":1,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"17.248.185.10","dst_ip":"192.168.2.17","src_port":443,"dst_port":50702,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454867637,"flow_last_seen":1582454867639,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":34540,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}}
00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454870996,"flow_last_seen":1582454870998,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":104,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":36613,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.PlayStore","breed":"Safe","category":"SoftwareUpdate"}}
00704{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":9,"flow_first_seen":1582454869517,"flow_last_seen":1582454872012,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":5382,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.168.206","src_port":50384,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"}}
00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454825629,"flow_last_seen":1582454825629,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"239.255.255.250","src_port":51411,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":10,"flow_first_seen":1582454868348,"flow_last_seen":1582454870097,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":5016,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52486,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"}}
00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454871741,"flow_last_seen":1582454872015,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52514,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00588{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454823653,"flow_last_seen":1582454823653,"flow_idle_time":200000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00835{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454871947,"flow_last_seen":1582454872047,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.22.10","src_port":44374,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"}}
00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454871804,"flow_last_seen":1582454871805,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":100,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":18379,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"}}
00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454868462,"flow_last_seen":1582454868503,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":110,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":47081,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"ConnCheck"}}
00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454871827,"flow_last_seen":1582454871827,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32832,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}}
00687{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1582454867151,"flow_last_seen":1582454867312,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":715,"flow_tot_l4_payload_len":918,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"17.253.53.201","src_port":58338,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Apple","breed":"Safe","category":"ConnCheck"}}
00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1582454866407,"flow_last_seen":1582454866538,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":600,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.16","src_port":67,"dst_port":68,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}}
00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454869361,"flow_last_seen":1582454869363,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":84,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39008,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"}}
00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1582454792980,"flow_last_seen":1582454853081,"flow_idle_time":200000,"flow_min_l4_payload_len":510,"flow_max_l4_payload_len":510,"flow_tot_l4_payload_len":1530,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454825628,"flow_last_seen":1582454825628,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"239.255.255.250","src_port":60538,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1582454866448,"flow_last_seen":1582454868606,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":104,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCPV6","breed":"Acceptable","category":"Network"}}
00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454868597,"flow_last_seen":1582454868597,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":51430,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454871496,"flow_last_seen":1582454871536,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":22850,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"}}
00829{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":10,"flow_first_seen":1582454867688,"flow_last_seen":1582454868211,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":5497,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32974,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
00838{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":10,"flow_first_seen":1582454871042,"flow_last_seen":1582454871531,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":6624,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32986,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"}}
00836{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1582454871069,"flow_last_seen":1582454872035,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":5325,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32988,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"}}
00838{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":10,"flow_first_seen":1582454871075,"flow_last_seen":1582454871428,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":6802,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32990,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"}}
00642{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1582454865802,"flow_last_seen":1582454866026,"flow_idle_time":140000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
00651{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454865794,"flow_last_seen":1582454865794,"flow_idle_time":140000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff9f:f627","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1582454871152,"flow_last_seen":1582454871906,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":11647,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32996,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
00691{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":6,"flow_first_seen":1582454871321,"flow_last_seen":1582454871375,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3562,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32998,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":15,"flow_first_seen":1582454871623,"flow_last_seen":1582454871978,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":6380,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33002,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":7,"flow_first_seen":1582454871839,"flow_last_seen":1582454872035,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4381,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454871823,"flow_last_seen":1582454871824,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":10677,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"}}
00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454823653,"flow_last_seen":1582454823653,"flow_idle_time":200000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454871676,"flow_last_seen":1582454871677,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":33240,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"}}
00686{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":5,"flow_first_seen":1582454871094,"flow_last_seen":1582454871395,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":458,"flow_tot_l4_payload_len":1510,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36834,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.DataSaver","breed":"Fun","category":"Web"}}
00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1582454871745,"flow_last_seen":1582454871859,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":458,"flow_tot_l4_payload_len":755,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36848,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.DataSaver","breed":"Fun","category":"Web"}}
00665{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1582454871772,"flow_last_seen":1582454871808,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36850,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"},"http": {}}
00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1582454871772,"flow_last_seen":1582454871808,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36850,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1582454796360,"flow_last_seen":1582454856384,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}}
00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":7,"flow_first_seen":1582454868511,"flow_last_seen":1582454870126,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4841,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36888,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"ConnCheck"}}
00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":7,"flow_first_seen":1582454868527,"flow_last_seen":1582454869366,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4841,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36890,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"ConnCheck"}}
00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454867323,"flow_last_seen":1582454867358,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":96,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.35.8","src_port":45863,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"}}
00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454871881,"flow_last_seen":1582454871920,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39760,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"}}
00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454871343,"flow_last_seen":1582454871383,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":120,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35689,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"}}
00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454867244,"flow_last_seen":1582454867284,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":132,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35825,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454872021,"flow_last_seen":1582454872022,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":56312,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"}}
00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454769772,"flow_last_seen":1582454769772,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"midstream":1,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"95.101.24.53","dst_ip":"192.168.2.17","src_port":443,"dst_port":50677,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1582454869626,"flow_last_seen":1582454870649,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":49510,"dst_port":5228,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Google","breed":"Acceptable","category":"Web"}}
00588{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1582454869626,"flow_last_seen":1582454870649,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":49510,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1582454866803,"flow_last_seen":1582454871058,"flow_idle_time":140000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":32,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1582454866803,"flow_last_seen":1582454866894,"flow_idle_time":140000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
00686{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":6,"flow_first_seen":1582454871553,"flow_last_seen":1582454871667,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3573,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43634,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"}}
00686{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":6,"flow_first_seen":1582454871829,"flow_last_seen":1582454872026,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3573,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43646,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"}}
00653{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454872031,"flow_last_seen":1582454872031,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43652,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454872031,"flow_last_seen":1582454872031,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43652,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454871292,"flow_last_seen":1582454871294,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":46359,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}}
00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":13,"flow_first_seen":1582454871103,"flow_last_seen":1582454871450,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":5661,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51928,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"}}
00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":12,"flow_first_seen":1582454871814,"flow_last_seen":1582454872019,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":594,"flow_tot_l4_payload_len":3276,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51944,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"}}
00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454871061,"flow_last_seen":1582454871100,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":100,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":7660,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"}}
00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454871600,"flow_last_seen":1582454871601,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":58892,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}}
00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454867723,"flow_last_seen":1582454867761,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":54837,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"}}
00566{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","packets-captured":500,"packets-processed":475,"total-skipped-flows":0,"total-l4-payload-len":101980,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":60,"total-detection-updates":43,"total-updates":0,"current-active-flows":0,"total-active-flows":63,"total-idle-flows":63,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":382,"global_ts_msec":1582454872047}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 500/475
@@ -388,10 +388,10 @@
~~ total active/idle flows...: 63/63
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6240347 bytes
~~ total memory freed........: 6240347 bytes
~~ total memory allocated....: 6240851 bytes
~~ total memory freed........: 6240851 bytes
~~ total allocations/frees...: 121841/121841
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 463 chars
~~ json string max len.......: 2361 chars
~~ json string avg len.......: 1412 chars
~~ json string max len.......: 2366 chars
~~ json string avg len.......: 1414 chars

490
test/results/anyconnect-vpn.pcap.out
View File

@@ -1,125 +1,125 @@
00465{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00554{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1569687240992}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687240992,"flow_last_seen":1569687240992,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687240992,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.53","src_port":56885,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687240992,"flow_last_seen":1569687240992,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687240992,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.53","src_port":56885,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1569687240992,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687240992,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGP5MKAADjuBk4Nd41AFDGVya80\/P93YAREABFkgAAAQEIChwNaWayL1Dq"}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1569687241009,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687241009,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0BhtAADcGQni4GTg1CgAA4wBQ3jXT8\/3dxlcmvYARAOurFAAAAQEICrIv+nscDWlm"}
00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1569687241009,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687241009,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGP5MKAADjuBk4Nd41AFDGVya90\/P93oAQEACb7gAAAQEIChwNaXeyL\/p7"}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687241064,"flow_last_seen":1569687241064,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569687241064,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56916,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687241064,"flow_last_seen":1569687241064,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569687241064,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56916,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1569687241064,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569687241064,"pkt":"2DE0IHf7NDY7z3UoCABFAABAAABAAEAGJT8KAADjCgAAl95UH0ntZWziAAAAALAC\/\/9D4wAAAgQFtAEDAwUBAQgKHA1prQAAAAAEAgAA"}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687241422,"flow_last_seen":1569687241422,"flow_idle_time":7580000,"flow_min_l4_payload_len":110,"flow_max_l4_payload_len":110,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":110,"midstream":1,"thread_ts_msec":1569687241422,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56320,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687241422,"flow_last_seen":1569687241422,"flow_idle_time":7580000,"flow_min_l4_payload_len":110,"flow_max_l4_payload_len":110,"flow_tot_l4_payload_len":110,"midstream":1,"thread_ts_msec":1569687241422,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56320,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00625{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1569687241422,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":176,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":176,"pkt_l4_len":142,"thread_ts_msec":1569687241422,"pkt":"pHczjPFANDY7z3UoCABFAgCiAABAAEAGJN0KAADjCgAAldwAH0m4VKQ8auVpuYAYEABwEgAAAQEIChwNaxEAIdNWFwMDAGnlEQRtW5ojm6mWGmuJ194WM1mCL2bpF6lVRy8fAR1ACLW+\/3MKXobzfgt7ehMx+gNqTDxT8XKtVt5pIDD++LOG\/\/cqs3TN3c3wAeYVwc4BceqqH837rqaW0xgZLYui1J36mDCwUeIDu0c="}
00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687241422,"flow_last_seen":1569687241422,"flow_idle_time":7580000,"flow_min_l4_payload_len":110,"flow_max_l4_payload_len":110,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":110,"midstream":1,"thread_ts_msec":1569687241422,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56320,"dst_port":8009,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
00771{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687241422,"flow_last_seen":1569687241422,"flow_idle_time":7580000,"flow_min_l4_payload_len":110,"flow_max_l4_payload_len":110,"flow_tot_l4_payload_len":110,"midstream":1,"thread_ts_msec":1569687241422,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56320,"dst_port":8009,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
00625{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1569687241425,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":176,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":176,"pkt_l4_len":142,"thread_ts_msec":1569687241425,"pkt":"NDY7z3UopHczjPFACABFAgCiFAFAAEAGENwKAACVCgAA4x9J3ABq5Wm5uFSkqoAYARVOTgAAAQEICgAh1UocDWsRFwMDAGlPAxZ+sivF5tip\/a4L1+WZBjanPy6dIIBwPewIOXwBBC++JWdD5zwUQ1UFmtf+v81kwZap7Lx2\/Gcfr+ckh4zK2QCeLZSVHkvGQHTulBE1960y\/ZxOXKVM8M0GvGzhWev1+K8IvZbQRCI="}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1569687241425,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687241425,"pkt":"pHczjPFANDY7z3UoCABFAAA0AABAAEAGJU0KAADjCgAAldwAH0m4VKSqauVqJ4AQD\/zHZwAAAQEIChwNaxMAIdVK"}
00537{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687241452,"flow_last_seen":1569687241452,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687241452,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":3}
00544{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687241452,"flow_last_seen":1569687241452,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687241452,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":3}
00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1569687241452,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":56,"pkt_l4_len":8,"thread_ts_msec":1569687241452,"pkt":"AQBeAAABLH6BsEqhCABGwAAgGHkAAAECIZ0KAAAB4AAAAZQEAAARCu71AAAAAGluZyBzeXNjZmc="}
00596{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687241452,"flow_last_seen":1569687241452,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687241452,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.1","l4_proto":2,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687241656,"flow_last_seen":1569687241656,"flow_idle_time":140000,"flow_min_l4_payload_len":120,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":120,"midstream":0,"thread_ts_msec":1569687241656,"l3_proto":"ip6","src_ip":"fe80::2e7e:81ff:feb0:4aa1","dst_ip":"ff02::1","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3}
00603{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687241452,"flow_last_seen":1569687241452,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687241452,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.1","l4_proto":2,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687241656,"flow_last_seen":1569687241656,"flow_idle_time":140000,"flow_min_l4_payload_len":120,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":120,"midstream":0,"thread_ts_msec":1569687241656,"l3_proto":"ip6","src_ip":"fe80::2e7e:81ff:feb0:4aa1","dst_ip":"ff02::1","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3}
00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1569687241656,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":174,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":174,"pkt_l4_len":120,"thread_ts_msec":1569687241656,"pkt":"MzMAAAABLH6BsEqhht1gAAAAAHg6\/\/6AAAAAAAAALn6B\/\/6wSqH\/AgAAAAAAAAAAAAAAAAABhgBH5kDAALQAAAAAAAAAABkFAAAAAVGAIAEFWP7tAAAAAAAAAAAAASABBVj+7QAAAAAAAAAAAAIDBEDAAAL9HQAC\/R0AAAAAJgEGRoQCRLAAAAAAAAAAABgDAAAAAAC0AAAAAAAAAAAAAAAAAAAAAAEBLH6BsEqh"}
00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687241656,"flow_last_seen":1569687241656,"flow_idle_time":140000,"flow_min_l4_payload_len":120,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":120,"midstream":0,"thread_ts_msec":1569687241656,"l3_proto":"ip6","src_ip":"fe80::2e7e:81ff:feb0:4aa1","dst_ip":"ff02::1","l4_proto":"icmp6","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
00542{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687241657,"flow_last_seen":1569687241657,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687241657,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":3}
00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687241656,"flow_last_seen":1569687241656,"flow_idle_time":140000,"flow_min_l4_payload_len":120,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":120,"midstream":0,"thread_ts_msec":1569687241656,"l3_proto":"ip6","src_ip":"fe80::2e7e:81ff:feb0:4aa1","dst_ip":"ff02::1","l4_proto":"icmp6","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
00549{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687241657,"flow_last_seen":1569687241657,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687241657,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":3}
00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1569687241657,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":46,"pkt_l4_len":8,"thread_ts_msec":1569687241657,"pkt":"AQBeAAD7pHczjPFACABGwAAgAABAAAEC+IcKAACV4AAA+5QEAAAWAAkE4AAA+w=="}
00601{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687241657,"flow_last_seen":1569687241657,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687241657,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","l4_proto":2,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
00608{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687241657,"flow_last_seen":1569687241657,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687241657,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","l4_proto":2,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1569687242068,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569687242068,"pkt":"2DE0IHf7NDY7z3UoCABFAABAAABAAEAGJT8KAADjCgAAl95UH0ntZWziAAAAALAC\/\/8\/+wAAAgQFtAEDAwUBAQgKHA1tlQAAAAAEAgAA"}
00543{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687242271,"flow_last_seen":1569687242271,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687242271,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.3.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3}
00550{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687242271,"flow_last_seen":1569687242271,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687242271,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.3.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3}
00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1569687242271,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":46,"pkt_l4_len":8,"thread_ts_msec":1569687242271,"pkt":"AQBefwMWpHczjPFACABGwAAgAABAAAEC5m0KAACV7\/8DFpQEAAAWAPbp7\/8DFg=="}
00602{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687242271,"flow_last_seen":1569687242271,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687242271,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.3.22","l4_proto":2,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
00546{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687242476,"flow_last_seen":1569687242476,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687242476,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.255.250","l4_proto":2,"flow_datalink":1,"flow_max_packets":3}
00609{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687242271,"flow_last_seen":1569687242271,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687242271,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.3.22","l4_proto":2,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687242476,"flow_last_seen":1569687242476,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687242476,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.255.250","l4_proto":2,"flow_datalink":1,"flow_max_packets":3}
00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1569687242476,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":46,"pkt_l4_len":8,"thread_ts_msec":1569687242476,"pkt":"AQBef\/\/6pHczjPFACABGwAAgAABAAAEC6YgKAACV7\/\/\/+pQEAAAWAPoE7\/\/\/+g=="}
00605{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687242476,"flow_last_seen":1569687242476,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687242476,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.255.250","l4_proto":2,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
00612{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687242476,"flow_last_seen":1569687242476,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687242476,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.255.250","l4_proto":2,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1569687243071,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569687243071,"pkt":"2DE0IHf7NDY7z3UoCABFAABAAABAAEAGJT8KAADjCgAAl95UH0ntZWziAAAAALAC\/\/88EwAAAgQFtAEDAwUBAQgKHA1xfQAAAAAEAgAA"}
00625{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1569687244524,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":174,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":174,"pkt_l4_len":120,"thread_ts_msec":1569687244524,"pkt":"MzMAAAABLH6BsEqhht1gAAAAAHg6\/\/6AAAAAAAAALn6B\/\/6wSqH\/AgAAAAAAAAAAAAAAAAABhgBH5kDAALQAAAAAAAAAABkFAAAAAVGAIAEFWP7tAAAAAAAAAAAAASABBVj+7QAAAAAAAAAAAAIDBEDAAAL9HQAC\/R0AAAAAJgEGRoQCRLAAAAAAAAAAABgDAAAAAAC0AAAAAAAAAAAAAAAAAAAAAAEBLH6BsEqh"}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687245251,"flow_last_seen":1569687245251,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1569687245251,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":52879,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687245251,"flow_last_seen":1569687245251,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"midstream":0,"thread_ts_msec":1569687245251,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":52879,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1569687245251,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1569687245251,"pkt":"LH6BsEqhNDY7z3UoCABFAABE1h4AAP8RQxAKAADjS0tMTM6PADUAMDW7jEkBAAABAAAAAAAAA3ZjbwdwYW5kaW9uBnZpYXNhdANjb20AAAEAAQ=="}
00777{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687245251,"flow_last_seen":1569687245251,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1569687245251,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":52879,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vco.pandion.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687245251,"flow_last_seen":1569687245251,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"midstream":0,"thread_ts_msec":1569687245251,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":52879,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vco.pandion.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1569687245288,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_msec":1569687245288,"pkt":"NDY7z3UoLH6BsEqhCABFAABUAABAADYRoh9LS0xMCgAA4wA1zo8AQIZKjEmBgAABAAEAAAAAA3ZjbwdwYW5kaW9uBnZpYXNhdANjb20AAAEAAcAMAAEAAQAAADwABAglZls="}
00789{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687245251,"flow_last_seen":1569687245288,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1569687245288,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":52879,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vco.pandion.viasat.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"8.37.102.91"}}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687245295,"flow_last_seen":1569687245295,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1569687245295,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61387,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569687245251,"flow_last_seen":1569687245288,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"midstream":0,"thread_ts_msec":1569687245288,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":52879,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vco.pandion.viasat.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"8.37.102.91"}}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687245295,"flow_last_seen":1569687245295,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"midstream":0,"thread_ts_msec":1569687245295,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61387,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1569687245295,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1569687245295,"pkt":"LH6BsEqhNDY7z3UoCABFAABE77wAAEAR6XMKAADjS0tLS+\/LADUAMHT3LLcBAAABAAAAAAAAA3ZjbwdwYW5kaW9uBnZpYXNhdANjb20AABwAAQ=="}
00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687245295,"flow_last_seen":1569687245295,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1569687245295,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61387,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vco.pandion.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00785{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687245295,"flow_last_seen":1569687245295,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"midstream":0,"thread_ts_msec":1569687245295,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61387,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vco.pandion.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00607{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1569687245320,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":163,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":163,"pkt_l4_len":129,"thread_ts_msec":1569687245320,"pkt":"NDY7z3UoLH6BsEqhCABFAACVAABAADoRnt9LS0tLCgAA4wA178sAgY60LLeBgAABAAAAAQAAA3ZjbwdwYW5kaW9uBnZpYXNhdANjb20AABwAAcAYAAYAAQAAA4QARQZucy02MzIJYXdzZG5zLTE1A25ldAARYXdzZG5zLWhvc3RtYXN0ZXIGYW1hem9uwB8AAAABAAAcIAAAA4QAEnUAAAFRgA=="}
00789{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":20,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687245295,"flow_last_seen":1569687245320,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":121,"flow_tot_l4_payload_len":161,"flow_avg_l4_payload_len":80,"midstream":0,"thread_ts_msec":1569687245320,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61387,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vco.pandion.viasat.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687245321,"flow_last_seen":1569687245321,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1569687245321,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":62322,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":20,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569687245295,"flow_last_seen":1569687245320,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":121,"flow_tot_l4_payload_len":161,"midstream":0,"thread_ts_msec":1569687245320,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61387,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vco.pandion.viasat.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687245321,"flow_last_seen":1569687245321,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"midstream":0,"thread_ts_msec":1569687245321,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":62322,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1569687245321,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1569687245321,"pkt":"LH6BsEqhNDY7z3UoCABFAABEwHQAAEARF7sKAADjS0tMTPNyADUAMHBPLLcBAAABAAAAAAAAA3ZjbwdwYW5kaW9uBnZpYXNhdANjb20AABwAAQ=="}
00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687245321,"flow_last_seen":1569687245321,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1569687245321,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":62322,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vco.pandion.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00785{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687245321,"flow_last_seen":1569687245321,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"midstream":0,"thread_ts_msec":1569687245321,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":62322,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vco.pandion.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00607{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1569687245366,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":163,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":163,"pkt_l4_len":129,"thread_ts_msec":1569687245366,"pkt":"NDY7z3UoLH6BsEqhCABFAACVAABAADYRod5LS0xMCgAA4wA183IAgYoMLLeBgAABAAAAAQAAA3ZjbwdwYW5kaW9uBnZpYXNhdANjb20AABwAAcAYAAYAAQAAA4QARQZucy02MzIJYXdzZG5zLTE1A25ldAARYXdzZG5zLWhvc3RtYXN0ZXIGYW1hem9uwB8AAAABAAAcIAAAA4QAEnUAAAFRgA=="}
00789{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687245321,"flow_last_seen":1569687245366,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":121,"flow_tot_l4_payload_len":161,"flow_avg_l4_payload_len":80,"midstream":0,"thread_ts_msec":1569687245366,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":62322,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vco.pandion.viasat.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687245379,"flow_last_seen":1569687245379,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569687245379,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569687245321,"flow_last_seen":1569687245366,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":121,"flow_tot_l4_payload_len":161,"midstream":0,"thread_ts_msec":1569687245366,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":62322,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vco.pandion.viasat.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687245379,"flow_last_seen":1569687245379,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569687245379,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1569687245379,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569687245379,"pkt":"LH6BsEqhNDY7z3UoCABFAABAAABAAEAGwVUKAADjCCVmW95WAbsTaDYfAAAAALAC\/\/\/9eAAAAgQFtAEDAwUBAQgKHA16ewAAAAAEAgAA"}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1569687245420,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1569687245420,"pkt":"NDY7z3UoLH6BsEqhCABFAAA4kvsAAPcGt2EIJWZbCgAA4wG73lYzzRbpE2g2IJASgADBAwAAAgQFtAEBCAo\/+VnGHA16ew=="}
00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1569687245420,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687245420,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGwWEKAADjCCVmW95WAbsTaDYgM80W6oAQ\/\/9YmgAAAQEIChwNeqI\/+VnG"}
00946{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569687245379,"flow_last_seen":1569687245420,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1569687245420,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
01097{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":28,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569687245379,"flow_last_seen":1569687245469,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1615,"flow_avg_l4_payload_len":269,"midstream":0,"thread_ts_msec":1569687245469,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","alpn":"http\/1.1"}}
01484{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":34,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1569687245379,"flow_last_seen":1569687245547,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5904,"flow_avg_l4_payload_len":492,"midstream":0,"thread_ts_msec":1569687245547,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","server_names":"*.pandion.viasat.com,pandion.viasat.com","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Entrust, Inc., OU=See www.entrust.net\/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K","subjectDN":"C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com","alpn":"http\/1.1","fingerprint":"92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA"}}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687245576,"flow_last_seen":1569687245576,"flow_idle_time":7580000,"flow_min_l4_payload_len":65,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":65,"flow_avg_l4_payload_len":65,"midstream":1,"thread_ts_msec":1569687245576,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56915,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00952{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569687245379,"flow_last_seen":1569687245420,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"midstream":0,"thread_ts_msec":1569687245420,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
01102{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":28,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569687245379,"flow_last_seen":1569687245469,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1615,"midstream":0,"thread_ts_msec":1569687245469,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","alpn":"http\/1.1"}}
01488{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":34,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1569687245379,"flow_last_seen":1569687245547,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5904,"midstream":0,"thread_ts_msec":1569687245547,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","server_names":"*.pandion.viasat.com,pandion.viasat.com","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Entrust, Inc., OU=See www.entrust.net\/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K","subjectDN":"C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com","alpn":"http\/1.1","fingerprint":"92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA"}}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687245576,"flow_last_seen":1569687245576,"flow_idle_time":7580000,"flow_min_l4_payload_len":65,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":65,"midstream":1,"thread_ts_msec":1569687245576,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56915,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1569687245576,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":131,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":131,"pkt_l4_len":97,"thread_ts_msec":1569687245576,"pkt":"LH6BsEqhNDY7z3UoCABFAAB1AABAAEAGB84KAADjNCXzrd5TAbsf\/e\/ecO3V5YAYEAD5fAAAAQEIChwNezsAjX27FwMDADwAAAAAAAAABDacZQu2ja7FJp11i4XaHEcZRuFBd8RaXcXBvhAzXAi\/k3IQYhPu9V\/rSa1OnXc4wt4EKb0="}
00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687245576,"flow_last_seen":1569687245576,"flow_idle_time":7580000,"flow_min_l4_payload_len":65,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":65,"flow_avg_l4_payload_len":65,"midstream":1,"thread_ts_msec":1569687245576,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56915,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687245576,"flow_last_seen":1569687245576,"flow_idle_time":7580000,"flow_min_l4_payload_len":65,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":65,"flow_avg_l4_payload_len":65,"midstream":1,"thread_ts_msec":1569687245576,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56914,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687245576,"flow_last_seen":1569687245576,"flow_idle_time":7580000,"flow_min_l4_payload_len":65,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":65,"midstream":1,"thread_ts_msec":1569687245576,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56915,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687245576,"flow_last_seen":1569687245576,"flow_idle_time":7580000,"flow_min_l4_payload_len":65,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":65,"midstream":1,"thread_ts_msec":1569687245576,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56914,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1569687245576,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":131,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":131,"pkt_l4_len":97,"thread_ts_msec":1569687245576,"pkt":"LH6BsEqhNDY7z3UoCABFAAB1AABAAEAGB84KAADjNCXzrd5SAbt7aDL2a\/IufIAYEADmYwAAAQEIChwNezsCYFg6FwMDADwAAAAAAAAAA\/6MZ3K3UnwgKSolneP\/V\/Ul5QfA4HWbTZY4CgoWP92J0WcPzatLmBPNGkrfeEXB3KaiGuM="}
00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687245576,"flow_last_seen":1569687245576,"flow_idle_time":7580000,"flow_min_l4_payload_len":65,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":65,"flow_avg_l4_payload_len":65,"midstream":1,"thread_ts_msec":1569687245576,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56914,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687245576,"flow_last_seen":1569687245576,"flow_idle_time":7580000,"flow_min_l4_payload_len":65,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":65,"midstream":1,"thread_ts_msec":1569687245576,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56914,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1569687245649,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687245649,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0y8JAACsGUUw0JfOtCgAA4wG73lNw7dXlH\/3wH4AQAAnwQQAAAQEICgCNhOgcDXs7"}
00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1569687245653,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687245653,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0VN5AACoGyTA0JfOtCgAA4wG73lJr8i58e2gzN4AQAAkgwQAAAQEICgJgYHkcDXs7"}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687245688,"flow_last_seen":1569687245688,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569687245688,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687245688,"flow_last_seen":1569687245688,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569687245688,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1569687245688,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569687245688,"pkt":"LH6BsEqhNDY7z3UoCABFAABAAABAAEAGwVUKAADjCCVmW95XAbsu53nzAAAAALAC\/\/+c+QAAAgQFtAEDAwUBAQgKHA17pgAAAAAEAgAA"}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1569687245727,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1569687245727,"pkt":"NDY7z3UoLH6BsEqhCABFAAA4hY0AAPcGxM8IJWZbCgAA4wG73ldszApGLud59JASgAAy9QAAAgQFtAEBCAo\/+Vr5HA17pg=="}
00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1569687245727,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687245727,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGwWEKAADjCCVmW95XAbsu53n0bMwKR4AQ\/\/\/KjAAAAQEIChwNe8w\/+Vr5"}
00946{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569687245688,"flow_last_seen":1569687245728,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1569687245728,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
01097{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":62,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569687245688,"flow_last_seen":1569687245772,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1615,"flow_avg_l4_payload_len":269,"midstream":0,"thread_ts_msec":1569687245772,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","alpn":"http\/1.1"}}
01484{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":68,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1569687245688,"flow_last_seen":1569687245851,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5959,"flow_avg_l4_payload_len":496,"midstream":0,"thread_ts_msec":1569687245851,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","server_names":"*.pandion.viasat.com,pandion.viasat.com","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Entrust, Inc., OU=See www.entrust.net\/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K","subjectDN":"C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com","alpn":"http\/1.1","fingerprint":"92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA"}}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":93,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687246891,"flow_last_seen":1569687246891,"flow_idle_time":200000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":23,"midstream":0,"thread_ts_msec":1569687246891,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":63107,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00952{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569687245688,"flow_last_seen":1569687245728,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"midstream":0,"thread_ts_msec":1569687245728,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
01102{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":62,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569687245688,"flow_last_seen":1569687245772,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1615,"midstream":0,"thread_ts_msec":1569687245772,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","alpn":"http\/1.1"}}
01488{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":68,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1569687245688,"flow_last_seen":1569687245851,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5959,"midstream":0,"thread_ts_msec":1569687245851,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","server_names":"*.pandion.viasat.com,pandion.viasat.com","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Entrust, Inc., OU=See www.entrust.net\/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K","subjectDN":"C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com","alpn":"http\/1.1","fingerprint":"92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA"}}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":93,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687246891,"flow_last_seen":1569687246891,"flow_idle_time":200000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"midstream":0,"thread_ts_msec":1569687246891,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":63107,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1569687246891,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":65,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":65,"pkt_l4_len":31,"thread_ts_msec":1569687246891,"pkt":"LH6BsEqhNDY7z3UoCABFAAAzrdgAAP8Ra2cKAADjS0tMTPaDADUAH3AoGBgBAAABAAAAAAAABWxvY2FsAAAGAAE="}
00761{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":93,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687246891,"flow_last_seen":1569687246891,"flow_idle_time":200000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":23,"midstream":0,"thread_ts_msec":1569687246891,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":63107,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"local","num_queries":0,"num_answers":0,"reply_code":0,"query_type":6,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00767{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":93,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687246891,"flow_last_seen":1569687246891,"flow_idle_time":200000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"midstream":0,"thread_ts_msec":1569687246891,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":63107,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"local","num_queries":0,"num_answers":0,"reply_code":0,"query_type":6,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1569687246924,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_msec":1569687246924,"pkt":"NDY7z3UoLH6BsEqhCABFAAB+AABAADYRofVLS0xMCgAA4wA19oMAah4oGBiBgwABAAAAAQAABWxvY2FsAAAGAAEAAAYAAQAAAyoAQAFhDHJvb3Qtc2VydmVycwNuZXQABW5zdGxkDHZlcmlzaWduLWdycwNjb20AeFjpQAAABwgAAAOEAAk6gAABUYA="}
00770{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":94,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687246891,"flow_last_seen":1569687246924,"flow_idle_time":200000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":121,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1569687246924,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":63107,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"local","num_queries":1,"num_answers":1,"reply_code":3,"query_type":6,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00552{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":95,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687246924,"flow_last_seen":1569687246924,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1569687246924,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3}
00776{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":94,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569687246891,"flow_last_seen":1569687246924,"flow_idle_time":200000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":121,"midstream":0,"thread_ts_msec":1569687246924,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":63107,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"local","num_queries":1,"num_answers":1,"reply_code":3,"query_type":6,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00558{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":95,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687246924,"flow_last_seen":1569687246924,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"midstream":0,"thread_ts_msec":1569687246924,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1569687246924,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1569687246924,"pkt":"LH6BsEqhNDY7z3UoCABFAAA4dQYAAEABY0UKAADjS0tMTAMDBdoAAAAARQAAfgAAQAA2EaH1S0tMTAoAAOMANfaDAGoAAA=="}
00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":95,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687246924,"flow_last_seen":1569687246924,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1569687246924,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","l4_proto":"icmp","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":3.305435}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":96,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687246981,"flow_last_seen":1569687246981,"flow_idle_time":200000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1569687246981,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":95,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687246924,"flow_last_seen":1569687246924,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"midstream":0,"thread_ts_msec":1569687246924,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","l4_proto":"icmp","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":3.305435}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":96,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687246981,"flow_last_seen":1569687246981,"flow_idle_time":200000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":112,"midstream":0,"thread_ts_msec":1569687246981,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00595{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1569687246981,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_msec":1569687246981,"pkt":"AQBeAAD7GIEORo7ICABFAACMDQUAAP8RwosKAADV4AAA+xTpFOkAeGDHAAAAAAADAAAAAAABD19jb21wYW5pb24tbGluawRfdGNwBWxvY2FsAAAMgAEIX2hvbWVraXTAHAAMgAEMX3NsZWVwLXByb3h5BF91ZHDAIQAMgAEAACkFoAAAEZQAEgAEAA4AmjqBDkaOyBiBDkaOyA=="}
00694{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":96,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687246981,"flow_last_seen":1569687246981,"flow_idle_time":200000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1569687246981,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_companion-link._tcp.local"}}
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":97,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687246982,"flow_last_seen":1569687246982,"flow_idle_time":200000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1569687246982,"l3_proto":"ip6","src_ip":"fe80::408:3e45:3abc:1552","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00699{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":96,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687246981,"flow_last_seen":1569687246981,"flow_idle_time":200000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":112,"midstream":0,"thread_ts_msec":1569687246981,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_companion-link._tcp.local"}}
00603{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":97,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687246982,"flow_last_seen":1569687246982,"flow_idle_time":200000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":112,"midstream":0,"thread_ts_msec":1569687246982,"l3_proto":"ip6","src_ip":"fe80::408:3e45:3abc:1552","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00623{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1569687246982,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":174,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":174,"pkt_l4_len":120,"thread_ts_msec":1569687246982,"pkt":"MzMAAAD7GIEORo7Iht1gBoi5AHgR\/\/6AAAAAAAAABAg+RTq8FVL\/AgAAAAAAAAAAAAAAAAD7FOkU6QB4u70AAAAAAAMAAAAAAAEPX2NvbXBhbmlvbi1saW5rBF90Y3AFbG9jYWwAAAyAAQhfaG9tZWtpdMAcAAyAAQxfc2xlZXAtcHJveHkEX3VkcMAhAAyAAQAAKQWgAAARlAASAAQADgCaOoEORo7IGIEORo7I"}
00705{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":97,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687246982,"flow_last_seen":1569687246982,"flow_idle_time":200000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1569687246982,"l3_proto":"ip6","src_ip":"fe80::408:3e45:3abc:1552","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_companion-link._tcp.local"}}
00541{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":98,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687246982,"flow_last_seen":1569687246982,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687246982,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.2","l4_proto":2,"flow_datalink":1,"flow_max_packets":3}
00710{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":97,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687246982,"flow_last_seen":1569687246982,"flow_idle_time":200000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":112,"midstream":0,"thread_ts_msec":1569687246982,"l3_proto":"ip6","src_ip":"fe80::408:3e45:3abc:1552","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_companion-link._tcp.local"}}
00548{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":98,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687246982,"flow_last_seen":1569687246982,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687246982,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.2","l4_proto":2,"flow_datalink":1,"flow_max_packets":3}
00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1569687246982,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":46,"pkt_l4_len":8,"thread_ts_msec":1569687246982,"pkt":"AQBeAAACGIEORo7ICABGAAAgLwcAAAECCvoKAADV4AAAApQEAAAXAAgE4AAA+w=="}
00600{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":98,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687246982,"flow_last_seen":1569687246982,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687246982,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.2","l4_proto":2,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
00543{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":99,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687246982,"flow_last_seen":1569687246982,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687246982,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":3}
00607{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":98,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687246982,"flow_last_seen":1569687246982,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687246982,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.2","l4_proto":2,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
00550{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":99,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687246982,"flow_last_seen":1569687246982,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687246982,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":3}
00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1569687246982,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":46,"pkt_l4_len":8,"thread_ts_msec":1569687246982,"pkt":"AQBeAAD7GIEORo7ICABGAAAg0EsAAAECaLwKAADV4AAA+5QEAAAWAAkE4AAA+w=="}
00602{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":99,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687246982,"flow_last_seen":1569687246982,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687246982,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","l4_proto":2,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":102,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687247192,"flow_last_seen":1569687247192,"flow_idle_time":200000,"flow_min_l4_payload_len":232,"flow_max_l4_payload_len":232,"flow_tot_l4_payload_len":232,"flow_avg_l4_payload_len":232,"midstream":0,"thread_ts_msec":1569687247192,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.213","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00609{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":99,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687246982,"flow_last_seen":1569687246982,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687246982,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","l4_proto":2,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":102,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687247192,"flow_last_seen":1569687247192,"flow_idle_time":200000,"flow_min_l4_payload_len":232,"flow_max_l4_payload_len":232,"flow_tot_l4_payload_len":232,"midstream":0,"thread_ts_msec":1569687247192,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.213","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00756{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1569687247192,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"thread_ts_msec":1569687247192,"pkt":"GIEORo7INDY7z3UoCABFAAEE6tAAAP8RumAKAADjCgAA1RTpFOkA8ADKAACEAAAAAAEAAAAED19jb21wYW5pb24tbGluawRfdGNwBWxvY2FsAAAMAAEAABGUABQRTFAtUktFUlVSLU9TWCAoOSnADMAyACGAAQAAAHgADQAAAADbaQRuRFBJwCHAMgAQgAEAABGUACIWcnBCQT0zNzoyRTo0Nzo2RDoxODo1NApycFZyPTE1Mi4xEUxQLVJLRVJVUi1PU1ggKDkpDF9kZXZpY2UtaW5mb8AcABAAAQAAEZQAIBRtb2RlbD1NYWNCb29rUHJvMTEsMQpvc3h2ZXJzPTE3wFgAAYABAAAAeAAECgAA4w=="}
00694{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":102,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687247192,"flow_last_seen":1569687247192,"flow_idle_time":200000,"flow_min_l4_payload_len":232,"flow_max_l4_payload_len":232,"flow_tot_l4_payload_len":232,"flow_avg_l4_payload_len":232,"midstream":0,"thread_ts_msec":1569687247192,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.213","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_companion-link._tcp.local"}}
00699{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":102,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687247192,"flow_last_seen":1569687247192,"flow_idle_time":200000,"flow_min_l4_payload_len":232,"flow_max_l4_payload_len":232,"flow_tot_l4_payload_len":232,"midstream":0,"thread_ts_msec":1569687247192,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.213","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_companion-link._tcp.local"}}
00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1569687247306,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":129,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":129,"pkt_l4_len":95,"thread_ts_msec":1569687247306,"pkt":"LH6BsEqhNDY7z3UoCABFAABzAABAAEAGB9AKAADjNCXzrd5SAbt7aDM3a\/IufIAYEAAjBQAAAQEIChwNgekCYGB5FwMDADoAAAAAAAAABP6P4Nbq7ON\/6\/AGxu6nGVDbyH\/VD4ZdKbxLWPLfwYcNeZogzNp7TOtgIRax\/b1ZBFBO"}
00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1569687247306,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":129,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":129,"pkt_l4_len":95,"thread_ts_msec":1569687247306,"pkt":"LH6BsEqhNDY7z3UoCABFAABzAABAAEAGB9AKAADjNCXzrd5TAbsf\/fAfcO3V5YAYEADtVwAAAQEIChwNgekAjYToFwMDADoAAAAAAAAABVQHVjyN4wBxs8m+2i54okht8UdFndDP4vwtKiUe9j1LvsBOOnvld8r5j6XDOjeRQG2g"}
00565{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":111,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687247596,"flow_last_seen":1569687247596,"flow_idle_time":140000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1569687247596,"l3_proto":"ip6","src_ip":"fe80::408:3e45:3abc:1552","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3}
00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":111,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687247596,"flow_last_seen":1569687247596,"flow_idle_time":140000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"midstream":0,"thread_ts_msec":1569687247596,"l3_proto":"ip6","src_ip":"fe80::408:3e45:3abc:1552","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1569687247596,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":90,"pkt_l4_len":28,"thread_ts_msec":1569687247596,"pkt":"MzMAAAAWGIEORo7Iht1gAAAAACQAAf6AAAAAAAAABAg+RTq8FVL\/AgAAAAAAAAAAAAAAAAAWOgABAAUCAACPANy0AAAAAQQAAAD\/AgAAAAAAAAAAAAAAAAD7"}
00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":111,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687247596,"flow_last_seen":1569687247596,"flow_idle_time":140000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1569687247596,"l3_proto":"ip6","src_ip":"fe80::408:3e45:3abc:1552","dst_ip":"ff02::16","l4_proto":"icmp6","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":111,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687247596,"flow_last_seen":1569687247596,"flow_idle_time":140000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"midstream":0,"thread_ts_msec":1569687247596,"l3_proto":"ip6","src_ip":"fe80::408:3e45:3abc:1552","dst_ip":"ff02::16","l4_proto":"icmp6","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
00626{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1569687247596,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":174,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":174,"pkt_l4_len":120,"thread_ts_msec":1569687247596,"pkt":"MzMAAAABLH6BsEqhht1gAAAAAHg6\/\/6AAAAAAAAALn6B\/\/6wSqH\/AgAAAAAAAAAAAAAAAAABhgBH5kDAALQAAAAAAAAAABkFAAAAAVGAIAEFWP7tAAAAAAAAAAAAASABBVj+7QAAAAAAAAAAAAIDBEDAAAL9HQAC\/R0AAAAAJgEGRoQCRLAAAAAAAAAAABgDAAAAAAC0AAAAAAAAAAAAAAAAAAAAAAEBLH6BsEqh"}
00636{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1569687248005,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_msec":1569687248005,"pkt":"AQBeAAD7GIEORo7ICABFAACszwUAAP8RAGsKAADV4AAA+xTpFOkAmDTQAAAAAAADAAEAAAABD19jb21wYW5pb24tbGluawRfdGNwBWxvY2FsAAAMAAEIX2hvbWVraXTAHAAMAAEMX3NsZWVwLXByb3h5BF91ZHDAIQAMAAHADAAMAAEAAA4QABQRTFAtUktFUlVSLU9TWCAoOSnADAAAKQWgAAARlAASAAQADgCaOoEORo7IGIEORo7I"}
00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1569687248006,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":206,"pkt_l4_len":152,"thread_ts_msec":1569687248006,"pkt":"MzMAAAD7GIEORo7Iht1gBoi5AJgR\/\/6AAAAAAAAABAg+RTq8FVL\/AgAAAAAAAAAAAAAAAAD7FOkU6QCYj8YAAAAAAAMAAQAAAAEPX2NvbXBhbmlvbi1saW5rBF90Y3AFbG9jYWwAAAwAAQhfaG9tZWtpdMAcAAwAAQxfc2xlZXAtcHJveHkEX3VkcMAhAAwAAcAMAAwAAQAADhAAFBFMUC1SS0VSVVItT1NYICg5KcAMAAApBaAAABGUABIABAAOAJo6gQ5GjsgYgQ5Gjsg="}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1569687248620,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":90,"pkt_l4_len":28,"thread_ts_msec":1569687248620,"pkt":"MzMAAAAWGIEORo7Iht1gAAAAACQAAf6AAAAAAAAABAg+RTq8FVL\/AgAAAAAAAAAAAAAAAAAWOgABAAUCAACPANy0AAAAAQQAAAD\/AgAAAAAAAAAAAAAAAAD7"}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":116,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687249612,"flow_last_seen":1569687249612,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687249612,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56917,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":116,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687249612,"flow_last_seen":1569687249612,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687249612,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56917,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1569687249612,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1569687249612,"pkt":"LH6BsEqhNDY7z3UoCABFAAAoT2EAAEAGMCYKAADjuBk4Td5VAFBor5ytCT1EPVAQEAlzBQAA"}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":117,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687249612,"flow_last_seen":1569687249612,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687249612,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56884,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":117,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687249612,"flow_last_seen":1569687249612,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687249612,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56884,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1569687249612,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1569687249612,"pkt":"LH6BsEqhNDY7z3UoCABFAAAogHcAAEAG\/w8KAADjuBk4Td40AFBjyKiAGk9l7lAQEAA5gAAA"}
00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1569687249631,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687249631,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0NJhAADcGE+O4GThNCgAA4wBQ3jQaT2XuY8iogYAQAPO0OwAAAQEICuMU+IIcDWOU"}
00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1569687249631,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687249631,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0uJpAADgGjuC4GThNCgAA4wBQ3lUJPUQ9aK+croAQAOvt6gAAAQEICuMU+IIcDWN7"}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":121,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687251177,"flow_last_seen":1569687251177,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1569687251177,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":54851,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":121,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687251177,"flow_last_seen":1569687251177,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"midstream":0,"thread_ts_msec":1569687251177,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":54851,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1569687251177,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1569687251177,"pkt":"LH6BsEqhNDY7z3UoCABFAAA+HQ0AAP8R\/CcKAADjS0tMTNZDADUAKtGSphcBAAABAAAAAAAABXByaW50BnZpYXNhdANjb20AAAEAAQ=="}
00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":121,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687251177,"flow_last_seen":1569687251177,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1569687251177,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":54851,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"print.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":121,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687251177,"flow_last_seen":1569687251177,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"midstream":0,"thread_ts_msec":1569687251177,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":54851,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"print.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00601{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1569687251230,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":157,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":157,"pkt_l4_len":123,"thread_ts_msec":1569687251230,"pkt":"NDY7z3UoLH6BsEqhCABFAACPAABAADYRoeRLS0xMCgAA4wA11kMAe\/FSpheBgwABAAAAAQAABXByaW50BnZpYXNhdANjb20AAAEAAcASAAYAAQAAA4QARQZucy02MzIJYXdzZG5zLTE1A25ldAARYXdzZG5zLWhvc3RtYXN0ZXIGYW1hem9uwBkAAAABAAAcIAAAA4QAEnUAAAFRgA=="}
00783{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":122,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687251177,"flow_last_seen":1569687251230,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":74,"midstream":0,"thread_ts_msec":1569687251230,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":54851,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"print.viasat.com","num_queries":1,"num_answers":1,"reply_code":3,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":127,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687255989,"flow_last_seen":1569687255989,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1569687255989,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":58155,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00789{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":122,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569687251177,"flow_last_seen":1569687251230,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":149,"midstream":0,"thread_ts_msec":1569687251230,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":54851,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"print.viasat.com","num_queries":1,"num_answers":1,"reply_code":3,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":127,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687255989,"flow_last_seen":1569687255989,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"midstream":0,"thread_ts_msec":1569687255989,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":58155,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":127,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1569687255989,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_msec":1569687255989,"pkt":"LH6BsEqhNDY7z3UoCABFAAA3enMAAP8RnsgKAADjS0tMTOMrADUAI5+UjycBAAABAAAAAAAABXNsYWNrA2NvbQAAAQAB"}
00778{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":127,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687255989,"flow_last_seen":1569687255989,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1569687255989,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":58155,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Slack","breed":"Acceptable","category":"Collaborative"},"dns": {"query":"slack.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":127,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687255989,"flow_last_seen":1569687255989,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"midstream":0,"thread_ts_msec":1569687255989,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":58155,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Slack","breed":"Acceptable","category":"Collaborative"},"dns": {"query":"slack.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1569687256018,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_msec":1569687256018,"pkt":"NDY7z3UoLH6BsEqhCABFAABHAABAADcRoSxLS0xMCgAA4wA14ysAM\/asjyeBgAABAAEAAAAABXNsYWNrA2NvbQAAAQABwAwAAQABAAAAIwAEY1YinA=="}
00791{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":128,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687255989,"flow_last_seen":1569687256018,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":70,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1569687256018,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":58155,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Slack","breed":"Acceptable","category":"Collaborative"},"dns": {"query":"slack.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"99.86.34.156"}}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":129,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687256018,"flow_last_seen":1569687256018,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569687256018,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"99.86.34.156","src_port":56920,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":128,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569687255989,"flow_last_seen":1569687256018,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":70,"midstream":0,"thread_ts_msec":1569687256018,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":58155,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Slack","breed":"Acceptable","category":"Collaborative"},"dns": {"query":"slack.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"99.86.34.156"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":129,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687256018,"flow_last_seen":1569687256018,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569687256018,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"99.86.34.156","src_port":56920,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":129,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1569687256018,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569687256018,"pkt":"LH6BsEqhNDY7z3UoCABFAABAAABAAEAGqeMKAADjY1YinN5YAbvhhxKGAAAAALAC\/\/8SKwAAAgQFtAEDAwUBAQgKHA2jzgAAAAAEAgAA"}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1569687256050,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1569687256050,"pkt":"NDY7z3UoLH6BsEqhCABFAAA8AABAAO4G++ZjViKcCgAA4wG73lg6Ai8I4YcSh6AScSDdlgAAAgQFtAQCCApVvxWbHA2jzgEDAwg="}
00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":131,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1569687256050,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687256050,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGqe8KAADjY1YinN5YAbvhhxKHOgIvCYAQEBVtUAAAAQEIChwNo+1VvxWb"}
00856{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":132,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569687256018,"flow_last_seen":1569687256050,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569687256050,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"99.86.34.156","src_port":56920,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Slack","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"slack.com","ja3":"d8dc5f8940df366b3a58b935569143e8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00910{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":134,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569687256018,"flow_last_seen":1569687256093,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":663,"flow_avg_l4_payload_len":110,"midstream":0,"thread_ts_msec":1569687256093,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"99.86.34.156","src_port":56920,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Slack","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"slack.com","ja3":"d8dc5f8940df366b3a58b935569143e8","ja3s":"7bee5c1d424b7e5f943b06983bb11422","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":132,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569687256018,"flow_last_seen":1569687256050,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"midstream":0,"thread_ts_msec":1569687256050,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"99.86.34.156","src_port":56920,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Slack","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"slack.com","ja3":"d8dc5f8940df366b3a58b935569143e8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00915{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":134,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569687256018,"flow_last_seen":1569687256093,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":663,"midstream":0,"thread_ts_msec":1569687256093,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"99.86.34.156","src_port":56920,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Slack","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"slack.com","ja3":"d8dc5f8940df366b3a58b935569143e8","ja3s":"7bee5c1d424b7e5f943b06983bb11422","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
00596{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":165,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1569687259269,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_msec":1569687259269,"pkt":"AQBeAAD7GIEORo7ICABFAACMyOAAAP8RBrAKAADV4AAA+xTpFOkAeGDGAAAAAAADAAAAAAABD19jb21wYW5pb24tbGluawRfdGNwBWxvY2FsAAAMgAEIX2hvbWVraXTAHAAMgAEMX3NsZWVwLXByb3h5BF91ZHDAIQAMgAEAACkFoAAAEZQAEgAEAA4AmzqBDkaOyBiBDkaOyA=="}
00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1569687259270,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":174,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":174,"pkt_l4_len":120,"thread_ts_msec":1569687259270,"pkt":"MzMAAAD7GIEORo7Iht1gBoi5AHgR\/\/6AAAAAAAAABAg+RTq8FVL\/AgAAAAAAAAAAAAAAAAD7FOkU6QB4u7wAAAAAAAMAAAAAAAEPX2NvbXBhbmlvbi1saW5rBF90Y3AFbG9jYWwAAAyAAQhfaG9tZWtpdMAcAAyAAQxfc2xlZXAtcHJveHkEX3VkcMAhAAyAAQAAKQWgAAARlAASAAQADgCbOoEORo7IGIEORo7I"}
00756{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1569687259297,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"thread_ts_msec":1569687259297,"pkt":"GIEORo7INDY7z3UoCABFAAEEsFAAAP8R9OAKAADjCgAA1RTpFOkA8ADKAACEAAAAAAEAAAAED19jb21wYW5pb24tbGluawRfdGNwBWxvY2FsAAAMAAEAABGUABQRTFAtUktFUlVSLU9TWCAoOSnADMAyACGAAQAAAHgADQAAAADbaQRuRFBJwCHAMgAQgAEAABGUACIWcnBCQT0zNzoyRTo0Nzo2RDoxODo1NApycFZyPTE1Mi4xEUxQLVJLRVJVUi1PU1ggKDkpDF9kZXZpY2UtaW5mb8AcABAAAQAAEZQAIBRtb2RlbD1NYWNCb29rUHJvMTEsMQpvc3h2ZXJzPTE3wFgAAYABAAAAeAAECgAA4w=="}
@@ -127,275 +127,275 @@
00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":170,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1569687259694,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1569687259694,"pkt":"LH6BsEqhNDY7z3UoCABFAAAoLkYAAEAGUUEKAADjuBk4Td40AFBjyKiAGk9l7lAQEAA5gAAA"}
00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1569687260293,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":46,"pkt_l4_len":8,"thread_ts_msec":1569687260293,"pkt":"AQBeAAACGIEORo7ICABGAAAgPP4AAAEC\/QIKAADV4AAAApQEAAAXAAgE4AAA+w=="}
00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":174,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1569687260293,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":46,"pkt_l4_len":8,"thread_ts_msec":1569687260293,"pkt":"AQBeAAD7GIEORo7ICABGAAAgpGYAAAEClKEKAADV4AAA+5QEAAAWAAkE4AAA+w=="}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":177,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687260469,"flow_last_seen":1569687260469,"flow_idle_time":7580000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":1,"thread_ts_msec":1569687260469,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"35.201.124.9","src_port":56910,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":177,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687260469,"flow_last_seen":1569687260469,"flow_idle_time":7580000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"midstream":1,"thread_ts_msec":1569687260469,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"35.201.124.9","src_port":56910,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1569687260469,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":104,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":104,"pkt_l4_len":70,"thread_ts_msec":1569687260469,"pkt":"LH6BsEqhNDY7z3UoCABFAABaAABAAEAGj+kKAADjI8l8Cd5OAbsN94yysPePlIAYEACJPAAAAQEIChwNtRgGQIQkFwMDACEAAAAAAAAAA3VW6sM2CHDT\/Oy2e1MF3bFmEvrGQamtRJY="}
00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":177,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687260469,"flow_last_seen":1569687260469,"flow_idle_time":7580000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":1,"thread_ts_msec":1569687260469,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"35.201.124.9","src_port":56910,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleCloud","breed":"Acceptable","category":"Cloud"}}
00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":177,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687260469,"flow_last_seen":1569687260469,"flow_idle_time":7580000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"midstream":1,"thread_ts_msec":1569687260469,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"35.201.124.9","src_port":56910,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleCloud","breed":"Acceptable","category":"Cloud"}}
00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1569687260489,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687260489,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0Bk0AAHoGj8IjyXwJCgAA4wG73k6w94+UDfeM2IAQAPROCgAAAQEICgZA6j4cDbUY"}
00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":1569687260521,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_msec":1569687260521,"pkt":"NDY7z3UoLH6BsEqhCABFAABUBk4AAHoGj6EjyXwJCgAA4wG73k6w94+UDfeM2IAYAPS6xgAAAQEICgZA6l4cDbUYFwMDABsAAAAAAAAABNY2znqkTRgDlTqE63fXsBbyQmM="}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":181,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687260591,"flow_last_seen":1569687260591,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569687260591,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.96.194","src_port":56921,"dst_port":4287,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":181,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687260591,"flow_last_seen":1569687260591,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569687260591,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.96.194","src_port":56921,"dst_port":4287,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1569687260591,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569687260591,"pkt":"LH6BsEqhNDY7z3UoCABFAABAAABAAEAGxu4KAADjCCVgwt5ZEL8UzEFoAAAAALAC\/\/+sRwAAAgQFtAEDAwUBAQgKHA21kQAAAAAEAgAA"}
00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1569687260620,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569687260620,"pkt":"NDY7z3UoLH6BsEqhCABFAABAE+xAAPEGAgIIJWDCCgAA4xC\/3lkWZHs7FMxBabASECzSsgAAAgQFZAEDAwIBAQgKeKa\/ZBwNtZEEAgAA"}
00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":1569687260620,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687260620,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGxvoKAADjCCVgwt5ZEL8UzEFpFmR7PIAQEAgSNwAAAQEIChwNta14pr9k"}
01167{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":184,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569687260591,"flow_last_seen":1569687260620,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1569687260620,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.96.194","src_port":56921,"dst_port":4287,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"e3adec914f3893f18136762f1c0d7d81","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01539{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":186,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569687260591,"flow_last_seen":1569687260667,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1308,"flow_tot_l4_payload_len":1456,"flow_avg_l4_payload_len":242,"midstream":0,"thread_ts_msec":1569687260667,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.96.194","src_port":56921,"dst_port":4287,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"e3adec914f3893f18136762f1c0d7d81","ja3s":"e54965894d6b45ecb4323c7ea3d6c115","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=813845657003339838, O=Code42, OU=TEST, ST=MN, C=US","subjectDN":"CN=813845657003339838, O=Code42, OU=TEST, ST=MN, C=US","fingerprint":"86:2A:47:EF:00:68:79:60:7F:94:E2:91:6F:E0:38:82:37:8A:8E:2E"}}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":196,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687260751,"flow_last_seen":1569687260751,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1569687260751,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64972,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01173{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":184,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569687260591,"flow_last_seen":1569687260620,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"midstream":0,"thread_ts_msec":1569687260620,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.96.194","src_port":56921,"dst_port":4287,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"e3adec914f3893f18136762f1c0d7d81","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01544{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":186,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569687260591,"flow_last_seen":1569687260667,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1308,"flow_tot_l4_payload_len":1456,"midstream":0,"thread_ts_msec":1569687260667,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.96.194","src_port":56921,"dst_port":4287,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"e3adec914f3893f18136762f1c0d7d81","ja3s":"e54965894d6b45ecb4323c7ea3d6c115","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=813845657003339838, O=Code42, OU=TEST, ST=MN, C=US","subjectDN":"CN=813845657003339838, O=Code42, OU=TEST, ST=MN, C=US","fingerprint":"86:2A:47:EF:00:68:79:60:7F:94:E2:91:6F:E0:38:82:37:8A:8E:2E"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":196,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687260751,"flow_last_seen":1569687260751,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"midstream":0,"thread_ts_msec":1569687260751,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64972,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":196,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1569687260751,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"thread_ts_msec":1569687260751,"pkt":"LH6BsEqhNDY7z3UoCABFAABXLuMAAP8R6zkKAADjS0tLS\/3MADUAQ49kJ8YBAAABAAAAAAAAAmxiB19kbnMtc2QEX3VkcAEwAzEyOAIyOAMxNzIHaW4tYWRkcgRhcnBhAAAMAAE="}
00799{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":196,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687260751,"flow_last_seen":1569687260751,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1569687260751,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64972,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lb._dns-sd._udp.0.128.28.172.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":197,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687260751,"flow_last_seen":1569687260751,"flow_idle_time":200000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1569687260751,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61613,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00805{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":196,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687260751,"flow_last_seen":1569687260751,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"midstream":0,"thread_ts_msec":1569687260751,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64972,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lb._dns-sd._udp.0.128.28.172.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":197,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687260751,"flow_last_seen":1569687260751,"flow_idle_time":200000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"midstream":0,"thread_ts_msec":1569687260751,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61613,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":197,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1569687260751,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_msec":1569687260751,"pkt":"LH6BsEqhNDY7z3UoCABFAABT7b0AAP8RLGMKAADjS0tLS\/CtADUAP6A2wl8BAAABAAAAAAAAAmxiB19kbnMtc2QEX3VkcAEwATABMAIxMAdpbi1hZGRyBGFycGEAAAwAAQ=="}
00795{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":197,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687260751,"flow_last_seen":1569687260751,"flow_idle_time":200000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1569687260751,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61613,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lb._dns-sd._udp.0.0.0.10.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00801{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":197,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687260751,"flow_last_seen":1569687260751,"flow_idle_time":200000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"midstream":0,"thread_ts_msec":1569687260751,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61613,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lb._dns-sd._udp.0.0.0.10.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":198,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1569687260767,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"thread_ts_msec":1569687260767,"pkt":"NDY7z3UoLH6BsEqhCABFAABXAABAADoRnx1LS0tLCgAA4wA1\/cwAQw7hJ8aBgwABAAAAAAAAAmxiB19kbnMtc2QEX3VkcAEwAzEyOAIyOAMxNzIHaW4tYWRkcgRhcnBhAAAMAAE="}
00808{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":198,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687260751,"flow_last_seen":1569687260767,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":118,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1569687260767,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64972,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lb._dns-sd._udp.0.128.28.172.in-addr.arpa","num_queries":1,"num_answers":0,"reply_code":3,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00814{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":198,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569687260751,"flow_last_seen":1569687260767,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":118,"midstream":0,"thread_ts_msec":1569687260767,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64972,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lb._dns-sd._udp.0.128.28.172.in-addr.arpa","num_queries":1,"num_answers":0,"reply_code":3,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1569687260772,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_msec":1569687260772,"pkt":"NDY7z3UoLH6BsEqhCABFAABTAABAADoRnyFLS0tLCgAA4wA18K0APx+zwl+BgwABAAAAAAAAAmxiB19kbnMtc2QEX3VkcAEwATABMAIxMAdpbi1hZGRyBGFycGEAAAwAAQ=="}
00804{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":199,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687260751,"flow_last_seen":1569687260772,"flow_idle_time":200000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1569687260772,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61613,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lb._dns-sd._udp.0.0.0.10.in-addr.arpa","num_queries":1,"num_answers":0,"reply_code":3,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":204,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687261034,"flow_last_seen":1569687261034,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1569687261034,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57261,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00810{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":199,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569687260751,"flow_last_seen":1569687260772,"flow_idle_time":200000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":110,"midstream":0,"thread_ts_msec":1569687260772,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61613,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lb._dns-sd._udp.0.0.0.10.in-addr.arpa","num_queries":1,"num_answers":0,"reply_code":3,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":204,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687261034,"flow_last_seen":1569687261034,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"midstream":0,"thread_ts_msec":1569687261034,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57261,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":204,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1569687261034,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_msec":1569687261034,"pkt":"LH6BsEqhNDY7z3UoCABFAABPSYUAAP8R0J8KAADjS0tLS9+tADUAOxFSxpgBAAABAAAAAAAADnZjYWNyYXNocGxhbjAxAmhxBGNvcnAGdmlhc2F0A2NvbQAAAQAB"}
00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":204,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687261034,"flow_last_seen":1569687261034,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1569687261034,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57261,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vcacrashplan01.hq.corp.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":205,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687261035,"flow_last_seen":1569687261035,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1569687261035,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":52879,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00796{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":204,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687261034,"flow_last_seen":1569687261034,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"midstream":0,"thread_ts_msec":1569687261034,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57261,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vcacrashplan01.hq.corp.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":205,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687261035,"flow_last_seen":1569687261035,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"midstream":0,"thread_ts_msec":1569687261035,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":52879,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":205,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1569687261035,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_msec":1569687261035,"pkt":"LH6BsEqhNDY7z3UoCABFAABPv9YAAP8RWk4KAADjS0tLS86PADUAO9rj8yQBAAABAAAAAAAADnZjYWNyYXNocGxhbjAxAmhxBGNvcnAGdmlhc2F0A2NvbQAAHAAB"}
00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":205,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687261035,"flow_last_seen":1569687261035,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1569687261035,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":52879,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vcacrashplan01.hq.corp.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00797{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":205,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687261035,"flow_last_seen":1569687261035,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"midstream":0,"thread_ts_msec":1569687261035,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":52879,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vcacrashplan01.hq.corp.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00620{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":206,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1569687261050,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"thread_ts_msec":1569687261050,"pkt":"NDY7z3UoLH6BsEqhCABFAACgAABAADoRntRLS0tLCgAA4wA1360AjBq8xpiBgwABAAAAAQAADnZjYWNyYXNocGxhbjAxAmhxBGNvcnAGdmlhc2F0A2NvbQAAAQABwCMABgABAAACzwBFBm5zLTYzMglhd3NkbnMtMTUDbmV0ABFhd3NkbnMtaG9zdG1hc3RlcgZhbWF6b27AKgAAAAEAABwgAAADhAASdQAAAVGA"}
00800{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":206,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687261034,"flow_last_seen":1569687261050,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":183,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1569687261050,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57261,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vcacrashplan01.hq.corp.viasat.com","num_queries":1,"num_answers":1,"reply_code":3,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00806{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":206,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569687261034,"flow_last_seen":1569687261050,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":183,"midstream":0,"thread_ts_msec":1569687261050,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57261,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vcacrashplan01.hq.corp.viasat.com","num_queries":1,"num_answers":1,"reply_code":3,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00620{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":207,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":1569687261054,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"thread_ts_msec":1569687261054,"pkt":"NDY7z3UoLH6BsEqhCABFAACgAABAADoRntRLS0tLCgAA4wA1zo8AjF9N8ySBgwABAAAAAQAADnZjYWNyYXNocGxhbjAxAmhxBGNvcnAGdmlhc2F0A2NvbQAAHAABwCMABgABAAADVABFBm5zLTYzMglhd3NkbnMtMTUDbmV0ABFhd3NkbnMtaG9zdG1hc3RlcgZhbWF6b27AKgAAAAEAABwgAAADhAASdQAAAVGA"}
00801{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":207,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687261035,"flow_last_seen":1569687261054,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":183,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1569687261054,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":52879,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vcacrashplan01.hq.corp.viasat.com","num_queries":1,"num_answers":1,"reply_code":3,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00692{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":208,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1569687246981,"flow_last_seen":1569687261317,"flow_idle_time":200000,"flow_min_l4_payload_len":90,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":602,"flow_avg_l4_payload_len":120,"midstream":0,"thread_ts_msec":1569687261317,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_raop._tcp.local"}}
00703{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":209,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1569687246982,"flow_last_seen":1569687261318,"flow_idle_time":200000,"flow_min_l4_payload_len":90,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":602,"flow_avg_l4_payload_len":120,"midstream":0,"thread_ts_msec":1569687261318,"l3_proto":"ip6","src_ip":"fe80::408:3e45:3abc:1552","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_raop._tcp.local"}}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":223,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687261485,"flow_last_seen":1569687261485,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1569687261485,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59222,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00807{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":207,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569687261035,"flow_last_seen":1569687261054,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":183,"midstream":0,"thread_ts_msec":1569687261054,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":52879,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vcacrashplan01.hq.corp.viasat.com","num_queries":1,"num_answers":1,"reply_code":3,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00697{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":208,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1569687246981,"flow_last_seen":1569687261317,"flow_idle_time":200000,"flow_min_l4_payload_len":90,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":602,"midstream":0,"thread_ts_msec":1569687261317,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_raop._tcp.local"}}
00708{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":209,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1569687246982,"flow_last_seen":1569687261318,"flow_idle_time":200000,"flow_min_l4_payload_len":90,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":602,"midstream":0,"thread_ts_msec":1569687261318,"l3_proto":"ip6","src_ip":"fe80::408:3e45:3abc:1552","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_raop._tcp.local"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":223,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687261485,"flow_last_seen":1569687261485,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"midstream":0,"thread_ts_msec":1569687261485,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59222,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":223,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1569687261485,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_msec":1569687261485,"pkt":"LH6BsEqhNDY7z3UoCABFAABPCDAAAP8REfUKAADjS0tLS+dWADUAO8LFIuMBAAABAAAAAAAADUxQLVJLRVJVUi1PU1gEaHNkMQJjYQdjb21jYXN0A25ldAAAAQAB"}
00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":223,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687261485,"flow_last_seen":1569687261485,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1569687261485,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59222,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lp-rkerur-osx.hsd1.ca.comcast.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":224,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687261486,"flow_last_seen":1569687261486,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1569687261486,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57017,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00796{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":223,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687261485,"flow_last_seen":1569687261485,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"midstream":0,"thread_ts_msec":1569687261485,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59222,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lp-rkerur-osx.hsd1.ca.comcast.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":224,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687261486,"flow_last_seen":1569687261486,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"midstream":0,"thread_ts_msec":1569687261486,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57017,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":224,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1569687261486,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_msec":1569687261486,"pkt":"LH6BsEqhNDY7z3UoCABFAABPXz4AAP8RuuYKAADjS0tLS965ADUAO3SWXq8BAAABAAAAAAAADUxQLVJLRVJVUi1PU1gEaHNkMQJjYQdjb21jYXN0A25ldAAAHAAB"}
00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":224,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687261486,"flow_last_seen":1569687261486,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1569687261486,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57017,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lp-rkerur-osx.hsd1.ca.comcast.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00797{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":224,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687261486,"flow_last_seen":1569687261486,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"midstream":0,"thread_ts_msec":1569687261486,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57017,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lp-rkerur-osx.hsd1.ca.comcast.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":225,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1569687261501,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":145,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":145,"pkt_l4_len":111,"thread_ts_msec":1569687261501,"pkt":"NDY7z3UoLH6BsEqhCABFAACDAABAADoRnvFLS0tLCgAA4wA151YAb4gYIuOBgwABAAAAAQAADUxQLVJLRVJVUi1PU1gEaHNkMQJjYQdjb21jYXN0A25ldAAAAQABwBoABgABAAAcIAAoBmRuczEwMcAiCGRuc2FkbWluwCIBawJtAAAcIAAADhAACTqAAAAcIA=="}
00800{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":225,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687261485,"flow_last_seen":1569687261501,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":77,"midstream":0,"thread_ts_msec":1569687261501,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59222,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lp-rkerur-osx.hsd1.ca.comcast.net","num_queries":1,"num_answers":1,"reply_code":3,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00806{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":225,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569687261485,"flow_last_seen":1569687261501,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":154,"midstream":0,"thread_ts_msec":1569687261501,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59222,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lp-rkerur-osx.hsd1.ca.comcast.net","num_queries":1,"num_answers":1,"reply_code":3,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1569687261506,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":145,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":145,"pkt_l4_len":111,"thread_ts_msec":1569687261506,"pkt":"NDY7z3UoLH6BsEqhCABFAACDAABAADoRnvFLS0tLCgAA4wA13rkAbznpXq+BgwABAAAAAQAADUxQLVJLRVJVUi1PU1gEaHNkMQJjYQdjb21jYXN0A25ldAAAHAABwBoABgABAAAcIAAoBmRuczEwMcAiCGRuc2FkbWluwCIBawJtAAAcIAAADhAACTqAAAAcIA=="}
00801{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":226,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687261486,"flow_last_seen":1569687261506,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":77,"midstream":0,"thread_ts_msec":1569687261506,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57017,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lp-rkerur-osx.hsd1.ca.comcast.net","num_queries":1,"num_answers":1,"reply_code":3,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":256,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687262866,"flow_last_seen":1569687262866,"flow_idle_time":7580000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":1,"thread_ts_msec":1569687262866,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"162.222.43.153","src_port":56881,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00807{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":226,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569687261486,"flow_last_seen":1569687261506,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":154,"midstream":0,"thread_ts_msec":1569687261506,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57017,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lp-rkerur-osx.hsd1.ca.comcast.net","num_queries":1,"num_answers":1,"reply_code":3,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":256,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687262866,"flow_last_seen":1569687262866,"flow_idle_time":7580000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"midstream":1,"thread_ts_msec":1569687262866,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"162.222.43.153","src_port":56881,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1569687262866,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1569687262866,"pkt":"LH6BsEqhNDY7z3UoCABFAABEAABAAEAGYVoKAADjot4rmd4xAbu3QBvT9S8yS4AYEAD8CwAAAQEIChwNvkTkAuRNDi2ISqeLxJuBXTMcrWivnw=="}
00783{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":1569687262866,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":292,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":292,"pkt_l4_len":258,"thread_ts_msec":1569687262866,"pkt":"LH6BsEqhNDY7z3UoCABFAAEWAABAAEAGYIgKAADjot4rmd4xAbu3QBvj9S8yS4AYEACf4gAAAQEIChwNvkTkAuRNC2FzYPnyOhEIxzv9HgAAAQAAAAAABf0HAAAAAAAAAFYAAAAAABO4pgAAAfJ1AAAAGzdZOcQAAAAAAAAAAAAAAAAAAAAAAAAAAGwAAAAAEjynVwAAAAAACz6PAAAAAABmQ+JAyo3EgU6LQwAAAAAAAAAAAAAACK7duMsBAQAAAAELYXNg+fI6EQjHO\/0eAAABAAAAAAAF\/QcAAAAAAAAAVgAAAAAAE7imAAAB8nUAAAAbN1k5xAAAAAAAAAAAAAAAAAAAAAAAAAAAbAAAAAASPKdXAAAAAAALPo8AAAAAAAAAAQ=="}
00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":258,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_last_seen":1569687262866,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1569687262866,"pkt":"LH6BsEqhNDY7z3UoCABFAABEAABAAEAGYVoKAADjot4rmd4xAbu3QBzF9S8yS4AYEABLrAAAAQEIChwNvkTkAuRNchVP5mraMf5Tgny7zRbHZQ=="}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":298,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267035,"flow_last_seen":1569687267035,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569687267035,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56929,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":298,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687267035,"flow_last_seen":1569687267035,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569687267035,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56929,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1569687267035,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569687267035,"pkt":"LH6BsEqhNDY7z3UoCABFAABAAABAAEAGwVUKAADjCCVmW95hAbsGNnxMAAAAALAC\/\/9wfAAAAgQFtAEDAwUBAQgKHA3OcQAAAAAEAgAA"}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1569687267077,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1569687267077,"pkt":"NDY7z3UoLH6BsEqhCABFAAA47VEAAPcGXQsIJWZbCgAA4wG73mHOEwD1BjZ8TZASgABbLAAAAgQFtAEBCAo\/+a5OHA3OcQ=="}
00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":1569687267077,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687267077,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGwWEKAADjCCVmW95hAbsGNnxNzhMA9oAQ\/\/\/yvgAAAQEIChwNzpw\/+a5O"}
01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":301,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569687267035,"flow_last_seen":1569687267079,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":152,"flow_tot_l4_payload_len":152,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1569687267079,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56929,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"c9f0b47c9805f516e6d3900cb51f7841","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01200{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":303,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569687267035,"flow_last_seen":1569687267125,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1600,"flow_avg_l4_payload_len":266,"midstream":0,"thread_ts_msec":1569687267125,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56929,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"c9f0b47c9805f516e6d3900cb51f7841","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA"}}
01587{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":309,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1569687267035,"flow_last_seen":1569687267203,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5944,"flow_avg_l4_payload_len":495,"midstream":0,"thread_ts_msec":1569687267203,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56929,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","server_names":"*.pandion.viasat.com,pandion.viasat.com","ja3":"c9f0b47c9805f516e6d3900cb51f7841","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Entrust, Inc., OU=See www.entrust.net\/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K","subjectDN":"C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com","fingerprint":"92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA"}}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":343,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267453,"flow_last_seen":1569687267453,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687267453,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56865,"dst_port":8008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":301,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569687267035,"flow_last_seen":1569687267079,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":152,"flow_tot_l4_payload_len":152,"midstream":0,"thread_ts_msec":1569687267079,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56929,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"c9f0b47c9805f516e6d3900cb51f7841","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01205{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":303,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569687267035,"flow_last_seen":1569687267125,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1600,"midstream":0,"thread_ts_msec":1569687267125,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56929,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"c9f0b47c9805f516e6d3900cb51f7841","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA"}}
01591{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":309,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1569687267035,"flow_last_seen":1569687267203,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5944,"midstream":0,"thread_ts_msec":1569687267203,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56929,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","server_names":"*.pandion.viasat.com,pandion.viasat.com","ja3":"c9f0b47c9805f516e6d3900cb51f7841","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Entrust, Inc., OU=See www.entrust.net\/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K","subjectDN":"C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com","fingerprint":"92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA"}}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":343,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687267453,"flow_last_seen":1569687267453,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687267453,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56865,"dst_port":8008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1569687267453,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687267453,"pkt":"pHczjPFANDY7z3UoCABFAAA0AABAAEAGJU0KAADjCgAAld4hH0glPK3eiXsRe4AREAA75QAAAQEIChwN0AsAIb2q"}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":344,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267453,"flow_last_seen":1569687267453,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687267453,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56866,"dst_port":8060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":344,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687267453,"flow_last_seen":1569687267453,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687267453,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56866,"dst_port":8060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1569687267453,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687267453,"pkt":"2DE0IHf7NDY7z3UoCABFAAA0AABAAEAGJUsKAADjCgAAl94iH3wAQcGNmjQa94AREAAjsAAAAQEIChwN0AsGksZO"}
00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_last_seen":1569687267454,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687267454,"pkt":"NDY7z3UopHczjPFACABFAAA0sX1AAEAGc88KAACVCgAA4x9I3iGJexF7JTyt34ARAPMpJgAAAQEICgAh33UcDdAL"}
00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_last_seen":1569687267455,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687267455,"pkt":"pHczjPFANDY7z3UoCABFAAA0AABAAEAGJU0KAADjCgAAld4hH0glPK3fiXsRfIAQEAAaFwAAAQEIChwN0A0AId91"}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":347,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267477,"flow_last_seen":1569687267477,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1569687267477,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57253,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":347,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687267477,"flow_last_seen":1569687267477,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"midstream":0,"thread_ts_msec":1569687267477,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57253,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1569687267477,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_msec":1569687267477,"pkt":"LH6BsEqhNDY7z3UoCABFAAA5Pw0AAP8R2y0KAADjS0tLS9+lADUAJfklv50BAAABAAAAAAAAB21vemlsbGEDb3JnAAABAAE="}
00768{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":347,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267477,"flow_last_seen":1569687267477,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1569687267477,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57253,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"mozilla.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":348,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267481,"flow_last_seen":1569687267481,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1569687267481,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":62427,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":347,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687267477,"flow_last_seen":1569687267477,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"midstream":0,"thread_ts_msec":1569687267477,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57253,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"mozilla.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":348,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687267481,"flow_last_seen":1569687267481,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"midstream":0,"thread_ts_msec":1569687267481,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":62427,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":348,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1569687267481,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"thread_ts_msec":1569687267481,"pkt":"LH6BsEqhNDY7z3UoCABFAABG89oAAP8RJlMKAADjS0tLS\/PbADUAMlit7RYBAAABAAAAAAAADGRldGVjdHBvcnRhbAdmaXJlZm94A2NvbQAAAQAB"}
00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":348,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267481,"flow_last_seen":1569687267481,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1569687267481,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":62427,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"ConnCheck"},"dns": {"query":"detectportal.firefox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00874{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":349,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1569687249612,"flow_last_seen":1569687267482,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":61,"midstream":1,"thread_ts_msec":1569687267482,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56884,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"ConnCheck"},"http": {"hostname":"detectportal.firefox.com","url":"detectportal.firefox.com\/success.txt?ipv4","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10.13; rv:69.0) Gecko\/20100101 Firefox\/69.0"}}
00869{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":350,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1569687249612,"flow_last_seen":1569687267483,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":302,"flow_tot_l4_payload_len":302,"flow_avg_l4_payload_len":60,"midstream":1,"thread_ts_msec":1569687267483,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56917,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"ConnCheck"},"http": {"hostname":"detectportal.firefox.com","url":"detectportal.firefox.com\/success.txt","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10.13; rv:69.0) Gecko\/20100101 Firefox\/69.0"}}
00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":348,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687267481,"flow_last_seen":1569687267481,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"midstream":0,"thread_ts_msec":1569687267481,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":62427,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"ConnCheck"},"dns": {"query":"detectportal.firefox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00880{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":349,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1569687249612,"flow_last_seen":1569687267482,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"midstream":1,"thread_ts_msec":1569687267482,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56884,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"ConnCheck"},"http": {"hostname":"detectportal.firefox.com","url":"detectportal.firefox.com\/success.txt?ipv4","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10.13; rv:69.0) Gecko\/20100101 Firefox\/69.0"}}
00875{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":350,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1569687249612,"flow_last_seen":1569687267483,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":302,"flow_tot_l4_payload_len":302,"midstream":1,"thread_ts_msec":1569687267483,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56917,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"ConnCheck"},"http": {"hostname":"detectportal.firefox.com","url":"detectportal.firefox.com\/success.txt","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10.13; rv:69.0) Gecko\/20100101 Firefox\/69.0"}}
00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":353,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1569687267493,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"thread_ts_msec":1569687267493,"pkt":"NDY7z3UoLH6BsEqhCABFAABJAABAADoRnytLS0tLCgAA4wA136UANZKzv52BgAABAAEAAAAAB21vemlsbGEDb3JnAAABAAHADAABAAEAAAAaAAQ\/9dDD"}
00783{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":353,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687267477,"flow_last_seen":1569687267493,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":74,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1569687267493,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57253,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"mozilla.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"63.245.208.195"}}
00789{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":353,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569687267477,"flow_last_seen":1569687267493,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":74,"midstream":0,"thread_ts_msec":1569687267493,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57253,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"mozilla.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"63.245.208.195"}}
00712{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":354,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_last_seen":1569687267500,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":242,"pkt_l4_len":208,"thread_ts_msec":1569687267500,"pkt":"NDY7z3UoLH6BsEqhCABFAADkAABAADoRnpBLS0tLCgAA4wA189sA0PLn7RaBgAABAAUAAAAADGRldGVjdHBvcnRhbAdmaXJlZm94A2NvbQAAAQABwAwABQABAAAAIwAeDGRldGVjdHBvcnRhbARwcm9kBm1vemF3cwNuZXQAwDYABQABAAAADgAoDGRldGVjdHBvcnRhbAdmaXJlZm94BmNvbS12MgllZGdlc3VpdGXAT8BgAAUAAQAAUnoAFAVhMTA4OQRkc2NkBmFrYW1hacBPwJQAAQABAAAACQAEuBk4UsCUAAEAAQAAAAkABLgZODM="}
00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":354,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687267481,"flow_last_seen":1569687267500,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":242,"flow_avg_l4_payload_len":121,"midstream":0,"thread_ts_msec":1569687267500,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":62427,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"ConnCheck"},"dns": {"query":"detectportal.firefox.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"184.25.56.82"}}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":362,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267677,"flow_last_seen":1569687267677,"flow_idle_time":7580000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1569687267677,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.10.115.210","src_port":56879,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00804{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":354,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569687267481,"flow_last_seen":1569687267500,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":242,"midstream":0,"thread_ts_msec":1569687267500,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":62427,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"ConnCheck"},"dns": {"query":"detectportal.firefox.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"184.25.56.82"}}
00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":362,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687267677,"flow_last_seen":1569687267677,"flow_idle_time":7580000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":1,"thread_ts_msec":1569687267677,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.10.115.210","src_port":56879,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1569687267677,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1569687267677,"pkt":"LH6BsEqhNDY7z3UoCABFAABb+tIAAEAGzQsKAADjNApz0t4vAbv\/h0Qcal\/PeIAYEACaRQAAAQEIChwN0OQwQN34FwMDACIAAAAAAAAAAwpFwR2TiNxP0z\/UzUIiCJ75mBQ8ToLTjZaT"}
00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":362,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267677,"flow_last_seen":1569687267677,"flow_idle_time":7580000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1569687267677,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.10.115.210","src_port":56879,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":362,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687267677,"flow_last_seen":1569687267677,"flow_idle_time":7580000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":1,"thread_ts_msec":1569687267677,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.10.115.210","src_port":56879,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":363,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_last_seen":1569687267713,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"thread_ts_msec":1569687267713,"pkt":"NDY7z3UoLH6BsEqhCABFAABXHWRAAOsGv300CnPSCgAA4wG73i9qX894\/4dEQ4AYAHaKdwAAAQEICjBBJbkcDdDkFwMDAB60PFmzucBfQdusHvXD0\/WWAM1faNPMBMLPArfIzdE="}
00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":364,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_last_seen":1569687267713,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687267713,"pkt":"LH6BsEqhNDY7z3UoCABFAAA09sQAAEAG0UAKAADjNApz0t4vAbv\/h0RDal\/Pm4AQD\/4TQgAAAQEIChwN0QUwQSW5"}
00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":365,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":1569687267764,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687267764,"pkt":"2DE0IHf7NDY7z3UoCABFAAA0AABAAEAGJUsKAADjCgAAl94iH3wAQcGNmjQa94AREAAihAAAAQEIChwN0TcGksZO"}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":366,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267797,"flow_last_seen":1569687267797,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687267797,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"17.57.144.116","src_port":56886,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":366,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687267797,"flow_last_seen":1569687267797,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687267797,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"17.57.144.116","src_port":56886,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":366,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1569687267797,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687267797,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0xfMAAEAGCEEKAADjETmQdN42FGcxHLjbZd23sYAREACqlQAAAQEIChwN0VbVpVJo"}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":367,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267799,"flow_last_seen":1569687267799,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1569687267799,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":60341,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":367,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687267799,"flow_last_seen":1569687267799,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"midstream":0,"thread_ts_msec":1569687267799,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":60341,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":367,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1569687267799,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_msec":1569687267799,"pkt":"LH6BsEqhNDY7z3UoCABFAAA72BEAAP8RQicKAADjS0tLS+u1ADUAJxlWhe8BAAABAAAAAAAAA3d3dwVhcHBsZQNjb20AAAEAAQ=="}
00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":367,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267799,"flow_last_seen":1569687267799,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1569687267799,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":60341,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"www.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":368,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267799,"flow_last_seen":1569687267799,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1569687267799,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51060,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00772{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":367,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687267799,"flow_last_seen":1569687267799,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"midstream":0,"thread_ts_msec":1569687267799,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":60341,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"www.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":368,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687267799,"flow_last_seen":1569687267799,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"midstream":0,"thread_ts_msec":1569687267799,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51060,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":368,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1569687267799,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"thread_ts_msec":1569687267799,"pkt":"LH6BsEqhNDY7z3UoCABFAABGM9oAAP8R5lMKAADjS0tLS8d0ADUAMjjn9V4BAAABAAAAAAAACTEtY291cmllcgRwdXNoBWFwcGxlA2NvbQAAAQAB"}
00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":368,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267799,"flow_last_seen":1569687267799,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1569687267799,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51060,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"1-courier.push.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":369,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267800,"flow_last_seen":1569687267800,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1569687267800,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59582,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00795{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":368,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687267799,"flow_last_seen":1569687267799,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"midstream":0,"thread_ts_msec":1569687267799,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51060,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"1-courier.push.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":369,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687267800,"flow_last_seen":1569687267800,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"midstream":0,"thread_ts_msec":1569687267800,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59582,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":369,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1569687267800,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1569687267800,"pkt":"LH6BsEqhNDY7z3UoCABFAABOdGcAAP8Rpb4KAADjS0tLS+i+ADUAOr+fEJABAAABAAAAAAAACTEtY291cmllcgdzYW5kYm94BHB1c2gFYXBwbGUDY29tAAABAAE="}
00797{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":369,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267800,"flow_last_seen":1569687267800,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1569687267800,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59582,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"1-courier.sandbox.push.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":371,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267805,"flow_last_seen":1569687267805,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1569687267805,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64193,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00803{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":369,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687267800,"flow_last_seen":1569687267800,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"midstream":0,"thread_ts_msec":1569687267800,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59582,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"1-courier.sandbox.push.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":371,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687267805,"flow_last_seen":1569687267805,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"midstream":0,"thread_ts_msec":1569687267805,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64193,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":371,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_last_seen":1569687267805,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_msec":1569687267805,"pkt":"LH6BsEqhNDY7z3UoCABFAABHoW4AAP8ReL4KAADjS0tLS\/rBADUAMyCpE94BAAABAAAAAAAACjI0LWNvdXJpZXIEcHVzaAVhcHBsZQNjb20AAAEAAQ=="}
00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":371,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267805,"flow_last_seen":1569687267805,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1569687267805,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64193,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"24-courier.push.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":372,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267812,"flow_last_seen":1569687267812,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1569687267812,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51990,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00796{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":371,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687267805,"flow_last_seen":1569687267805,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"midstream":0,"thread_ts_msec":1569687267805,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64193,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"24-courier.push.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":372,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687267812,"flow_last_seen":1569687267812,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"midstream":0,"thread_ts_msec":1569687267812,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51990,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":372,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1569687267812,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_msec":1569687267812,"pkt":"LH6BsEqhNDY7z3UoCABFAAA9PxQAAP8R2yIKAADjS0tLS8sWADUAKZk5eJ4BAAABAAAAAAAABG1haWwGdmlhc2F0A2NvbQAAAQAB"}
00772{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":372,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267812,"flow_last_seen":1569687267812,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1569687267812,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51990,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"mail.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00778{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":372,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687267812,"flow_last_seen":1569687267812,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"midstream":0,"thread_ts_msec":1569687267812,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51990,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"mail.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00688{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":373,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_last_seen":1569687267814,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"thread_ts_msec":1569687267814,"pkt":"NDY7z3UoLH6BsEqhCABFAADSAABAADoRnqJLS0tLCgAA4wA167UAvhHNhe+BgAABAAQAAAAAA3d3dwVhcHBsZQNjb20AAAEAAcAMAAUAAQAABRUAGwN3d3cFYXBwbGUDY29tB2VkZ2VrZXkDbmV0AMArAAUAAQAAFoEALwN3d3cFYXBwbGUDY29tB2VkZ2VrZXkDbmV0C2dsb2JhbHJlZGlyBmFrYWRuc8BBwFIABQABAAAE7QAZBWU2ODU4BWRzY2U5CmFrYW1haWVkZ2XAQcCNAAEAAQAAAAcABLgbc6E="}
00784{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":373,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687267799,"flow_last_seen":1569687267814,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":106,"midstream":0,"thread_ts_msec":1569687267814,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":60341,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"www.apple.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"184.27.115.161"}}
00789{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":373,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569687267799,"flow_last_seen":1569687267814,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":213,"midstream":0,"thread_ts_msec":1569687267814,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":60341,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"www.apple.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"184.27.115.161"}}
00820{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":375,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":1569687267818,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":323,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":323,"pkt_l4_len":289,"thread_ts_msec":1569687267818,"pkt":"NDY7z3UoLH6BsEqhCABFAAE1AABAADoRnj9LS0tLCgAA4wA16L4BIf0XEJCBgAABAAoAAAAACTEtY291cmllcgdzYW5kYm94BHB1c2gFYXBwbGUDY29tAAABAAHADAAFAAEAAElSAC0BMRpjb3VyaWVyLXNhbmRib3gtcHVzaC1hcHBsZQNjb20GYWthZG5zA25ldADAPgAFAAEAAACOACIUdXMtc2FuZGJveC1jb3VyaWVyLTQKcHVzaC1hcHBsZcBbwHcAAQABAAAALgAEEbyKR8B3AAEAAQAAAC4ABBG8hEjAdwABAAEAAAAuAAQRvIbKwHcAAQABAAAALgAEEbyKSMB3AAEAAQAAAC4ABBG8iLrAdwABAAEAAAAuAAQRvIU9wHcAAQABAAAALgAEEbyHusB3AAEAAQAAAC4ABBG8ikY="}
00815{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":375,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687267800,"flow_last_seen":1569687267818,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":331,"flow_avg_l4_payload_len":165,"midstream":0,"thread_ts_msec":1569687267818,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59582,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"1-courier.sandbox.push.apple.com","num_queries":1,"num_answers":10,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.188.138.71"}}
00820{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":375,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569687267800,"flow_last_seen":1569687267818,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":331,"midstream":0,"thread_ts_msec":1569687267818,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59582,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"1-courier.sandbox.push.apple.com","num_queries":1,"num_answers":10,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.188.138.71"}}
00644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":377,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":1569687267819,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":190,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":190,"pkt_l4_len":156,"thread_ts_msec":1569687267819,"pkt":"NDY7z3UoLH6BsEqhCABFAACwAABAADoRnsRLS0tLCgAA4wA1x3QAnFOt9V6BgAABAAMAAAAACTEtY291cmllcgRwdXNoBWFwcGxlA2NvbQAAAQABwAwABQABAAAYQwAlATESY291cmllci1wdXNoLWFwcGxlA2NvbQZha2FkbnMDbmV0AMA2AAUAAQAAABcAHQ91cy1zdy1jb3VyaWVyLTQKcHVzaC1hcHBsZcBLwGcAAQABAAAAFwAEETmQdA=="}
00805{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":377,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687267799,"flow_last_seen":1569687267819,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1569687267819,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51060,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"1-courier.push.apple.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.57.144.116"}}
00811{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":377,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569687267799,"flow_last_seen":1569687267819,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":190,"midstream":0,"thread_ts_msec":1569687267819,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51060,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"1-courier.push.apple.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.57.144.116"}}
00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":378,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_last_seen":1569687267820,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_msec":1569687267820,"pkt":"NDY7z3UoLH6BsEqhCABFAABp+WRAADUGn5oROZB0CgAA4xRn3jZl3bexMRy43IAYARnThAAAAQEICtWmYt0cDdFWFQMDADDYQSIj3jkYV2ViIYpeEoheM2HYhDINcbYvi9M0lKa7pHKjHCudSoLIJkInalaEjXI="}
00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":378,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687267797,"flow_last_seen":1569687267820,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":26,"midstream":1,"thread_ts_msec":1569687267820,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"17.57.144.116","src_port":56886,"dst_port":5223,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":378,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569687267797,"flow_last_seen":1569687267820,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"midstream":1,"thread_ts_msec":1569687267820,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"17.57.144.116","src_port":56886,"dst_port":5223,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":379,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":3,"flow_last_seen":1569687267820,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1569687267820,"pkt":"LH6BsEqhNDY7z3UoCABFAAAoAABAAEAGjkAKAADjETmQdN42FGcxHLjcAAAAAFAEAAAmugAA"}
00644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":382,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_last_seen":1569687267824,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"thread_ts_msec":1569687267824,"pkt":"NDY7z3UoLH6BsEqhCABFAACyAABAADoRnsJLS0tLCgAA4wA1+sEAnlIeE96BgAABAAMAAAAACjI0LWNvdXJpZXIEcHVzaAVhcHBsZQNjb20AAAEAAcAMAAUAAQAASVMAJgIyNBJjb3VyaWVyLXB1c2gtYXBwbGUDY29tBmFrYWRucwNuZXQAwDcABQABAAAAGwAdD3VzLXN3LWNvdXJpZXItNApwdXNoLWFwcGxlwE3AaQABAAEAAAAuAAQROZAU"}
00805{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":382,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687267805,"flow_last_seen":1569687267824,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1569687267824,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64193,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"24-courier.push.apple.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.57.144.20"}}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":383,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267831,"flow_last_seen":1569687267831,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1569687267831,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":49781,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00811{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":382,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569687267805,"flow_last_seen":1569687267824,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":193,"midstream":0,"thread_ts_msec":1569687267824,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64193,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"24-courier.push.apple.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.57.144.20"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":383,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687267831,"flow_last_seen":1569687267831,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"midstream":0,"thread_ts_msec":1569687267831,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":49781,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":383,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1569687267831,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_msec":1569687267831,"pkt":"LH6BsEqhNDY7z3UoCABFAAA3jBMAAP8RjikKAADjS0tLS8J1ADUAI5qcqN8BAAABAAAAAAAABWFwcGxlA2NvbQAAAQAB"}
00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":383,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267831,"flow_last_seen":1569687267831,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1569687267831,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":49781,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":384,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267841,"flow_last_seen":1569687267841,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687267841,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.103.196","src_port":56871,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00772{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":383,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687267831,"flow_last_seen":1569687267831,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"midstream":0,"thread_ts_msec":1569687267831,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":49781,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":384,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687267841,"flow_last_seen":1569687267841,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687267841,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.103.196","src_port":56871,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":384,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1569687267841,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687267841,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0KKIAAEAG11YKAADjCCVnxN4nAbsMJdDwho1uAoAR\/\/8iBAAAAQEIChwN0X94psIw"}
00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":385,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_last_seen":1569687267847,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"thread_ts_msec":1569687267847,"pkt":"NDY7z3UoLH6BsEqhCABFAABnAABAADoRnw1LS0tLCgAA4wA1wnUAU2BUqN+BgAABAAMAAAAABWFwcGxlA2NvbQAAAQABwAwAAQABAAAE+gAEEbJgO8AMAAEAAQAABPoABBGOoDvADAABAAEAAAT6AAQRrOAv"}
00780{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":385,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687267831,"flow_last_seen":1569687267847,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1569687267847,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":49781,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"apple.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.178.96.59"}}
00786{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":385,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569687267831,"flow_last_seen":1569687267847,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":102,"midstream":0,"thread_ts_msec":1569687267847,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":49781,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"apple.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.178.96.59"}}
00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":386,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_last_seen":1569687267847,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"thread_ts_msec":1569687267847,"pkt":"NDY7z3UoLH6BsEqhCABFAABNAABAADoRnydLS0tLCgAA4wA1yxYAOeBneJ6BgAABAAEAAAAABG1haWwGdmlhc2F0A2NvbQAAAQABwAwAAQABAAAAPAAECCVnxA=="}
00785{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":386,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687267812,"flow_last_seen":1569687267847,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":82,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1569687267847,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51990,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"mail.viasat.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"8.37.103.196"}}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":387,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267851,"flow_last_seen":1569687267851,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1569687267851,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":58074,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00791{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":386,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569687267812,"flow_last_seen":1569687267847,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":82,"midstream":0,"thread_ts_msec":1569687267847,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51990,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"mail.viasat.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"8.37.103.196"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":387,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687267851,"flow_last_seen":1569687267851,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"midstream":0,"thread_ts_msec":1569687267851,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":58074,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":387,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_last_seen":1569687267851,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_msec":1569687267851,"pkt":"LH6BsEqhNDY7z3UoCABFAAA9LvsAAP8R6zsKAADjS0tLS+LaADUAKWM2zl4BAAABAAAAAAAAA3d3dwdvdXRsb29rA2NvbQAAAQAB"}
00772{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":387,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267851,"flow_last_seen":1569687267851,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1569687267851,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":58074,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"www.outlook.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00778{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":387,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687267851,"flow_last_seen":1569687267851,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"midstream":0,"thread_ts_msec":1569687267851,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":58074,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"www.outlook.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00696{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":388,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_last_seen":1569687267865,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"thread_ts_msec":1569687267865,"pkt":"NDY7z3UoLH6BsEqhCABFAADYAABAADoRnpxLS0tLCgAA4wA14toAxJ5uzl6BgAABAAcAAAAAA3d3dwdvdXRsb29rA2NvbQAAAQABwAwABQABAAAAzQAUB291dGxvb2sJb2ZmaWNlMzY1wBjALQAFAAEAAABWABkHb3V0bG9vawdtcy1hY2RjBm9mZmljZcAYwE0ABQABAAAHZQAKB3NqYy1lZnrAVcByAAEAAQAAADAABChh3iLAcgABAAEAAAAwAAQ0YAOCwHIAAQABAAAAMAAEKGHdcsByAAEAAQAAADAABDRgEgI="}
00788{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":388,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687267851,"flow_last_seen":1569687267865,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":221,"flow_avg_l4_payload_len":110,"midstream":0,"thread_ts_msec":1569687267865,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":58074,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"www.outlook.com","num_queries":1,"num_answers":7,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"40.97.222.34"}}
00793{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":388,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569687267851,"flow_last_seen":1569687267865,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":221,"midstream":0,"thread_ts_msec":1569687267865,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":58074,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"www.outlook.com","num_queries":1,"num_answers":7,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"40.97.222.34"}}
00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":389,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_last_seen":1569687267881,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687267881,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0KOdAAPMG5BAIJWfECgAA4wG73ieGjW4CDCXQ8YAQTdZYOgAAAQEICninPiMcDdF\/"}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":390,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267988,"flow_last_seen":1569687267988,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687267988,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"74.125.197.188","src_port":56874,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":390,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687267988,"flow_last_seen":1569687267988,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687267988,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"74.125.197.188","src_port":56874,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":390,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_last_seen":1569687267988,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687267988,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0c9UAAEAG69IKAADjSn3FvN4qAbvQnkCVU\/eYD4AREABMcgAAAQEIChwN0hGhDZLg"}
00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":391,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267991,"flow_last_seen":1569687267991,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":1569687267991,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"239.255.255.250","src_port":61328,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":391,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687267991,"flow_last_seen":1569687267991,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"midstream":0,"thread_ts_msec":1569687267991,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"239.255.255.250","src_port":61328,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00681{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":391,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_last_seen":1569687267991,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":1569687267991,"pkt":"AQBef\/\/6NDY7z3UoCABFAADKY+gAAAERWl4KAADj7\/\/\/+u+QB2wAtlB4TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KVVNFUi1BR0VOVDogR29vZ2xlIENocm9tZS83Ny4wLjM4NjUuOTAgTWFjIE9TIFgNCg0K"}
00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":391,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267991,"flow_last_seen":1569687267991,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":1569687267991,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"239.255.255.250","src_port":61328,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
00656{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":391,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687267991,"flow_last_seen":1569687267991,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"midstream":0,"thread_ts_msec":1569687267991,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"239.255.255.250","src_port":61328,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":392,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_last_seen":1569687268026,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687268026,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0lz4AAGoGnmlKfcW8CgAA4wG73ipT95gP0J5AloAQAP3kSQAAAQEICqEOCgscDdIR"}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":397,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687268077,"flow_last_seen":1569687268077,"flow_idle_time":200000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"thread_ts_msec":1569687268077,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":38616,"dst_port":61328,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":397,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687268077,"flow_last_seen":1569687268077,"flow_idle_time":200000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"midstream":0,"thread_ts_msec":1569687268077,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":38616,"dst_port":61328,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01132{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":397,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_last_seen":1569687268077,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":556,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":556,"pkt_l4_len":522,"thread_ts_msec":1569687268077,"pkt":"NDY7z3UopHczjPFACABFAAIeAABAAEARI1gKAACVCgAA45bY75ACCk+7SFRUUC8xLjEgMjAwIE9LDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTE4MDANCkRBVEU6IFNhdCwgMjggU2VwIDIwMTkgMTY6MTQ6MjggR01UDQpFWFQ6DQpMT0NBVElPTjogaHR0cDovLzEwLjAuMC4xNDk6ODAwOC9zc2RwL2RldmljZS1kZXNjLnhtbA0KT1BUOiAiaHR0cDovL3NjaGVtYXMudXBucC5vcmcvdXBucC8xLzAvIjsgbnM9MDENCjAxLU5MUzogYjNiMTBmNmEtMWRkMS0xMWIyLWI3NDAtYWU5NDc5MzlkMzA4DQpTRVJWRVI6IExpbnV4LzMuOC4xMyssIFVQblAvMS4wLCBQb3J0YWJsZSBTREsgZm9yIFVQblAgZGV2aWNlcy8xLjYuMTgNClgtVXNlci1BZ2VudDogcmVkc29uaWMNClNUOiB1cm46ZGlhbC1tdWx0aXNjcmVlbi1vcmc6c2VydmljZTpkaWFsOjENClVTTjogdXVpZDo3OWQ4OGU4My03MjVjLWI3MWItYmFkMC01ODYyZDViMjIzODY6OnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KQk9PVElELlVQTlAuT1JHOiA0NzINCkNPTkZJR0lELlVQTlAuT1JHOiAxDQoNCg=="}
00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":397,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687268077,"flow_last_seen":1569687268077,"flow_idle_time":200000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"thread_ts_msec":1569687268077,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":38616,"dst_port":61328,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":397,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687268077,"flow_last_seen":1569687268077,"flow_idle_time":200000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"midstream":0,"thread_ts_msec":1569687268077,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":38616,"dst_port":61328,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":403,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_last_seen":1569687268176,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687268176,"pkt":"2DE0IHf7NDY7z3UoCABFAAA0AABAAEAGJUsKAADjCgAAl94iH3wAQcGNmjQa94AREAAg9AAAAQEIChwN0scGksZO"}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":411,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687268376,"flow_last_seen":1569687268376,"flow_idle_time":200000,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":0,"thread_ts_msec":1569687268376,"l3_proto":"ip4","src_ip":"10.0.0.151","dst_ip":"10.0.0.227","src_port":1900,"dst_port":61328,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":411,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687268376,"flow_last_seen":1569687268376,"flow_idle_time":200000,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"midstream":0,"thread_ts_msec":1569687268376,"l3_proto":"ip4","src_ip":"10.0.0.151","dst_ip":"10.0.0.227","src_port":1900,"dst_port":61328,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00860{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":411,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_last_seen":1569687268376,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":353,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":353,"pkt_l4_len":319,"thread_ts_msec":1569687268376,"pkt":"NDY7z3Uo2DE0IHf7CABFAAFTj5RAAEARlIwKAACXCgAA4wds75ABPzXfSFRUUC8xLjEgMjAwIE9LDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTM2MDANClNUOiB1cm46ZGlhbC1tdWx0aXNjcmVlbi1vcmc6c2VydmljZTpkaWFsOjENClVTTjogdXVpZDoyOTVjMDAwNC02ODA3LTEwNmQtODBjZi1kODMxMzQyMDc3ZmI6OnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KRXh0OiANClNlcnZlcjogUm9rdSBVUG5QLzEuMCBSb2t1LzkuMS4wDQpMT0NBVElPTjogaHR0cDovLzEwLjAuMC4xNTE6ODA2MC9kaWFsL2RkLnhtbA0KV0FLRVVQOiBNQUM9ZDg6MzE6MzQ6MjA6Nzc6ZmI7VGltZW91dD0xMA0KDQo="}
00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":411,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687268376,"flow_last_seen":1569687268376,"flow_idle_time":200000,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":0,"thread_ts_msec":1569687268376,"l3_proto":"ip4","src_ip":"10.0.0.151","dst_ip":"10.0.0.227","src_port":1900,"dst_port":61328,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":412,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687268559,"flow_last_seen":1569687268559,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":1569687268559,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"239.255.255.250","src_port":57547,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":411,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687268376,"flow_last_seen":1569687268376,"flow_idle_time":200000,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"midstream":0,"thread_ts_msec":1569687268376,"l3_proto":"ip4","src_ip":"10.0.0.151","dst_ip":"10.0.0.227","src_port":1900,"dst_port":61328,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":412,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687268559,"flow_last_seen":1569687268559,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"midstream":0,"thread_ts_msec":1569687268559,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"239.255.255.250","src_port":57547,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00681{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":412,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_last_seen":1569687268559,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":1569687268559,"pkt":"AQBef\/\/6NDY7z3UoCABFAADKeUwAAAERRPoKAADj7\/\/\/+uDLB2wAtl89TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KVVNFUi1BR0VOVDogR29vZ2xlIENocm9tZS83Ny4wLjM4NjUuOTAgTWFjIE9TIFgNCg0K"}
00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":412,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687268559,"flow_last_seen":1569687268559,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":1569687268559,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"239.255.255.250","src_port":57547,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":413,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687268746,"flow_last_seen":1569687268746,"flow_idle_time":200000,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":99,"flow_avg_l4_payload_len":99,"midstream":0,"thread_ts_msec":1569687268746,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":54107,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00656{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":412,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687268559,"flow_last_seen":1569687268559,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"midstream":0,"thread_ts_msec":1569687268559,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"239.255.255.250","src_port":57547,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":413,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687268746,"flow_last_seen":1569687268746,"flow_idle_time":200000,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":99,"midstream":0,"thread_ts_msec":1569687268746,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":54107,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":413,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_last_seen":1569687268746,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"thread_ts_msec":1569687268746,"pkt":"LH6BsEqhNDY7z3UoCABFAAB\/CAgAAEAR+QMKAADjCCVmW9NbAbsAa+4DFgEAAAAAAAAAAAAAVgEAAEoAAAAAAAAASgEA7YnEaZ6hZImmhCHr0JUfCBctWVvywlB71JRnxl7mI4ogm7BxyKgEQGFPg0eizi7+AVQMevU74i4erAc5hyngJu8AAAIAOQEA"}
00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":413,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687268746,"flow_last_seen":1569687268746,"flow_idle_time":200000,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":99,"flow_avg_l4_payload_len":99,"midstream":0,"thread_ts_msec":1569687268746,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":54107,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"DTLS","breed":"Safe","category":"Web"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":415,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687268747,"flow_last_seen":1569687268747,"flow_idle_time":200000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"thread_ts_msec":1569687268747,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":50081,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":413,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687268746,"flow_last_seen":1569687268746,"flow_idle_time":200000,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":99,"midstream":0,"thread_ts_msec":1569687268746,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":54107,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"DTLS","breed":"Safe","category":"Web"}}
00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":415,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687268747,"flow_last_seen":1569687268747,"flow_idle_time":200000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"midstream":0,"thread_ts_msec":1569687268747,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":50081,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01132{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":415,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_last_seen":1569687268747,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":556,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":556,"pkt_l4_len":522,"thread_ts_msec":1569687268747,"pkt":"NDY7z3UopHczjPFACABFAAIeAABAAEARI1gKAACVCgAA48Oh4MsCCjG3SFRUUC8xLjEgMjAwIE9LDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTE4MDANCkRBVEU6IFNhdCwgMjggU2VwIDIwMTkgMTY6MTQ6MjggR01UDQpFWFQ6DQpMT0NBVElPTjogaHR0cDovLzEwLjAuMC4xNDk6ODAwOC9zc2RwL2RldmljZS1kZXNjLnhtbA0KT1BUOiAiaHR0cDovL3NjaGVtYXMudXBucC5vcmcvdXBucC8xLzAvIjsgbnM9MDENCjAxLU5MUzogYjNiMTBmNmEtMWRkMS0xMWIyLWI3NDAtYWU5NDc5MzlkMzA4DQpTRVJWRVI6IExpbnV4LzMuOC4xMyssIFVQblAvMS4wLCBQb3J0YWJsZSBTREsgZm9yIFVQblAgZGV2aWNlcy8xLjYuMTgNClgtVXNlci1BZ2VudDogcmVkc29uaWMNClNUOiB1cm46ZGlhbC1tdWx0aXNjcmVlbi1vcmc6c2VydmljZTpkaWFsOjENClVTTjogdXVpZDo3OWQ4OGU4My03MjVjLWI3MWItYmFkMC01ODYyZDViMjIzODY6OnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KQk9PVElELlVQTlAuT1JHOiA0NzINCkNPTkZJR0lELlVQTlAuT1JHOiAxDQoNCg=="}
00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":415,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687268747,"flow_last_seen":1569687268747,"flow_idle_time":200000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"thread_ts_msec":1569687268747,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":50081,"dst_port":57547,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":415,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687268747,"flow_last_seen":1569687268747,"flow_idle_time":200000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"midstream":0,"thread_ts_msec":1569687268747,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":50081,"dst_port":57547,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":439,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_last_seen":1569687268789,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1569687268789,"pkt":"NDY7z3UoLH6BsEqhCABFAABMkFUAAPcRuegIJWZbCgAA4wG701sAOF8pFgEAAAAAAAAAAAAAIwMAABcAAAAAAAAAFwEAFGKRvPEadu7FYjYhjKxM1MN8EkEd"}
00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":3,"flow_last_seen":1569687268790,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":161,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":161,"pkt_l4_len":127,"thread_ts_msec":1569687268790,"pkt":"LH6BsEqhNDY7z3UoCABFAACTQPwAAEARv\/sKAADjCCVmW9NbAbsAf9nwFgEAAAAAAAAAAAEAagEAAF4AAQAAAAAAXgEA7YnEaZ6hZImmhCHr0JUfCBctWVvywlB71JRnxl7mI4ogm7BxyKgEQGFPg0eizi7+AVQMevU74i4erAc5hyngJu8UYpG88Rp27sViNiGMrEzUw3wSQR0AAgA5AQA="}
00775{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":465,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569687268746,"flow_last_seen":1569687268836,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":454,"flow_avg_l4_payload_len":113,"midstream":0,"thread_ts_msec":1569687268836,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":54107,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"DTLS","breed":"Safe","category":"Web"}}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":519,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687269094,"flow_last_seen":1569687269094,"flow_idle_time":200000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1569687269094,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.1","src_port":52595,"dst_port":192,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00780{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":465,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1569687268746,"flow_last_seen":1569687268836,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":454,"midstream":0,"thread_ts_msec":1569687268836,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":54107,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"DTLS","breed":"Safe","category":"Web"}}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":519,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687269094,"flow_last_seen":1569687269094,"flow_idle_time":200000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"midstream":0,"thread_ts_msec":1569687269094,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.1","src_port":52595,"dst_port":192,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":519,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_last_seen":1569687269094,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_msec":1569687269094,"pkt":"LH6BsEqhNDY7z3UoCABFAAAg7WwAAEAReH0KAADjCgAAAc1zAMAADBGuCAEDEA=="}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":578,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687269223,"flow_last_seen":1569687269223,"flow_idle_time":200000,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":0,"thread_ts_msec":1569687269223,"l3_proto":"ip4","src_ip":"10.0.0.151","dst_ip":"10.0.0.227","src_port":1900,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":578,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687269223,"flow_last_seen":1569687269223,"flow_idle_time":200000,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"midstream":0,"thread_ts_msec":1569687269223,"l3_proto":"ip4","src_ip":"10.0.0.151","dst_ip":"10.0.0.227","src_port":1900,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00860{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":578,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_last_seen":1569687269223,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":353,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":353,"pkt_l4_len":319,"thread_ts_msec":1569687269223,"pkt":"NDY7z3Uo2DE0IHf7CABFAAFTj6FAAEARlH8KAACXCgAA4wds4MsBP0SkSFRUUC8xLjEgMjAwIE9LDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTM2MDANClNUOiB1cm46ZGlhbC1tdWx0aXNjcmVlbi1vcmc6c2VydmljZTpkaWFsOjENClVTTjogdXVpZDoyOTVjMDAwNC02ODA3LTEwNmQtODBjZi1kODMxMzQyMDc3ZmI6OnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KRXh0OiANClNlcnZlcjogUm9rdSBVUG5QLzEuMCBSb2t1LzkuMS4wDQpMT0NBVElPTjogaHR0cDovLzEwLjAuMC4xNTE6ODA2MC9kaWFsL2RkLnhtbA0KV0FLRVVQOiBNQUM9ZDg6MzE6MzQ6MjA6Nzc6ZmI7VGltZW91dD0xMA0KDQo="}
00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":578,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687269223,"flow_last_seen":1569687269223,"flow_idle_time":200000,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":0,"thread_ts_msec":1569687269223,"l3_proto":"ip4","src_ip":"10.0.0.151","dst_ip":"10.0.0.227","src_port":1900,"dst_port":57547,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":578,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687269223,"flow_last_seen":1569687269223,"flow_idle_time":200000,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"midstream":0,"thread_ts_msec":1569687269223,"l3_proto":"ip4","src_ip":"10.0.0.151","dst_ip":"10.0.0.227","src_port":1900,"dst_port":57547,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
00681{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":678,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_last_seen":1569687269559,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":1569687269559,"pkt":"AQBef\/\/6NDY7z3UoCABFAADKtRAAAAERCTYKAADj7\/\/\/+uDLB2wAtl89TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KVVNFUi1BR0VOVDogR29vZ2xlIENocm9tZS83Ny4wLjM4NjUuOTAgTWFjIE9TIFgNCg0K"}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":680,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687269561,"flow_last_seen":1569687269561,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569687269561,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56954,"dst_port":8008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":680,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687269561,"flow_last_seen":1569687269561,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569687269561,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56954,"dst_port":8008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":680,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_last_seen":1569687269561,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569687269561,"pkt":"pHczjPFANDY7z3UoCABFAABAAABAAEAGJUEKAADjCgAAld56H0gqQcOaAAAAALAC\/\/9B2AAAAgQFtAEDAwUBAQgKHA3YAQAAAAAEAgAA"}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":681,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687269562,"flow_last_seen":1569687269562,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569687269562,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56955,"dst_port":8060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":681,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687269562,"flow_last_seen":1569687269562,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569687269562,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56955,"dst_port":8060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":681,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_last_seen":1569687269562,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569687269562,"pkt":"2DE0IHf7NDY7z3UoCABFAABAAABAAEAGJT8KAADjCgAAl957H3yCfYpEAAAAALAC\/\/8iuwAAAgQFtAEDAwUBAQgKHA3YAQAAAAAEAgAA"}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":682,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":2,"flow_last_seen":1569687269563,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1569687269563,"pkt":"NDY7z3UopHczjPFACABFAAA8AABAAEAGJUUKAACVCgAA4x9I3np8gG11KkHDm6ASOJBP2wAAAgQFtAQCCAoAIeBIHA3YAQEDAwY="}
00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":683,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":3,"flow_last_seen":1569687269563,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687269563,"pkt":"pHczjPFANDY7z3UoCABFAAA0AABAAEAGJU0KAADjCgAAld56H0gqQcObfIBtdoAQEBWnIAAAAQEIChwN2AIAIeBI"}
00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":684,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569687269561,"flow_last_seen":1569687269563,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":251,"flow_tot_l4_payload_len":251,"flow_avg_l4_payload_len":62,"midstream":0,"thread_ts_msec":1569687269563,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56954,"dst_port":8008,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"CiscoVPN.HTTP","breed":"Acceptable","category":"Web"}}
00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":684,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569687269561,"flow_last_seen":1569687269563,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":251,"flow_tot_l4_payload_len":251,"midstream":0,"thread_ts_msec":1569687269563,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56954,"dst_port":8008,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"CiscoVPN.HTTP","breed":"Acceptable","category":"Web"}}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":686,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":2,"flow_last_seen":1569687269567,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1569687269567,"pkt":"NDY7z3Uo2DE0IHf7CABFAAA8AABAAEAGJUMKAACXCgAA4x983nsgu1W7gn2KRaASqbA3ZQAAAgQFtAQCCAoGktWOHA3YAQEDAwc="}
00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":687,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":3,"flow_last_seen":1569687269567,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687269567,"pkt":"2DE0IHf7NDY7z3UoCABFAAA0AABAAEAGJUsKAADjCgAAl957H3yCfYpFILtVvIAQEBX\/yAAAAQEIChwN2AUGktWO"}
01123{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":688,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569687269562,"flow_last_seen":1569687269567,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":242,"flow_tot_l4_payload_len":242,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1569687269567,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56955,"dst_port":8060,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"10.0.0.151","url":"10.0.0.151:8060\/dial\/dd.xml","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/77.0.3865.90 Safari\/537.36"}}
01129{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":688,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569687269562,"flow_last_seen":1569687269567,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":242,"flow_tot_l4_payload_len":242,"midstream":0,"thread_ts_msec":1569687269567,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56955,"dst_port":8060,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"10.0.0.151","url":"10.0.0.151:8060\/dial\/dd.xml","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/77.0.3865.90 Safari\/537.36"}}
00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":706,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_last_seen":1569687269598,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_msec":1569687269598,"pkt":"LH6BsEqhNDY7z3UoCABFAAAg\/t4AAEARZwsKAADjCgAAAc1zAMAADAmuEAEDEA=="}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":716,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687269716,"flow_last_seen":1569687269716,"flow_idle_time":200000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"thread_ts_msec":1569687269716,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":49816,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":716,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687269716,"flow_last_seen":1569687269716,"flow_idle_time":200000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"midstream":0,"thread_ts_msec":1569687269716,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":49816,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01132{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":716,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_last_seen":1569687269716,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":556,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":556,"pkt_l4_len":522,"thread_ts_msec":1569687269716,"pkt":"NDY7z3UopHczjPFACABFAAIeAABAAEARI1gKAACVCgAA48KY4MsCCjHASFRUUC8xLjEgMjAwIE9LDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTE4MDANCkRBVEU6IFNhdCwgMjggU2VwIDIwMTkgMTY6MTQ6MjkgR01UDQpFWFQ6DQpMT0NBVElPTjogaHR0cDovLzEwLjAuMC4xNDk6ODAwOC9zc2RwL2RldmljZS1kZXNjLnhtbA0KT1BUOiAiaHR0cDovL3NjaGVtYXMudXBucC5vcmcvdXBucC8xLzAvIjsgbnM9MDENCjAxLU5MUzogYjNiMTBmNmEtMWRkMS0xMWIyLWI3NDAtYWU5NDc5MzlkMzA4DQpTRVJWRVI6IExpbnV4LzMuOC4xMyssIFVQblAvMS4wLCBQb3J0YWJsZSBTREsgZm9yIFVQblAgZGV2aWNlcy8xLjYuMTgNClgtVXNlci1BZ2VudDogcmVkc29uaWMNClNUOiB1cm46ZGlhbC1tdWx0aXNjcmVlbi1vcmc6c2VydmljZTpkaWFsOjENClVTTjogdXVpZDo3OWQ4OGU4My03MjVjLWI3MWItYmFkMC01ODYyZDViMjIzODY6OnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KQk9PVElELlVQTlAuT1JHOiA0NzINCkNPTkZJR0lELlVQTlAuT1JHOiAxDQoNCg=="}
00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":716,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687269716,"flow_last_seen":1569687269716,"flow_idle_time":200000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"thread_ts_msec":1569687269716,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":49816,"dst_port":57547,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":716,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687269716,"flow_last_seen":1569687269716,"flow_idle_time":200000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"midstream":0,"thread_ts_msec":1569687269716,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":49816,"dst_port":57547,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
00860{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":768,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_last_seen":1569687270260,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":353,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":353,"pkt_l4_len":319,"thread_ts_msec":1569687270260,"pkt":"NDY7z3Uo2DE0IHf7CABFAAFTj91AAEARlEMKAACXCgAA4wds4MsBP0SkSFRUUC8xLjEgMjAwIE9LDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTM2MDANClNUOiB1cm46ZGlhbC1tdWx0aXNjcmVlbi1vcmc6c2VydmljZTpkaWFsOjENClVTTjogdXVpZDoyOTVjMDAwNC02ODA3LTEwNmQtODBjZi1kODMxMzQyMDc3ZmI6OnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KRXh0OiANClNlcnZlcjogUm9rdSBVUG5QLzEuMCBSb2t1LzkuMS4wDQpMT0NBVElPTjogaHR0cDovLzEwLjAuMC4xNTE6ODA2MC9kaWFsL2RkLnhtbA0KV0FLRVVQOiBNQUM9ZDg6MzE6MzQ6MjA6Nzc6ZmI7VGltZW91dD0xMA0KDQo="}
00681{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":807,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_last_seen":1569687270560,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":1569687270560,"pkt":"AQBef\/\/6NDY7z3UoCABFAADK9bsAAAERyIoKAADj7\/\/\/+uDLB2wAtl89TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KVVNFUi1BR0VOVDogR29vZ2xlIENocm9tZS83Ny4wLjM4NjUuOTAgTWFjIE9TIFgNCg0K"}
00860{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":821,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":3,"flow_last_seen":1569687270729,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":353,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":353,"pkt_l4_len":319,"thread_ts_msec":1569687270729,"pkt":"NDY7z3Uo2DE0IHf7CABFAAFTkARAAEARlBwKAACXCgAA4wds4MsBP0SkSFRUUC8xLjEgMjAwIE9LDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTM2MDANClNUOiB1cm46ZGlhbC1tdWx0aXNjcmVlbi1vcmc6c2VydmljZTpkaWFsOjENClVTTjogdXVpZDoyOTVjMDAwNC02ODA3LTEwNmQtODBjZi1kODMxMzQyMDc3ZmI6OnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KRXh0OiANClNlcnZlcjogUm9rdSBVUG5QLzEuMCBSb2t1LzkuMS4wDQpMT0NBVElPTjogaHR0cDovLzEwLjAuMC4xNTE6ODA2MC9kaWFsL2RkLnhtbA0KV0FLRVVQOiBNQUM9ZDg6MzE6MzQ6MjA6Nzc6ZmI7VGltZW91dD0xMA0KDQo="}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":822,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687270740,"flow_last_seen":1569687270740,"flow_idle_time":200000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"thread_ts_msec":1569687270740,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":48166,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":822,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687270740,"flow_last_seen":1569687270740,"flow_idle_time":200000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"midstream":0,"thread_ts_msec":1569687270740,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":48166,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01132{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":822,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_last_seen":1569687270740,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":556,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":556,"pkt_l4_len":522,"thread_ts_msec":1569687270740,"pkt":"NDY7z3UopHczjPFACABFAAIeAABAAEARI1gKAACVCgAA47wm4MsCCkExSFRUUC8xLjEgMjAwIE9LDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTE4MDANCkRBVEU6IFNhdCwgMjggU2VwIDIwMTkgMTY6MTQ6MzAgR01UDQpFWFQ6DQpMT0NBVElPTjogaHR0cDovLzEwLjAuMC4xNDk6ODAwOC9zc2RwL2RldmljZS1kZXNjLnhtbA0KT1BUOiAiaHR0cDovL3NjaGVtYXMudXBucC5vcmcvdXBucC8xLzAvIjsgbnM9MDENCjAxLU5MUzogYjNiMTBmNmEtMWRkMS0xMWIyLWI3NDAtYWU5NDc5MzlkMzA4DQpTRVJWRVI6IExpbnV4LzMuOC4xMyssIFVQblAvMS4wLCBQb3J0YWJsZSBTREsgZm9yIFVQblAgZGV2aWNlcy8xLjYuMTgNClgtVXNlci1BZ2VudDogcmVkc29uaWMNClNUOiB1cm46ZGlhbC1tdWx0aXNjcmVlbi1vcmc6c2VydmljZTpkaWFsOjENClVTTjogdXVpZDo3OWQ4OGU4My03MjVjLWI3MWItYmFkMC01ODYyZDViMjIzODY6OnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KQk9PVElELlVQTlAuT1JHOiA0NzINCkNPTkZJR0lELlVQTlAuT1JHOiAxDQoNCg=="}
00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":822,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687270740,"flow_last_seen":1569687270740,"flow_idle_time":200000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"thread_ts_msec":1569687270740,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":48166,"dst_port":57547,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":822,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687270740,"flow_last_seen":1569687270740,"flow_idle_time":200000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"midstream":0,"thread_ts_msec":1569687270740,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":48166,"dst_port":57547,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":844,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":3,"flow_last_seen":1569687271101,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_msec":1569687271101,"pkt":"LH6BsEqhNDY7z3UoCABFAAAgLGIAAEAROYgKAADjCgAAAc1zAMAADBGuCAEDEA=="}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":885,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687271764,"flow_last_seen":1569687271764,"flow_idle_time":200000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"thread_ts_msec":1569687271764,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":51382,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":885,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687271764,"flow_last_seen":1569687271764,"flow_idle_time":200000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"midstream":0,"thread_ts_msec":1569687271764,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":51382,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01132{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":885,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_last_seen":1569687271764,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":556,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":556,"pkt_l4_len":522,"thread_ts_msec":1569687271764,"pkt":"NDY7z3UopHczjPFACABFAAIeAABAAEARI1gKAACVCgAA48i24MsCCjOhSFRUUC8xLjEgMjAwIE9LDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTE4MDANCkRBVEU6IFNhdCwgMjggU2VwIDIwMTkgMTY6MTQ6MzEgR01UDQpFWFQ6DQpMT0NBVElPTjogaHR0cDovLzEwLjAuMC4xNDk6ODAwOC9zc2RwL2RldmljZS1kZXNjLnhtbA0KT1BUOiAiaHR0cDovL3NjaGVtYXMudXBucC5vcmcvdXBucC8xLzAvIjsgbnM9MDENCjAxLU5MUzogYjNiMTBmNmEtMWRkMS0xMWIyLWI3NDAtYWU5NDc5MzlkMzA4DQpTRVJWRVI6IExpbnV4LzMuOC4xMyssIFVQblAvMS4wLCBQb3J0YWJsZSBTREsgZm9yIFVQblAgZGV2aWNlcy8xLjYuMTgNClgtVXNlci1BZ2VudDogcmVkc29uaWMNClNUOiB1cm46ZGlhbC1tdWx0aXNjcmVlbi1vcmc6c2VydmljZTpkaWFsOjENClVTTjogdXVpZDo3OWQ4OGU4My03MjVjLWI3MWItYmFkMC01ODYyZDViMjIzODY6OnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KQk9PVElELlVQTlAuT1JHOiA0NzINCkNPTkZJR0lELlVQTlAuT1JHOiAxDQoNCg=="}
00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":885,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687271764,"flow_last_seen":1569687271764,"flow_idle_time":200000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"thread_ts_msec":1569687271764,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":51382,"dst_port":57547,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1797,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687277139,"flow_last_seen":1569687277139,"flow_idle_time":200000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1569687277139,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":885,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687271764,"flow_last_seen":1569687271764,"flow_idle_time":200000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"midstream":0,"thread_ts_msec":1569687271764,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":51382,"dst_port":57547,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1797,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687277139,"flow_last_seen":1569687277139,"flow_idle_time":200000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"midstream":0,"thread_ts_msec":1569687277139,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1797,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_last_seen":1569687277139,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_msec":1569687277139,"pkt":"\/\/\/\/\/\/\/\/NDY7z3UoCABFAABgVbYAAEARDvYKAADjCgAA\/wCJAIkATLhJRX8wEAABAAAAAAABIEVNRkFDTkZDRUxFRkZDRkZGQ0NORVBGREZJQ0FDQUFBAAAgAAHADAAgAAEAAAAAAAZgAAoAAOM="}
00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1797,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687277139,"flow_last_seen":1569687277139,"flow_idle_time":200000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1569687277139,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1797,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687277139,"flow_last_seen":1569687277139,"flow_idle_time":200000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"midstream":0,"thread_ts_msec":1569687277139,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1798,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":2,"flow_last_seen":1569687277144,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1569687277144,"pkt":"\/\/\/\/\/\/\/\/NDY7z3UoCABFAABOK\/AAAEAROM4KAADjCgAA\/wCJAIkAOvmHRYABEAABAAAAAAAAIEFCQUNGUEZQRU5GREVDRkNFUEZIRkRFRkZQRlBBQ0FCAAAgAAE="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1809,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":3,"flow_last_seen":1569687277188,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_msec":1569687277188,"pkt":"\/\/\/\/\/\/\/\/NDY7z3UoCABFAABgQ9oAAEARINIKAADjCgAA\/wCJAIkATMRRRYEwEAABAAAAAAABIEVNRkFDTkVDREFERUREREFERkREQ05GSERIREdERUFBAAAgAAHADAAgAAEAAAAAAAZgAAoAAOM="}
00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2353,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_last_seen":1569687281158,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687281158,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0UBJAAPMGvOUIJWfECgAA4wG73ieGjW4CDCXQ8YARTdYkXAAAAQEICnincgAcDdF\/"}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2587,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687286917,"flow_last_seen":1569687286917,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1569687286917,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2587,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687286917,"flow_last_seen":1569687286917,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"midstream":0,"thread_ts_msec":1569687286917,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2587,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_last_seen":1569687286917,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1569687286917,"pkt":"AQBeAAD7pHczjPFACABFAABEAABAAP8RkBgKAACV4AAA+xTpFOkAMI4UAAAAAAABAAAAAAAAC19nb29nbGV6b25lBF90Y3AFbG9jYWwAAAwAAQ=="}
00688{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2587,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687286917,"flow_last_seen":1569687286917,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1569687286917,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlezone._tcp.local"}}
00694{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2587,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687286917,"flow_last_seen":1569687286917,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"midstream":0,"thread_ts_msec":1569687286917,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlezone._tcp.local"}}
00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2588,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":2,"flow_last_seen":1569687286918,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_msec":1569687286918,"pkt":"AQBeAAD7pHczjPFACABFAABpAABAAP8Rj\/MKAACV4AAA+xTpFOkAVS3HAAAAAAABAAAAAAAAJDc5ZDg4ZTgzLTcyNWMtYjcxYi1iYWQwLTU4NjJkNWIyMjM4NgtfZ29vZ2xlem9uZQRfdGNwBWxvY2FsAAAhAAE="}
00734{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2588,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687286917,"flow_last_seen":1569687286918,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1569687286918,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"79d88e83-725c-b71b-bad0-5862d5b22386._googlezone._tcp.local"}}
00740{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2588,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1569687286917,"flow_last_seen":1569687286918,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":117,"midstream":0,"thread_ts_msec":1569687286918,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"79d88e83-725c-b71b-bad0-5862d5b22386._googlezone._tcp.local"}}
00749{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2589,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":3,"flow_last_seen":1569687286918,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":268,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":268,"pkt_l4_len":234,"thread_ts_msec":1569687286918,"pkt":"AQBeAAD7pHczjPFACABFAAD+AABAAP8Rj14KAACV4AAA+xTpFOkA6vJcAACEAAAAAAEAAAADC19nb29nbGV6b25lBF90Y3AFbG9jYWwAAAwAAQAAAHgAJyQ3OWQ4OGU4My03MjVjLWI3MWItYmFkMC01ODYyZDViMjIzODbADMAuABCAAQAAEZQAOCNpZD0yMERGOEZENkYzMTU5MUQyMDUwNEE5RkQ5OThDMzlFRRNfX2NvbW1vbl90aW1lX189MXwwwC4AIYABAAAAeAAtANIA8ycRJDc5ZDg4ZTgzLTcyNWMtYjcxYi1iYWQwLTU4NjJkNWIyMjM4NsAdwKsAAYABAAAAeAAECgAAlQ=="}
00699{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2589,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1569687286917,"flow_last_seen":1569687286918,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":343,"flow_avg_l4_payload_len":114,"midstream":0,"thread_ts_msec":1569687286918,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlezone._tcp.local"}}
00550{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2723,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687287737,"flow_last_seen":1569687287737,"flow_idle_time":140000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1569687287737,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.1","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3}
00704{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2589,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1569687286917,"flow_last_seen":1569687286918,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":343,"midstream":0,"thread_ts_msec":1569687286918,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlezone._tcp.local"}}
00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2723,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687287737,"flow_last_seen":1569687287737,"flow_idle_time":140000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"midstream":0,"thread_ts_msec":1569687287737,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.1","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2723,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_last_seen":1569687287737,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":16,"thread_ts_msec":1569687287737,"pkt":"AQBeAAABLH6BsEqhCABFwAAkGHoAAAEBtp0KAAAB4AAAAQkA5rYBAgVGCgAAAQAAAAAAAP\/\/Aiw="}
00628{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2723,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687287737,"flow_last_seen":1569687287737,"flow_idle_time":140000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1569687287737,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.1","l4_proto":"icmp","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":1.061278}
00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1569687268559,"flow_last_seen":1569687271560,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"239.255.255.250","src_port":57547,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1569687249612,"flow_last_seen":1569687268122,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":384,"flow_tot_l4_payload_len":3455,"flow_avg_l4_payload_len":181,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56884,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"ConnCheck"}}
00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1569687240992,"flow_last_seen":1569687241009,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.53","src_port":56885,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1569687240992,"flow_last_seen":1569687241009,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.53","src_port":56885,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1569687269223,"flow_last_seen":1569687272080,"flow_idle_time":200000,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":1244,"flow_avg_l4_payload_len":311,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.151","dst_ip":"10.0.0.227","src_port":1900,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1569687249612,"flow_last_seen":1569687268086,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":384,"flow_tot_l4_payload_len":1372,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56917,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"ConnCheck"}}
00648{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687287737,"flow_last_seen":1569687287737,"flow_idle_time":140000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.1","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}}
00644{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687246982,"flow_last_seen":1569687260293,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
00642{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687246982,"flow_last_seen":1569687260293,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.2","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
00642{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687241657,"flow_last_seen":1569687241657,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
00638{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687241452,"flow_last_seen":1569687241452,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1569687277139,"flow_last_seen":1569687283186,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":912,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569687260469,"flow_last_seen":1569687260521,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":70,"flow_avg_l4_payload_len":17,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"35.201.124.9","src_port":56910,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687260751,"flow_last_seen":1569687260767,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":118,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64972,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687271764,"flow_last_seen":1569687271764,"flow_idle_time":200000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":51382,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687251177,"flow_last_seen":1569687251230,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":74,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":54851,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687247192,"flow_last_seen":1569687259297,"flow_idle_time":200000,"flow_min_l4_payload_len":232,"flow_max_l4_payload_len":232,"flow_tot_l4_payload_len":464,"flow_avg_l4_payload_len":232,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.213","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}}
00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687246891,"flow_last_seen":1569687246924,"flow_idle_time":200000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":121,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":63107,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687261035,"flow_last_seen":1569687261054,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":183,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":52879,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687245251,"flow_last_seen":1569687245288,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":52879,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569687267677,"flow_last_seen":1569687268288,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":24,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.10.115.210","src_port":56879,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00596{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":2441,"flow_first_seen":1569687268746,"flow_last_seen":1569687289262,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":1469,"flow_tot_l4_payload_len":789975,"flow_avg_l4_payload_len":323,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":54107,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687261486,"flow_last_seen":1569687261506,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":77,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57017,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1569687241656,"flow_last_seen":1569687287122,"flow_idle_time":140000,"flow_min_l4_payload_len":120,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":1920,"flow_avg_l4_payload_len":120,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip6","src_ip":"fe80::2e7e:81ff:feb0:4aa1","dst_ip":"ff02::1","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1569687286917,"flow_last_seen":1569687286919,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":487,"flow_avg_l4_payload_len":121,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}}
00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1569687246981,"flow_last_seen":1569687272376,"flow_idle_time":200000,"flow_min_l4_payload_len":90,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":1070,"flow_avg_l4_payload_len":118,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}}
00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687261485,"flow_last_seen":1569687261501,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":77,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59222,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687267799,"flow_last_seen":1569687267819,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51060,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"}}
00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687267477,"flow_last_seen":1569687267493,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":74,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57253,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687261034,"flow_last_seen":1569687261050,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":183,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57261,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00652{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687246924,"flow_last_seen":1569687246924,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}}
00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":30,"flow_first_seen":1569687241422,"flow_last_seen":1569687286460,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":110,"flow_tot_l4_payload_len":2200,"flow_avg_l4_payload_len":73,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56320,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687245295,"flow_last_seen":1569687245320,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":121,"flow_tot_l4_payload_len":161,"flow_avg_l4_payload_len":80,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61387,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687269716,"flow_last_seen":1569687269716,"flow_idle_time":200000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":49816,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
00812{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1569687267797,"flow_last_seen":1569687267821,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":10,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"17.57.144.116","src_port":56886,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
01148{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":57,"flow_first_seen":1569687260591,"flow_last_seen":1569687262892,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":9167,"flow_avg_l4_payload_len":160,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.96.194","src_port":56921,"dst_port":4287,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687247596,"flow_last_seen":1569687248620,"flow_idle_time":140000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip6","src_ip":"fe80::408:3e45:3abc:1552","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687260751,"flow_last_seen":1569687260772,"flow_idle_time":200000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61613,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687267800,"flow_last_seen":1569687267818,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":331,"flow_avg_l4_payload_len":165,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59582,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"}}
00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687268747,"flow_last_seen":1569687268747,"flow_idle_time":200000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":50081,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
00640{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569687267841,"flow_last_seen":1569687288158,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.103.196","src_port":56871,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
00583{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569687267841,"flow_last_seen":1569687288158,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.103.196","src_port":56871,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687270740,"flow_last_seen":1569687270740,"flow_idle_time":200000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":48166,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
00907{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1569687245379,"flow_last_seen":1569687245725,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":8058,"flow_avg_l4_payload_len":268,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
00908{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":54,"flow_first_seen":1569687245688,"flow_last_seen":1569687268830,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":22452,"flow_avg_l4_payload_len":415,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
01030{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":92,"flow_first_seen":1569687267035,"flow_last_seen":1569687288923,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":21688,"flow_avg_l4_payload_len":235,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56929,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
00653{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687267988,"flow_last_seen":1569687268026,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"74.125.197.188","src_port":56874,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687267988,"flow_last_seen":1569687268026,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"74.125.197.188","src_port":56874,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1569687245576,"flow_last_seen":1569687267323,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":508,"flow_avg_l4_payload_len":33,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56914,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1569687245576,"flow_last_seen":1569687268339,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":508,"flow_avg_l4_payload_len":33,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56915,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1569687267453,"flow_last_seen":1569687267455,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56865,"dst_port":8008,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"CiscoVPN","breed":"Acceptable","category":"VPN"}}
00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1569687267453,"flow_last_seen":1569687267455,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56865,"dst_port":8008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00644{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1569687241064,"flow_last_seen":1569687246096,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56916,"dst_port":8009,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"AJP","breed":"Acceptable","category":"Web"}}
00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1569687241064,"flow_last_seen":1569687246096,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56916,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00598{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1569687267453,"flow_last_seen":1569687288697,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56866,"dst_port":8060,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1569687267453,"flow_last_seen":1569687288697,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56866,"dst_port":8060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00819{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1569687269561,"flow_last_seen":1569687269570,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1195,"flow_tot_l4_payload_len":1446,"flow_avg_l4_payload_len":206,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56954,"dst_port":8008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"CiscoVPN.HTTP","breed":"Acceptable","category":"Web"}}
00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1569687246982,"flow_last_seen":1569687272377,"flow_idle_time":200000,"flow_min_l4_payload_len":90,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":1070,"flow_avg_l4_payload_len":118,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip6","src_ip":"fe80::408:3e45:3abc:1552","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}}
00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687267831,"flow_last_seen":1569687267847,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":49781,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00927{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1569687269562,"flow_last_seen":1569687273580,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1140,"flow_tot_l4_payload_len":1572,"flow_avg_l4_payload_len":142,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56955,"dst_port":8060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1569687269094,"flow_last_seen":1569687286632,"flow_idle_time":200000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.1","src_port":52595,"dst_port":192,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1569687269094,"flow_last_seen":1569687286632,"flow_idle_time":200000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.1","src_port":52595,"dst_port":192,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687267805,"flow_last_seen":1569687267824,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64193,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"}}
00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687267851,"flow_last_seen":1569687267865,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":221,"flow_avg_l4_payload_len":110,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":58074,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00699{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1569687256018,"flow_last_seen":1569687267492,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":787,"flow_tot_l4_payload_len":3023,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"99.86.34.156","src_port":56920,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Slack","breed":"Acceptable","category":"Collaborative"}}
00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687268077,"flow_last_seen":1569687268077,"flow_idle_time":200000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":38616,"dst_port":61328,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
00648{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1569687262866,"flow_last_seen":1569687262912,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":366,"flow_avg_l4_payload_len":30,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"162.222.43.153","src_port":56881,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1569687262866,"flow_last_seen":1569687262912,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":366,"flow_avg_l4_payload_len":30,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"162.222.43.153","src_port":56881,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687267812,"flow_last_seen":1569687267847,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":82,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51990,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687255989,"flow_last_seen":1569687256018,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":70,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":58155,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Slack","breed":"Acceptable","category":"Collaborative"}}
00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687267991,"flow_last_seen":1569687267991,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"239.255.255.250","src_port":61328,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687245321,"flow_last_seen":1569687245366,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":121,"flow_tot_l4_payload_len":161,"flow_avg_l4_payload_len":80,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":62322,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687268376,"flow_last_seen":1569687268376,"flow_idle_time":200000,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.151","dst_ip":"10.0.0.227","src_port":1900,"dst_port":61328,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687267799,"flow_last_seen":1569687267814,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":106,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":60341,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"}}
00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687267481,"flow_last_seen":1569687267500,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":242,"flow_avg_l4_payload_len":121,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":62427,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"ConnCheck"}}
00646{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687242476,"flow_last_seen":1569687242476,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.255.250","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
00643{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687242271,"flow_last_seen":1569687242271,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.3.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2723,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687287737,"flow_last_seen":1569687287737,"flow_idle_time":140000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"midstream":0,"thread_ts_msec":1569687287737,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.1","l4_proto":"icmp","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":1.061278}
00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1569687268559,"flow_last_seen":1569687271560,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":696,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"239.255.255.250","src_port":57547,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":7,"flow_first_seen":1569687249612,"flow_last_seen":1569687268122,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":384,"flow_tot_l4_payload_len":3455,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56884,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"ConnCheck"}}
00663{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1569687240992,"flow_last_seen":1569687241009,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.53","src_port":56885,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1569687240992,"flow_last_seen":1569687241009,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.53","src_port":56885,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1569687269223,"flow_last_seen":1569687272080,"flow_idle_time":200000,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":1244,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.151","dst_ip":"10.0.0.227","src_port":1900,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1569687249612,"flow_last_seen":1569687268086,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":384,"flow_tot_l4_payload_len":1372,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56917,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"ConnCheck"}}
00654{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687287737,"flow_last_seen":1569687287737,"flow_idle_time":140000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.1","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}}
00651{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1569687246982,"flow_last_seen":1569687260293,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":16,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
00649{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1569687246982,"flow_last_seen":1569687260293,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":16,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.2","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
00649{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687241657,"flow_last_seen":1569687241657,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
00645{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687241452,"flow_last_seen":1569687241452,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":0,"flow_first_seen":1569687277139,"flow_last_seen":1569687283186,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":912,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
00593{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1569687260469,"flow_last_seen":1569687260521,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":70,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"35.201.124.9","src_port":56910,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569687260751,"flow_last_seen":1569687260767,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":118,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64972,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687271764,"flow_last_seen":1569687271764,"flow_idle_time":200000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":51382,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569687251177,"flow_last_seen":1569687251230,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":149,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":54851,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1569687247192,"flow_last_seen":1569687259297,"flow_idle_time":200000,"flow_min_l4_payload_len":232,"flow_max_l4_payload_len":232,"flow_tot_l4_payload_len":464,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.213","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}}
00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569687246891,"flow_last_seen":1569687246924,"flow_idle_time":200000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":121,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":63107,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569687261035,"flow_last_seen":1569687261054,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":183,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":52879,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569687245251,"flow_last_seen":1569687245288,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":52879,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00595{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1569687267677,"flow_last_seen":1569687268288,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":148,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.10.115.210","src_port":56879,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00604{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":1413,"flow_dst_packets_processed":1028,"flow_first_seen":1569687268746,"flow_last_seen":1569687289262,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":1469,"flow_tot_l4_payload_len":789975,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":54107,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569687261486,"flow_last_seen":1569687261506,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":154,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57017,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":0,"flow_first_seen":1569687241656,"flow_last_seen":1569687287122,"flow_idle_time":140000,"flow_min_l4_payload_len":120,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":1920,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip6","src_ip":"fe80::2e7e:81ff:feb0:4aa1","dst_ip":"ff02::1","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1569687286917,"flow_last_seen":1569687286919,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":487,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}}
00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1569687246981,"flow_last_seen":1569687272376,"flow_idle_time":200000,"flow_min_l4_payload_len":90,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":1070,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}}
00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569687261485,"flow_last_seen":1569687261501,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":154,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59222,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569687267799,"flow_last_seen":1569687267819,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":190,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51060,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"}}
00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569687267477,"flow_last_seen":1569687267493,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":74,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57253,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569687261034,"flow_last_seen":1569687261050,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":183,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57261,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00658{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687246924,"flow_last_seen":1569687246924,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}}
00596{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":20,"flow_dst_packets_processed":10,"flow_first_seen":1569687241422,"flow_last_seen":1569687286460,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":110,"flow_tot_l4_payload_len":2200,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56320,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569687245295,"flow_last_seen":1569687245320,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":121,"flow_tot_l4_payload_len":161,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61387,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687269716,"flow_last_seen":1569687269716,"flow_idle_time":200000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":49816,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
00818{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1569687267797,"flow_last_seen":1569687267821,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"17.57.144.116","src_port":56886,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
01154{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_src_packets_processed":29,"flow_dst_packets_processed":28,"flow_first_seen":1569687260591,"flow_last_seen":1569687262892,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":9167,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.96.194","src_port":56921,"dst_port":4287,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1569687247596,"flow_last_seen":1569687248620,"flow_idle_time":140000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip6","src_ip":"fe80::408:3e45:3abc:1552","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569687260751,"flow_last_seen":1569687260772,"flow_idle_time":200000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":110,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61613,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569687267800,"flow_last_seen":1569687267818,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":331,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59582,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"}}
00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687268747,"flow_last_seen":1569687268747,"flow_idle_time":200000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":50081,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
00647{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":5,"flow_first_seen":1569687267841,"flow_last_seen":1569687288158,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.103.196","src_port":56871,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
00590{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":5,"flow_first_seen":1569687267841,"flow_last_seen":1569687288158,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.103.196","src_port":56871,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687270740,"flow_last_seen":1569687270740,"flow_idle_time":200000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":48166,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
00913{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":14,"flow_first_seen":1569687245379,"flow_last_seen":1569687245725,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":8058,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
00914{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":26,"flow_first_seen":1569687245688,"flow_last_seen":1569687268830,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":22452,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
01036{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_src_packets_processed":48,"flow_dst_packets_processed":44,"flow_first_seen":1569687267035,"flow_last_seen":1569687288923,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":21688,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56929,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
00660{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569687267988,"flow_last_seen":1569687268026,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"74.125.197.188","src_port":56874,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
00592{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569687267988,"flow_last_seen":1569687268026,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"74.125.197.188","src_port":56874,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00595{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1569687245576,"flow_last_seen":1569687267323,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":508,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56914,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00595{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1569687245576,"flow_last_seen":1569687268339,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":508,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56915,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1569687267453,"flow_last_seen":1569687267455,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56865,"dst_port":8008,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"CiscoVPN","breed":"Acceptable","category":"VPN"}}
00589{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1569687267453,"flow_last_seen":1569687267455,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56865,"dst_port":8008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1569687241064,"flow_last_seen":1569687246096,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56916,"dst_port":8009,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"AJP","breed":"Acceptable","category":"Web"}}
00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1569687241064,"flow_last_seen":1569687246096,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56916,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00605{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1569687267453,"flow_last_seen":1569687288697,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56866,"dst_port":8060,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00589{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1569687267453,"flow_last_seen":1569687288697,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56866,"dst_port":8060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00824{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1569687269561,"flow_last_seen":1569687269570,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1195,"flow_tot_l4_payload_len":1446,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56954,"dst_port":8008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"CiscoVPN.HTTP","breed":"Acceptable","category":"Web"}}
00703{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1569687246982,"flow_last_seen":1569687272377,"flow_idle_time":200000,"flow_min_l4_payload_len":90,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":1070,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip6","src_ip":"fe80::408:3e45:3abc:1552","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}}
00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569687267831,"flow_last_seen":1569687267847,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":102,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":49781,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00931{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1569687269562,"flow_last_seen":1569687273580,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1140,"flow_tot_l4_payload_len":1572,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56955,"dst_port":8060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
00603{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1569687269094,"flow_last_seen":1569687286632,"flow_idle_time":200000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":40,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.1","src_port":52595,"dst_port":192,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00588{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1569687269094,"flow_last_seen":1569687286632,"flow_idle_time":200000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":40,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.1","src_port":52595,"dst_port":192,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569687267805,"flow_last_seen":1569687267824,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":193,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64193,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"}}
00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569687267851,"flow_last_seen":1569687267865,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":221,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":58074,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00705{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":11,"flow_first_seen":1569687256018,"flow_last_seen":1569687267492,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":787,"flow_tot_l4_payload_len":3023,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"99.86.34.156","src_port":56920,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Slack","breed":"Acceptable","category":"Collaborative"}}
00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687268077,"flow_last_seen":1569687268077,"flow_idle_time":200000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":38616,"dst_port":61328,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
00653{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1569687262866,"flow_last_seen":1569687262912,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":366,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"162.222.43.153","src_port":56881,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
00597{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1569687262866,"flow_last_seen":1569687262912,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":366,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"162.222.43.153","src_port":56881,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569687267812,"flow_last_seen":1569687267847,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":82,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51990,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569687255989,"flow_last_seen":1569687256018,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":70,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":58155,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Slack","breed":"Acceptable","category":"Collaborative"}}
00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687267991,"flow_last_seen":1569687267991,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"239.255.255.250","src_port":61328,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569687245321,"flow_last_seen":1569687245366,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":121,"flow_tot_l4_payload_len":161,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":62322,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687268376,"flow_last_seen":1569687268376,"flow_idle_time":200000,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.151","dst_ip":"10.0.0.227","src_port":1900,"dst_port":61328,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569687267799,"flow_last_seen":1569687267814,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":213,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":60341,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"}}
00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569687267481,"flow_last_seen":1569687267500,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":242,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":62427,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"ConnCheck"}}
00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687242476,"flow_last_seen":1569687242476,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.255.250","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
00650{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687242271,"flow_last_seen":1569687242271,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.3.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
00576{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","packets-captured":3001,"packets-processed":2997,"total-skipped-flows":0,"total-l4-payload-len":880499,"total-not-detected-flows":2,"total-guessed-flows":6,"total-detected-flows":61,"total-detection-updates":34,"total-updates":0,"current-active-flows":0,"total-active-flows":69,"total-idle-flows":69,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":399,"global_ts_msec":1569687289262}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 3001/2997
@@ -405,10 +405,10 @@
~~ total active/idle flows...: 69/69
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6226828 bytes
~~ total memory freed........: 6226828 bytes
~~ total memory allocated....: 6227380 bytes
~~ total memory freed........: 6227380 bytes
~~ total allocations/frees...: 124206/124206
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 451 chars
~~ json string max len.......: 1592 chars
~~ json string avg len.......: 1021 chars
~~ json string max len.......: 1596 chars
~~ json string avg len.......: 1023 chars

40
test/results/anydesk-2.pcap.out
View File

@@ -1,31 +1,31 @@
00460{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"anydesk-2.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00549{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"anydesk-2.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1613977585247}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1613977585247,"flow_last_seen":1613977585247,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1613977585247,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":59511,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1613977585247,"flow_last_seen":1613977585247,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"midstream":0,"thread_ts_msec":1613977585247,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":59511,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1613977585247,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1613977585247,"pkt":"EBMx8Tl22MuK4S0uCABFAABM5C0AAIARAADAqAG7wKgBAeh3ADUAOIRW7CIBAAABAAAAAAAADnJlbGF5LTMxODVhODQ3A25ldAdhbnlkZXNrA2NvbQAAAQAB"}
00795{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1613977585247,"flow_last_seen":1613977585247,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1613977585247,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":59511,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"dns": {"query":"relay-3185a847.net.anydesk.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00801{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1613977585247,"flow_last_seen":1613977585247,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"midstream":0,"thread_ts_msec":1613977585247,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":59511,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"dns": {"query":"relay-3185a847.net.anydesk.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1613977585260,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_msec":1613977585260,"pkt":"2MuK4S0uEBMx8Tl2CABFAABcjnRAADkRLxDAqAEBwKgBuwA16HcASAAA7CKBgAABAAEAAAAADnJlbGF5LTMxODVhODQ3A25ldAdhbnlkZXNrA2NvbQAAAQABwAwAAQABAADSNAAEJT3fDw=="}
00809{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1613977585247,"flow_last_seen":1613977585260,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1613977585260,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":59511,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"dns": {"query":"relay-3185a847.net.anydesk.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"37.61.223.15"}}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1613977585542,"flow_last_seen":1613977585542,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1613977585542,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":55376,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00815{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1613977585247,"flow_last_seen":1613977585260,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":112,"midstream":0,"thread_ts_msec":1613977585260,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":59511,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"dns": {"query":"relay-3185a847.net.anydesk.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"37.61.223.15"}}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1613977585542,"flow_last_seen":1613977585542,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"midstream":0,"thread_ts_msec":1613977585542,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":55376,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1613977585542,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1613977585542,"pkt":"EBMx8Tl22MuK4S0uCABFAABM5C4AAIARAADAqAG7wKgBAdhQADUAOIRW6okBAAABAAAAAAAADnJlbGF5LTliNjgyN2YyA25ldAdhbnlkZXNrA2NvbQAAAQAB"}
00795{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1613977585542,"flow_last_seen":1613977585542,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1613977585542,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":55376,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"dns": {"query":"relay-9b6827f2.net.anydesk.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00801{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1613977585542,"flow_last_seen":1613977585542,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"midstream":0,"thread_ts_msec":1613977585542,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":55376,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"dns": {"query":"relay-9b6827f2.net.anydesk.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1613977585553,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_msec":1613977585553,"pkt":"2MuK4S0uEBMx8Tl2CABFAABcBhBAADkRt3TAqAEBwKgBuwA12FAASAAA6omBgAABAAEAAAAADnJlbGF5LTliNjgyN2YyA25ldAdhbnlkZXNrA2NvbQAAAQABwAwAAQABAABtXAAEisckcw=="}
00811{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1613977585542,"flow_last_seen":1613977585553,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1613977585553,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":55376,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"dns": {"query":"relay-9b6827f2.net.anydesk.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"138.199.36.115"}}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1613977595379,"flow_last_seen":1613977595379,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1613977595379,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00817{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1613977585542,"flow_last_seen":1613977585553,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":112,"midstream":0,"thread_ts_msec":1613977585553,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":55376,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"dns": {"query":"relay-9b6827f2.net.anydesk.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"138.199.36.115"}}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1613977595379,"flow_last_seen":1613977595379,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1613977595379,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1613977595379,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1613977595379,"pkt":"KDc3AG3I2MuK4S0uCABFAAA0dDNAAIAGAADAqAG7wKgBstOUG56PGHtIAAAAAIAC+vCE5AAAAgQFtAEDAwgBAQQC"}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1613977595380,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1613977595380,"pkt":"2MuK4S0uKDc3AG3ICABFAAA0AABAAEAGtgbAqAGywKgBuxue05RZw\/OWjxh7SYAS\/\/+kVwAAAgQFtAEDAwUEAgAA"}
00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1613977595380,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1613977595380,"pkt":"KDc3AG3I2MuK4S0uCABFAAAodDRAAIAGAADAqAG7wKgBstOUG56PGHtJWcPzl1AQBAKE2AAA"}
01164{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1613977595379,"flow_last_seen":1613977595380,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":245,"flow_tot_l4_payload_len":245,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1613977595380,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"3f2fba0262b1a22b739126dfb2fe7a7d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01481{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1613977595379,"flow_last_seen":1613977595391,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1705,"flow_avg_l4_payload_len":243,"midstream":0,"thread_ts_msec":1613977595391,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"3f2fba0262b1a22b739126dfb2fe7a7d","ja3s":"ee644a8a34c434abca4b737ec1d9efad","unsafe_cipher":0,"cipher":"TLS_DHE_RSA_WITH_AES_256_GCM_SHA384","subjectDN":"CN=AnyDesk Client, CN=AnyDesk Client","fingerprint":"F8:4E:27:4E:F9:33:35:2F:1A:69:71:D5:02:6B:B8:72:EF:B7:BA:B0"}}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1613977595407,"flow_last_seen":1613977595407,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1613977595407,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.187","src_port":52039,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
01170{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1613977595379,"flow_last_seen":1613977595380,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":245,"flow_tot_l4_payload_len":245,"midstream":0,"thread_ts_msec":1613977595380,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"3f2fba0262b1a22b739126dfb2fe7a7d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01486{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1613977595379,"flow_last_seen":1613977595391,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1705,"midstream":0,"thread_ts_msec":1613977595391,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"3f2fba0262b1a22b739126dfb2fe7a7d","ja3s":"ee644a8a34c434abca4b737ec1d9efad","unsafe_cipher":0,"cipher":"TLS_DHE_RSA_WITH_AES_256_GCM_SHA384","subjectDN":"CN=AnyDesk Client, CN=AnyDesk Client","fingerprint":"F8:4E:27:4E:F9:33:35:2F:1A:69:71:D5:02:6B:B8:72:EF:B7:BA:B0"}}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1613977595407,"flow_last_seen":1613977595407,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1613977595407,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.187","src_port":52039,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1613977595407,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1613977595407,"pkt":"2MuK4S0uKDc3AG3ICABFAABAAABAAEAGtfrAqAGywKgBu8tHG54tLA3cAAAAALAC\/\/97PgAAAgQFtAEDAwUBAQgKHE34xQAAAAAEAgAA"}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1613977595407,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1613977595407,"pkt":"KDc3AG3I2MuK4S0uCABFAAA0dDlAAIAGAADAqAG7wKgBshuey0dV\/SLKLSwN3YAS\/\/+E5AAAAgQFtAEDAwgBAQQC"}
00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1613977595407,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1613977595407,"pkt":"2MuK4S0uKDc3AG3ICABFAAAoAABAAEAGthLAqAGywKgBu8tHG54tLA3dVf0iy1AQIABwXwAAAAAAAAAA"}
01165{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1613977595407,"flow_last_seen":1613977595408,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":263,"flow_tot_l4_payload_len":263,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1613977595408,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.187","src_port":52039,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01579{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":24,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1613977595407,"flow_last_seen":1613977595549,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":813,"flow_tot_l4_payload_len":1076,"flow_avg_l4_payload_len":179,"midstream":0,"thread_ts_msec":1613977595549,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.187","src_port":52039,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"4b505adfb4a921c5a3a39d293b0811e1","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_GCM_SHA384","subjectDN":"CN=AnyDesk Client, CN=AnyDesk Client","fingerprint":"86:4F:2A:9F:24:71:FD:0D:6A:35:56:AC:D8:7B:3A:19:E8:03:CA:2E"}}
01279{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2521,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1613977595407,"flow_last_seen":1613977595964,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1286,"flow_tot_l4_payload_len":3316,"flow_avg_l4_payload_len":221,"midstream":0,"thread_ts_msec":1613977618224,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.187","src_port":52039,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"}}
01182{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2521,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2502,"flow_first_seen":1613977595379,"flow_last_seen":1613977618224,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5506,"flow_tot_l4_payload_len":2002706,"flow_avg_l4_payload_len":800,"midstream":0,"thread_ts_msec":1613977618224,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"}}
00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2521,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1613977585542,"flow_last_seen":1613977585553,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1613977618224,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":55376,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"}}
00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2521,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1613977585247,"flow_last_seen":1613977585260,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1613977618224,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":59511,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"}}
01171{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1613977595407,"flow_last_seen":1613977595408,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":263,"flow_tot_l4_payload_len":263,"midstream":0,"thread_ts_msec":1613977595408,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.187","src_port":52039,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01584{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":24,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1613977595407,"flow_last_seen":1613977595549,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":813,"flow_tot_l4_payload_len":1076,"midstream":0,"thread_ts_msec":1613977595549,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.187","src_port":52039,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"4b505adfb4a921c5a3a39d293b0811e1","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_GCM_SHA384","subjectDN":"CN=AnyDesk Client, CN=AnyDesk Client","fingerprint":"86:4F:2A:9F:24:71:FD:0D:6A:35:56:AC:D8:7B:3A:19:E8:03:CA:2E"}}
01283{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2521,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1613977595407,"flow_last_seen":1613977595964,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1286,"flow_tot_l4_payload_len":3316,"midstream":0,"thread_ts_msec":1613977618224,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.187","src_port":52039,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"}}
01189{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2521,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":947,"flow_dst_packets_processed":1555,"flow_first_seen":1613977595379,"flow_last_seen":1613977618224,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5506,"flow_tot_l4_payload_len":2002706,"midstream":0,"thread_ts_msec":1613977618224,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"}}
00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2521,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1613977585542,"flow_last_seen":1613977585553,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":112,"midstream":0,"thread_ts_msec":1613977618224,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":55376,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"}}
00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2521,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1613977585247,"flow_last_seen":1613977585260,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":112,"midstream":0,"thread_ts_msec":1613977618224,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":59511,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"}}
00567{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2521,"source":"anydesk-2.pcap","alias":"nDPId-test","packets-captured":2521,"packets-processed":2521,"total-skipped-flows":0,"total-l4-payload-len":2006246,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":29,"global_ts_msec":1613977618224}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 2521/2521
@@ -35,10 +35,10 @@
~~ total active/idle flows...: 4/4
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6091827 bytes
~~ total memory freed........: 6091827 bytes
~~ total memory allocated....: 6091859 bytes
~~ total memory freed........: 6091859 bytes
~~ total allocations/frees...: 123420/123420
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 455 chars
~~ json string max len.......: 1584 chars
~~ json string avg len.......: 1018 chars
~~ json string max len.......: 1589 chars
~~ json string avg len.......: 1021 chars

24
test/results/anydesk.pcap.out
View File

@@ -1,19 +1,19 @@
00458{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"anydesk.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00547{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"anydesk.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1591342198821}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1591342198821,"flow_last_seen":1591342198821,"flow_idle_time":7580000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":1,"thread_ts_msec":1591342198821,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.239.144","src_port":36351,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1591342198821,"flow_last_seen":1591342198821,"flow_idle_time":7580000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"midstream":1,"thread_ts_msec":1591342198821,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.239.144","src_port":36351,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1591342198821,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1591342198821,"pkt":"AFBW5dKtAAwplUdeCABFAABbtopAAEAGCwXAqJWBM1PvkI3\/AFB7i54qMVwSUlAY+DR5WwAAFwMDAC7mz9mv7V5op8uDzrVlyYzGPOa22i4SIRv\/ctzVUMWyqJzhwIdSdK\/Qd7DJrcKc"}
00895{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1591342198821,"flow_last_seen":1591342198821,"flow_idle_time":7580000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":1,"thread_ts_msec":1591342198821,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.239.144","src_port":36351,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"}}
00901{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1591342198821,"flow_last_seen":1591342198821,"flow_idle_time":7580000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"midstream":1,"thread_ts_msec":1591342198821,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.239.144","src_port":36351,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"}}
00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1591342198821,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1591342198821,"pkt":"AAwplUdeAFBW5dKtCABFAAAoe1AAAIAGRnIzU++QwKiVgQBQjf8xXBJSe4ueXVAQ+vBP7wAAAAAAAAAA"}
00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1591342198998,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"thread_ts_msec":1591342198998,"pkt":"AFBW5dKtAAwplUdeCABFAABYtotAAEAGCwfAqJWBM1PvkI3\/AFB7i55dMVwSUlAY+DR5WAAAFwMDACvmz9mv7V5oqHbrZghdQbdzwBFFDzsTJ43BfdwI8acT8HfThIVfMXtYD9Ln"}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1591342199201,"flow_last_seen":1591342199201,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1591342199201,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1591342199201,"flow_last_seen":1591342199201,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1591342199201,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1591342199201,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1591342199201,"pkt":"AFBW5dKtAAwplUdeCABFAAA8CJBAAEAGudPAqJWBM1Pu26oPAFApppzyAAAAAKAC+vB4hwAAAgQFtAQCCAqukMx3AAAAAAEDAwc="}
00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1591342199366,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1591342199366,"pkt":"AAwplUdeAFBW5dKtCABFAAAse1UAAIAGRx4zU+7bwKiVgQBQqg9odWR8Kaac82AS+vDm4QAAAgQFtAAA"}
00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1591342199366,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1591342199366,"pkt":"AFBW5dKtAAwplUdeCABFAAAoCJFAAEAGuebAqJWBM1Pu26oPAFApppzzaHVkfVAQ+vB4cwAA"}
01297{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1591342199201,"flow_last_seen":1591342199366,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":263,"flow_tot_l4_payload_len":263,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1591342199366,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01356{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":14,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1591342199201,"flow_last_seen":1591342199532,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1300,"flow_tot_l4_payload_len":1563,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1591342199532,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"107030a763c7224285717ff1569a17f3","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"}}
01559{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1591342199201,"flow_last_seen":1591342199532,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1300,"flow_tot_l4_payload_len":2863,"flow_avg_l4_payload_len":357,"midstream":0,"thread_ts_msec":1591342199532,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"107030a763c7224285717ff1569a17f3","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=AnyNet Root CA, O=philandro Software GmbH, C=DE","subjectDN":"C=DE, O=philandro Software GmbH, CN=AnyNet Relay","fingerprint":"9E:08:D2:58:A9:02:CD:4F:E2:4A:26:B8:48:5C:43:0B:81:29:99:E3"}}
00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6963,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1591342198821,"flow_last_seen":1591342244652,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":607,"flow_avg_l4_payload_len":30,"midstream":1,"thread_ts_msec":1591342255171,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.239.144","src_port":36351,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
01180{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6963,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":6943,"flow_first_seen":1591342199201,"flow_last_seen":1591342255171,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2417415,"flow_avg_l4_payload_len":348,"midstream":0,"thread_ts_msec":1591342255171,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"}}
01303{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1591342199201,"flow_last_seen":1591342199366,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":263,"flow_tot_l4_payload_len":263,"midstream":0,"thread_ts_msec":1591342199366,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01361{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":14,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1591342199201,"flow_last_seen":1591342199532,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1300,"flow_tot_l4_payload_len":1563,"midstream":0,"thread_ts_msec":1591342199532,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"107030a763c7224285717ff1569a17f3","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"}}
01564{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1591342199201,"flow_last_seen":1591342199532,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1300,"flow_tot_l4_payload_len":2863,"midstream":0,"thread_ts_msec":1591342199532,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"107030a763c7224285717ff1569a17f3","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=AnyNet Root CA, O=philandro Software GmbH, C=DE","subjectDN":"C=DE, O=philandro Software GmbH, CN=AnyNet Relay","fingerprint":"9E:08:D2:58:A9:02:CD:4F:E2:4A:26:B8:48:5C:43:0B:81:29:99:E3"}}
00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6963,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1591342198821,"flow_last_seen":1591342244652,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":607,"midstream":1,"thread_ts_msec":1591342255171,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.239.144","src_port":36351,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
01188{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6963,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2942,"flow_dst_packets_processed":4001,"flow_first_seen":1591342199201,"flow_last_seen":1591342255171,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2417415,"midstream":0,"thread_ts_msec":1591342255171,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"}}
00565{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6963,"source":"anydesk.pcap","alias":"nDPId-test","packets-captured":6963,"packets-processed":6963,"total-skipped-flows":0,"total-l4-payload-len":2418022,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":17,"global_ts_msec":1591342255171}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 6963/6963
@@ -23,10 +23,10 @@
~~ total active/idle flows...: 2/2
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6212847 bytes
~~ total memory freed........: 6212847 bytes
~~ total memory allocated....: 6212863 bytes
~~ total memory freed........: 6212863 bytes
~~ total allocations/frees...: 127853/127853
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 454 chars
~~ json string max len.......: 1564 chars
~~ json string avg len.......: 998 chars
~~ json string max len.......: 1569 chars
~~ json string avg len.......: 1000 chars

242
test/results/avast_securedns.pcapng.out
View File

@@ -1,211 +1,211 @@
00468{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"avast_securedns.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00557{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"avast_securedns.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1625215624443}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625215624443,"flow_last_seen":1625215624443,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625215624443,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":57970,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625215624443,"flow_last_seen":1625215624443,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625215624443,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":57970,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1625215624443,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625215624443,"pkt":"eJS0JASgYDjgxTWgCABFAABDZa4AAH8ROYTAqAJktdYjleJyAbsAL0mrSMQBAAABAAAAAAAAATIJU2VDVVJlZG5TBWFWYXNUA0NvTQAAEAAB"}
00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625215624443,"flow_last_seen":1625215624443,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625215624443,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":57970,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625215624443,"flow_last_seen":1625215624443,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625215624443,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":57970,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00684{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1625215624563,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1625215624563,"pkt":"YDjgxTWgeJS0JASgCABFAADM0kQAADIRGWW11iOVwKgCZAG74nIAuMIZSMSBgAABAAEAAAAAATIJU2VDVVJlZG5TBWFWYXNUA0NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
00559{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"avast_securedns.pcapng","alias":"nDPId-test","packets-captured":3,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":215,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_msec":1625241699450}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625241699450,"flow_last_seen":1625241699450,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625241699450,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":61201,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625241699450,"flow_last_seen":1625241699450,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625241699450,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":61201,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1625241699450,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625241699450,"pkt":"eJS0JASgYDjgxTWgCABFAABDEeYAAH8RjUzAqAJktdYjle8RAbsAL9I803MBAAABAAAAAAAAATIJU0VjdVJlRE5zBUF2YXNUA0NPbQAAEAAB"}
00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625241699450,"flow_last_seen":1625241699450,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625241699450,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":61201,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625241699450,"flow_last_seen":1625241699450,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625241699450,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":61201,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00684{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1625241699572,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1625241699572,"pkt":"YDjgxTWgeJS0JASgCABFAADMLtkAADARvtC11iOVwKgCZAG77xEAuEqr03OBgAABAAEAAAAAATIJU0VjdVJlRE5zBUF2YXNUA0NPbQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625241701462,"flow_last_seen":1625241701462,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625241701462,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":60835,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625241701462,"flow_last_seen":1625241701462,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625241701462,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":60835,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1625241701462,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625241701462,"pkt":"eJS0JASgYDjgxTWgCABFAABDEeoAAH8RjUjAqAJktdYjle2jAbsAL7p1TIkBAAABAAAAAAAAATIJU0VDVXJFZE5zBWF2QVN0A0NPTQAAEAAB"}
00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625241701462,"flow_last_seen":1625241701462,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625241701462,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":60835,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625241701462,"flow_last_seen":1625241701462,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625241701462,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":60835,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00684{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1625241701583,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1625241701583,"pkt":"YDjgxTWgeJS0JASgCABFAADMMogAADIRuSG11iOVwKgCZAG77aMAuDLkTImBgAABAAEAAAAAATIJU0VDVXJFZE5zBWF2QVN0A0NPTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625215624443,"flow_last_seen":1625215624563,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625241701583,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":57970,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625241714666,"flow_last_seen":1625241714666,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625241714666,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":62775,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625215624443,"flow_last_seen":1625215624563,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"midstream":0,"thread_ts_msec":1625241701583,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":57970,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625241714666,"flow_last_seen":1625241714666,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625241714666,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":62775,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1625241714666,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625241714666,"pkt":"eJS0JASgYDjgxTWgCABFAABDXeQAAH8RQU7AqAJktdYjlfU3AbsAL3hGRwQBAAABAAAAAAAAATIJU2VjVVJlZG5zBUFWYVN0A0NPbQAAEAAB"}
00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625241714666,"flow_last_seen":1625241714666,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625241714666,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":62775,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625241714666,"flow_last_seen":1625241714666,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625241714666,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":62775,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00684{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1625241714787,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1625241714787,"pkt":"YDjgxTWgeJS0JASgCABFAADMRgkAADERpqC11iOVwKgCZAG79TcAuPC0RwSBgAABAAEAAAAAATIJU2VjVVJlZG5zBUFWYVN0A0NPbQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
00560{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":9,"source":"avast_securedns.pcapng","alias":"nDPId-test","packets-captured":9,"packets-processed":8,"total-skipped-flows":0,"total-l4-payload-len":860,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":4,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_msec":1625320207133}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625320207133,"flow_last_seen":1625320207133,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625320207133,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56581,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625320207133,"flow_last_seen":1625320207133,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625320207133,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56581,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1625320207133,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625320207133,"pkt":"eJS0JASgYDjgxTWgCABFAABDS9IAAH8RU2DAqAJktdYjld0FAbsALycJUJMBAAABAAAAAAAAATIJc2VjVVJlZG5TBUF2YXNUA2NvTQAAEAAB"}
00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625320207133,"flow_last_seen":1625320207133,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625320207133,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56581,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625320207133,"flow_last_seen":1625320207133,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625320207133,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56581,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00685{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1625320207252,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1625320207252,"pkt":"YDjgxTWgeJS0JASgCABFAADMnAoAADMRTp+11iOVwKgCZAG73QUAuJ93UJOBgAABAAEAAAAAATIJc2VjVVJlZG5TBUF2YXNUA2NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625320209063,"flow_last_seen":1625320209063,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625320209063,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56765,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00597{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625320209063,"flow_last_seen":1625320209063,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625320209063,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56765,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1625320209063,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625320209063,"pkt":"eJS0JASgYDjgxTWgCABFAABDS9YAAH8RU1zAqAJktdYjld29AbsAL+vXy0wBAAABAAAAAAAAATIJU2VjdVJFRG5TBWFWYVNUA0NvTQAAEAAB"}
00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625320209063,"flow_last_seen":1625320209063,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625320209063,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56765,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625320209063,"flow_last_seen":1625320209063,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625320209063,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56765,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00685{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1625320209184,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1625320209184,"pkt":"YDjgxTWgeJS0JASgCABFAADMnWsAADMRTT611iOVwKgCZAG73b0AuGRGy0yBgAABAAEAAAAAATIJU2VjdVJFRG5TBWFWYVNUA0NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625241699450,"flow_last_seen":1625241699572,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625320209184,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":61201,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625241714666,"flow_last_seen":1625241714787,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625320209184,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":62775,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625241701462,"flow_last_seen":1625241701583,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625320209184,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":60835,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625241699450,"flow_last_seen":1625241699572,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"midstream":0,"thread_ts_msec":1625320209184,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":61201,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625241714666,"flow_last_seen":1625241714787,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"midstream":0,"thread_ts_msec":1625320209184,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":62775,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625241701462,"flow_last_seen":1625241701583,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"midstream":0,"thread_ts_msec":1625320209184,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":60835,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00564{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":13,"source":"avast_securedns.pcapng","alias":"nDPId-test","packets-captured":13,"packets-processed":12,"total-skipped-flows":0,"total-l4-payload-len":1290,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":6,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":33,"global_ts_msec":1625321673727}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625321673727,"flow_last_seen":1625321673727,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625321673727,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":50581,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00597{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625321673727,"flow_last_seen":1625321673727,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625321673727,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":50581,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1625321673727,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625321673727,"pkt":"eJS0JASgYDjgxTWgCABFAABDS9wAAH8RU1bAqAJktdYjlcWVAbsAL1g+dw4BAAABAAAAAAAAATIJc2VDdXJFRE5TBUFWQXN0A0NvTQAAEAAB"}
00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625321673727,"flow_last_seen":1625321673727,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625321673727,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":50581,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625321673727,"flow_last_seen":1625321673727,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625321673727,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":50581,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00685{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1625321673848,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1625321673848,"pkt":"YDjgxTWgeJS0JASgCABFAADMus8AADIRMNq11iOVwKgCZAG7xZUAuNCsdw6BgAABAAEAAAAAATIJc2VDdXJFRE5TBUFWQXN0A0NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625321675283,"flow_last_seen":1625321675283,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625321675283,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":61107,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00597{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625321675283,"flow_last_seen":1625321675283,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625321675283,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":61107,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1625321675283,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625321675283,"pkt":"eJS0JASgYDjgxTWgCABFAABDS98AAH8RU1PAqAJktdYjle6zAbsAL9OvEl8BAAABAAAAAAAAATIJU0VDdVJFZE5zBWFWYXNUA0NPTQAAEAAB"}
00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625321675283,"flow_last_seen":1625321675283,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625321675283,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":61107,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625321675283,"flow_last_seen":1625321675283,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625321675283,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":61107,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00685{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1625321675403,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1625321675403,"pkt":"YDjgxTWgeJS0JASgCABFAADMuxcAADMRL5K11iOVwKgCZAG77rMAuEweEl+BgAABAAEAAAAAATIJU0VDdVJFZE5zBWFWYXNUA0NPTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625320207133,"flow_last_seen":1625320207252,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625321675403,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56581,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625320209063,"flow_last_seen":1625320209184,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625321675403,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56765,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625320207133,"flow_last_seen":1625320207252,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"midstream":0,"thread_ts_msec":1625321675403,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56581,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625320209063,"flow_last_seen":1625320209184,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"midstream":0,"thread_ts_msec":1625321675403,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56765,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00564{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":17,"source":"avast_securedns.pcapng","alias":"nDPId-test","packets-captured":17,"packets-processed":16,"total-skipped-flows":0,"total-l4-payload-len":1720,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":44,"global_ts_msec":1625395217252}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625395217252,"flow_last_seen":1625395217252,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625395217252,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64954,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00597{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625395217252,"flow_last_seen":1625395217252,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625395217252,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64954,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1625395217252,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625395217252,"pkt":"eJS0JASgYDjgxTWgCABFAABDKckAAH8RdWnAqAJktdYjlf26AbsAL3dTP5QBAAABAAAAAAAAATIJc0VjdVJlZE5zBUFWQVNUA2NvTQAAEAAB"}
00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625395217252,"flow_last_seen":1625395217252,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625395217252,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64954,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625395217252,"flow_last_seen":1625395217252,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625395217252,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64954,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00687{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1625395217373,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1625395217373,"pkt":"YDjgxTWgeJS0JASgCABFAADMg3oAADIRaC+11iOVwKgCZAG7\/boAuO\/BP5SBgAABAAEAAAAAATIJc0VjdVJlZE5zBUFWQVNUA2NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625395217373,"flow_last_seen":1625395217373,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625395217373,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59621,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625395217373,"flow_last_seen":1625395217373,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625395217373,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59621,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1625395217373,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625395217373,"pkt":"eJS0JASgYDjgxTWgCABFAABDKcUAAH8RdW3AqAJktdYjlejlAbsAL0m4oeQBAAABAAAAAAAAATIJc0VjVXJlRE5TBWF2QVNUA2NPbQAAEAAB"}
00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625395217373,"flow_last_seen":1625395217373,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625395217373,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59621,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625395217373,"flow_last_seen":1625395217373,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625395217373,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59621,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1625395217373,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1625395217373,"pkt":"YDjgxTWgeJS0JASgCABFAADMf00AADMRa1y11iOVwKgCZAG76OUAuMImoeSBgAABAAEAAAAAATIJc0VjVXJlRE5TBWF2QVNUA2NPbQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":21,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625321673727,"flow_last_seen":1625321673848,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625395217373,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":50581,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":21,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625321675283,"flow_last_seen":1625321675403,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625395217373,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":61107,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":21,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625321673727,"flow_last_seen":1625321673848,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"midstream":0,"thread_ts_msec":1625395217373,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":50581,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":21,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625321675283,"flow_last_seen":1625321675403,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"midstream":0,"thread_ts_msec":1625395217373,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":61107,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00566{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"avast_securedns.pcapng","alias":"nDPId-test","packets-captured":21,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":2150,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":10,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":55,"global_ts_msec":1625401091063}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625401091063,"flow_last_seen":1625401091063,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625401091063,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":52485,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625401091063,"flow_last_seen":1625401091063,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625401091063,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":52485,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1625401091063,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625401091063,"pkt":"eJS0JASgYDjgxTWgCABFAABDKc0AAH8RdWXAqAJktdYjlc0FAbsAL8xY+0MBAAABAAAAAAAAATIJc2VDdVJFZE5TBWF2YXNUA0NPbQAAEAAB"}
00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625401091063,"flow_last_seen":1625401091063,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625401091063,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":52485,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625401091063,"flow_last_seen":1625401091063,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625401091063,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":52485,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1625401091190,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1625401091190,"pkt":"YDjgxTWgeJS0JASgCABFAADMtpAAADMRNBm11iOVwKgCZAG7zQUAuETH+0OBgAABAAEAAAAAATIJc2VDdVJFZE5TBWF2YXNUA0NPbQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625401093323,"flow_last_seen":1625401093323,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625401093323,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54938,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625401093323,"flow_last_seen":1625401093323,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625401093323,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54938,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1625401093323,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625401093323,"pkt":"eJS0JASgYDjgxTWgCABFAABDKdEAAH8RdWHAqAJktdYjldaaAbsALxAyzbUBAAABAAAAAAAAATIJc2VjVVJlRE5zBWFWQVN0A2NvTQAAEAAB"}
00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625401093323,"flow_last_seen":1625401093323,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625401093323,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54938,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625401093323,"flow_last_seen":1625401093323,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625401093323,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54938,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1625401093443,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1625401093443,"pkt":"YDjgxTWgeJS0JASgCABFAADMuwEAADIRMKi11iOVwKgCZAG71poAuIigzbWBgAABAAEAAAAAATIJc2VjVVJlRE5zBWFWQVN0A2NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":25,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625395217373,"flow_last_seen":1625395217373,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625401093443,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59621,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":25,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625395217252,"flow_last_seen":1625395217373,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625401093443,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64954,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":25,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625395217373,"flow_last_seen":1625395217373,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"midstream":0,"thread_ts_msec":1625401093443,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59621,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":25,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625395217252,"flow_last_seen":1625395217373,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"midstream":0,"thread_ts_msec":1625401093443,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64954,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00567{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":25,"source":"avast_securedns.pcapng","alias":"nDPId-test","packets-captured":25,"packets-processed":24,"total-skipped-flows":0,"total-l4-payload-len":2580,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":12,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":66,"global_ts_msec":1625413810414}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625413810414,"flow_last_seen":1625413810414,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625413810414,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56839,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625413810414,"flow_last_seen":1625413810414,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625413810414,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56839,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1625413810414,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625413810414,"pkt":"eJS0JASgYDjgxTWgCABFAABDy3cAAH8R07rAqAJktdYjld4HAbsAL+Cz9gYBAAABAAAAAAAAATIJU0VDdXJlZE5TBUFWQXN0A0NPbQAAEAAB"}
00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625413810414,"flow_last_seen":1625413810414,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625413810414,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56839,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625413810414,"flow_last_seen":1625413810414,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625413810414,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56839,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1625413810531,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1625413810531,"pkt":"YDjgxTWgeJS0JASgCABFAADMKHAAADERxDm11iOVwKgCZAG73gcAuFki9gaBgAABAAEAAAAAATIJU0VDdXJlZE5TBUFWQXN0A0NPbQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625401091063,"flow_last_seen":1625401091190,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625413810531,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":52485,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625401093323,"flow_last_seen":1625401093443,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625413810531,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54938,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625401091063,"flow_last_seen":1625401091190,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"midstream":0,"thread_ts_msec":1625413810531,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":52485,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625401093323,"flow_last_seen":1625401093443,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"midstream":0,"thread_ts_msec":1625413810531,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54938,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00567{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":27,"source":"avast_securedns.pcapng","alias":"nDPId-test","packets-captured":27,"packets-processed":26,"total-skipped-flows":0,"total-l4-payload-len":2795,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":13,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":73,"global_ts_msec":1625477697370}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625477697370,"flow_last_seen":1625477697370,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625477697370,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":58155,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625477697370,"flow_last_seen":1625477697370,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625477697370,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":58155,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1625477697370,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625477697370,"pkt":"eJS0JASgYDjgxTWgCABFAABDQqcAAH8RXIvAqAJktdYjleMrAbsAL7nVV2EBAAABAAAAAAAAATIJc0VjVVJFZE5zBWFWQVN0A0NvbQAAEAAB"}
00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625477697370,"flow_last_seen":1625477697370,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625477697370,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":58155,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625477697370,"flow_last_seen":1625477697370,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625477697370,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":58155,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1625477697487,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1625477697487,"pkt":"YDjgxTWgeJS0JASgCABFAADMthcAADIRNZK11iOVwKgCZAG74ysAuDJEV2GBgAABAAEAAAAAATIJc0VjVVJFZE5zBWFWQVN0A0NvbQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625477700767,"flow_last_seen":1625477700767,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625477700767,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64487,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625477700767,"flow_last_seen":1625477700767,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625477700767,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64487,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1625477700767,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625477700767,"pkt":"eJS0JASgYDjgxTWgCABFAABD4k8AAH8RvOLAqAJktdYjlfvnAbsAL7tgPVoBAAABAAAAAAAAATIJc0VjVXJFRE5zBUFWQXN0A0NPTQAAEAAB"}
00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625477700767,"flow_last_seen":1625477700767,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625477700767,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64487,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625477700767,"flow_last_seen":1625477700767,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625477700767,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64487,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1625477700884,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1625477700884,"pkt":"YDjgxTWgeJS0JASgCABFAADMuTUAADIRMnS11iOVwKgCZAG7++cAuDPPPVqBgAABAAEAAAAAATIJc0VjVXJFRE5zBUFWQXN0A0NPTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625477702850,"flow_last_seen":1625477702850,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625477702850,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":49704,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625477702850,"flow_last_seen":1625477702850,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625477702850,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":49704,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1625477702850,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625477702850,"pkt":"eJS0JASgYDjgxTWgCABFAABD4lMAAH8RvN7AqAJktdYjlcIoAbsAL9+b0x0BAAABAAAAAAAAATIJU0VDdXJFZG5TBUF2QXNUA2NvTQAAEAAB"}
00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625477702850,"flow_last_seen":1625477702850,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625477702850,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":49704,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625477702850,"flow_last_seen":1625477702850,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625477702850,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":49704,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1625477702968,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1625477702968,"pkt":"YDjgxTWgeJS0JASgCABFAADMurcAADERMfK11iOVwKgCZAG7wigAuFgK0x2BgAABAAEAAAAAATIJU0VDdXJFZG5TBUF2QXNUA2NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":33,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625413810414,"flow_last_seen":1625413810531,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625477702968,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56839,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625477738051,"flow_last_seen":1625477738051,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625477738051,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":55311,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":33,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625413810414,"flow_last_seen":1625413810531,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"midstream":0,"thread_ts_msec":1625477702968,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56839,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625477738051,"flow_last_seen":1625477738051,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625477738051,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":55311,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1625477738051,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625477738051,"pkt":"eJS0JASgYDjgxTWgCABFAABD1LsAAH8RynbAqAJktdYjldgPAbsAL4PhWDEBAAABAAAAAAAAATIJc2VjdXJFZE5TBWF2YVN0A2NPbQAAEAAB"}
00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625477738051,"flow_last_seen":1625477738051,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625477738051,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":55311,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625477738051,"flow_last_seen":1625477738051,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625477738051,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":55311,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1625477738172,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1625477738172,"pkt":"YDjgxTWgeJS0JASgCABFAADMCxkAADER4ZC11iOVwKgCZAG72A8AuPxPWDGBgAABAAEAAAAAATIJc2VjdXJFZE5TBWF2YVN0A2NPbQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":35,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625477739836,"flow_last_seen":1625477739836,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625477739836,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56111,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":35,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625477739836,"flow_last_seen":1625477739836,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625477739836,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56111,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1625477739836,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625477739836,"pkt":"eJS0JASgYDjgxTWgCABFAABD1L8AAH8RynLAqAJktdYjldsvAbsAL1UmhCwBAAABAAAAAAAAATIJc0VjVXJlRG5TBWF2QVN0A2NPTQAAEAAB"}
00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625477739836,"flow_last_seen":1625477739836,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625477739836,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56111,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625477739836,"flow_last_seen":1625477739836,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625477739836,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56111,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1625477739952,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1625477739952,"pkt":"YDjgxTWgeJS0JASgCABFAADMDM8AADIR3tq11iOVwKgCZAG72y8AuM2UhCyBgAABAAEAAAAAATIJc0VjVXJlRG5TBWF2QVN0A2NPTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
00567{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":37,"source":"avast_securedns.pcapng","alias":"nDPId-test","packets-captured":37,"packets-processed":36,"total-skipped-flows":0,"total-l4-payload-len":3870,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":18,"total-detection-updates":0,"total-updates":0,"current-active-flows":5,"total-active-flows":18,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":95,"global_ts_msec":1625482316411}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625482316411,"flow_last_seen":1625482316411,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625482316411,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64494,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625482316411,"flow_last_seen":1625482316411,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625482316411,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64494,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1625482316411,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625482316411,"pkt":"eJS0JASgYDjgxTWgCABFAABDyvUAAH8R1DzAqAJktdYjlfvuAbsAL4YFMq4BAAABAAAAAAAAATIJU2VDVVJFZE5zBWFWYXNUA0NvbQAAEAAB"}
00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625482316411,"flow_last_seen":1625482316411,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625482316411,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64494,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625482316411,"flow_last_seen":1625482316411,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625482316411,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64494,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1625482316532,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1625482316532,"pkt":"YDjgxTWgeJS0JASgCABFAADMlTUAADMRVXS11iOVwKgCZAG7++4AuP5zMq6BgAABAAEAAAAAATIJU2VDVVJFZE5zBWFWYXNUA0NvbQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625482318517,"flow_last_seen":1625482318517,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625482318517,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51415,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625482318517,"flow_last_seen":1625482318517,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625482318517,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51415,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1625482318517,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625482318517,"pkt":"eJS0JASgYDjgxTWgCABFAABDyvkAAH8R1DjAqAJktdYjlcjXAbsALzxZb7EBAAABAAAAAAAAATIJU2VDdXJlRG5TBUFWQVN0A0NvbQAAEAAB"}
00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625482318517,"flow_last_seen":1625482318517,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625482318517,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51415,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625482318517,"flow_last_seen":1625482318517,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625482318517,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51415,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1625482318634,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1625482318634,"pkt":"YDjgxTWgeJS0JASgCABFAADMmQwAADIRUp211iOVwKgCZAG7yNcAuLTHb7GBgAABAAEAAAAAATIJU2VDdXJlRG5TBUFWQVN0A0NvbQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625477738051,"flow_last_seen":1625477738172,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625482318634,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":55311,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625477702850,"flow_last_seen":1625477702968,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625482318634,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":49704,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625477697370,"flow_last_seen":1625477697487,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625482318634,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":58155,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625477739836,"flow_last_seen":1625477739952,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625482318634,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56111,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625477700767,"flow_last_seen":1625477700884,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625482318634,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64487,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625482396199,"flow_last_seen":1625482396199,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625482396199,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":63776,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625477738051,"flow_last_seen":1625477738172,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"midstream":0,"thread_ts_msec":1625482318634,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":55311,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625477702850,"flow_last_seen":1625477702968,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"midstream":0,"thread_ts_msec":1625482318634,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":49704,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625477697370,"flow_last_seen":1625477697487,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"midstream":0,"thread_ts_msec":1625482318634,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":58155,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625477739836,"flow_last_seen":1625477739952,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"midstream":0,"thread_ts_msec":1625482318634,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56111,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625477700767,"flow_last_seen":1625477700884,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"midstream":0,"thread_ts_msec":1625482318634,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64487,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625482396199,"flow_last_seen":1625482396199,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625482396199,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":63776,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1625482396199,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625482396199,"pkt":"eJS0JASgYDjgxTWgCABFAABD9goAAH8RqSfAqAJktdYjlfkgAbsALyRTl04BAAABAAAAAAAAATIJc0VDdVJlZG5TBUFWQVN0A0NPbQAAEAAB"}
00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625482396199,"flow_last_seen":1625482396199,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625482396199,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":63776,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625482396199,"flow_last_seen":1625482396199,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625482396199,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":63776,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1625482396320,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1625482396320,"pkt":"YDjgxTWgeJS0JASgCABFAADMN0IAADMRs2e11iOVwKgCZAG7+SAAuJzBl06BgAABAAEAAAAAATIJc0VDdVJlZG5TBUFWQVN0A0NPbQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625482399044,"flow_last_seen":1625482399044,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625482399044,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":50008,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625482399044,"flow_last_seen":1625482399044,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625482399044,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":50008,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1625482399044,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625482399044,"pkt":"eJS0JASgYDjgxTWgCABFAABD9g4AAH8RqSPAqAJktdYjlcNYAbsAL0Y+i0sBAAABAAAAAAAAATIJU0VjVVJFRG5TBUF2QXN0A0NvbQAAEAAB"}
00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625482399044,"flow_last_seen":1625482399044,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625482399044,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":50008,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625482399044,"flow_last_seen":1625482399044,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625482399044,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":50008,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1625482399165,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1625482399165,"pkt":"YDjgxTWgeJS0JASgCABFAADMOy8AADIRsHq11iOVwKgCZAG7w1gAuL6si0uBgAABAAEAAAAAATIJU0VjVVJFRG5TBUF2QXN0A0NvbQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625482401089,"flow_last_seen":1625482401089,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625482401089,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":49737,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625482401089,"flow_last_seen":1625482401089,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625482401089,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":49737,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1625482401089,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625482401089,"pkt":"eJS0JASgYDjgxTWgCABFAABD9hIAAH8RqR\/AqAJktdYjlcJJAbsAL3PfnlkBAAABAAAAAAAAATIJc0VjVVJFZE5zBUFWYXNUA2NvTQAAEAAB"}
00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625482401089,"flow_last_seen":1625482401089,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625482401089,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":49737,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625482401089,"flow_last_seen":1625482401089,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625482401089,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":49737,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1625482401211,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1625482401211,"pkt":"YDjgxTWgeJS0JASgCABFAADMPeEAADIRrci11iOVwKgCZAG7wkkAuOxNnlmBgAABAAEAAAAAATIJc0VjVVJFZE5zBUFWYXNUA2NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":47,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625482484544,"flow_last_seen":1625482484544,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625482484544,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51887,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":47,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625482484544,"flow_last_seen":1625482484544,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625482484544,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51887,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1625482484544,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625482484544,"pkt":"eJS0JASgYDjgxTWgCABFAABD\/EEAAH8RovDAqAJktdYjlcqvAbsAL8hTAb8BAAABAAAAAAAAATIJU0VDVXJlRG5zBUFWYXN0A0NvTQAAEAAB"}
00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625482484544,"flow_last_seen":1625482484544,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625482484544,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51887,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625482484544,"flow_last_seen":1625482484544,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625482484544,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51887,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1625482484661,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1625482484661,"pkt":"YDjgxTWgeJS0JASgCABFAADMsJIAADIROxe11iOVwKgCZAG7yq8AuEDCAb+BgAABAAEAAAAAATIJU0VDVXJlRG5zBUFWYXN0A0NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625482484661,"flow_last_seen":1625482484661,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625482484661,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":60127,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625482484661,"flow_last_seen":1625482484661,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625482484661,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":60127,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1625482484661,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625482484661,"pkt":"eJS0JASgYDjgxTWgCABFAABD\/D0AAH8RovTAqAJktdYjlerfAbsAL5AIOXoBAAABAAAAAAAAATIJc0VjVXJlZE5TBUF2YXN0A2NPTQAAEAAB"}
00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625482484661,"flow_last_seen":1625482484661,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625482484661,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":60127,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625482484661,"flow_last_seen":1625482484661,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625482484661,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":60127,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1625482484661,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1625482484661,"pkt":"YDjgxTWgeJS0JASgCABFAADMo38AADIRSCq11iOVwKgCZAG76t8AuAh3OXqBgAABAAEAAAAAATIJc0VjVXJlZE5TBUF2YXN0A2NPTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":51,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625482486856,"flow_last_seen":1625482486856,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625482486856,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54546,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":51,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625482486856,"flow_last_seen":1625482486856,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625482486856,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54546,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1625482486856,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625482486856,"pkt":"eJS0JASgYDjgxTWgCABFAABD\/EUAAH8RouzAqAJktdYjldUSAbsAL8JN\/WEBAAABAAAAAAAAATIJc2VDVXJlZG5TBUFWQXN0A0NPTQAAEAAB"}
00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625482486856,"flow_last_seen":1625482486856,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625482486856,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54546,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625482486856,"flow_last_seen":1625482486856,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625482486856,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54546,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00688{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1625482486976,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1625482486976,"pkt":"YDjgxTWgeJS0JASgCABFAADMt\/IAADMRMre11iOVwKgCZAG71RIAuDq8\/WGBgAABAAEAAAAAATIJc2VDVXJlZG5TBUFWQXN0A0NPTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
00568{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":53,"source":"avast_securedns.pcapng","alias":"nDPId-test","packets-captured":53,"packets-processed":52,"total-skipped-flows":0,"total-l4-payload-len":5590,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":26,"total-detection-updates":0,"total-updates":0,"current-active-flows":8,"total-active-flows":26,"total-idle-flows":18,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":133,"global_ts_msec":1625482998213}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625482998213,"flow_last_seen":1625482998213,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625482998213,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64432,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625482998213,"flow_last_seen":1625482998213,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625482998213,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64432,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1625482998213,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625482998213,"pkt":"eJS0JASgYDjgxTWgCABFAABDf48AAH8RH6PAqAJktdYjlfuwAbsAL9NLpcUBAAABAAAAAAAAATIJc0VjdVJlZE5TBUF2YXNUA0NvTQAAEAAB"}
00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625482998213,"flow_last_seen":1625482998213,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625482998213,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64432,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625482998213,"flow_last_seen":1625482998213,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625482998213,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64432,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00687{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1625482998333,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1625482998333,"pkt":"YDjgxTWgeJS0JASgCABFAADM\/oEAADMR7Ce11iOVwKgCZAG7+7AAuEu6pcWBgAABAAEAAAAAATIJc0VjdVJlZE5TBUF2YXNUA0NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":55,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625482318517,"flow_last_seen":1625482318634,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625482998333,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51415,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":55,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625482396199,"flow_last_seen":1625482396320,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625482998333,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":63776,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":55,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625482401089,"flow_last_seen":1625482401211,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625482998333,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":49737,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":55,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625482484544,"flow_last_seen":1625482484661,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625482998333,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51887,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":55,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625482484661,"flow_last_seen":1625482484661,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625482998333,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":60127,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":55,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625482399044,"flow_last_seen":1625482399165,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625482998333,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":50008,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":55,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625482316411,"flow_last_seen":1625482316532,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625482998333,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64494,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":55,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625482486856,"flow_last_seen":1625482486976,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625482998333,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54546,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625483010449,"flow_last_seen":1625483010449,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625483010449,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59613,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":55,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625482318517,"flow_last_seen":1625482318634,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"midstream":0,"thread_ts_msec":1625482998333,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51415,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":55,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625482396199,"flow_last_seen":1625482396320,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"midstream":0,"thread_ts_msec":1625482998333,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":63776,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":55,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625482401089,"flow_last_seen":1625482401211,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"midstream":0,"thread_ts_msec":1625482998333,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":49737,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":55,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625482484544,"flow_last_seen":1625482484661,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"midstream":0,"thread_ts_msec":1625482998333,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51887,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":55,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625482484661,"flow_last_seen":1625482484661,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"midstream":0,"thread_ts_msec":1625482998333,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":60127,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":55,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625482399044,"flow_last_seen":1625482399165,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"midstream":0,"thread_ts_msec":1625482998333,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":50008,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":55,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625482316411,"flow_last_seen":1625482316532,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"midstream":0,"thread_ts_msec":1625482998333,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64494,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":55,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625482486856,"flow_last_seen":1625482486976,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"midstream":0,"thread_ts_msec":1625482998333,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54546,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625483010449,"flow_last_seen":1625483010449,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625483010449,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59613,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1625483010449,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625483010449,"pkt":"eJS0JASgYDjgxTWgCABFAABDf5MAAH8RH5\/AqAJktdYjlejdAbsALyrioMIBAAABAAAAAAAAATIJc0VDVXJFRG5zBWFWQXN0A2NvTQAAEAAB"}
00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625483010449,"flow_last_seen":1625483010449,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625483010449,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59613,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625483010449,"flow_last_seen":1625483010449,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625483010449,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59613,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1625483010570,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1625483010570,"pkt":"YDjgxTWgeJS0JASgCABFAADMH70AADMRyuy11iOVwKgCZAG76N0AuKNQoMKBgAABAAEAAAAAATIJc0VDVXJFRG5zBWFWQXN0A2NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625483073336,"flow_last_seen":1625483073336,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625483073336,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":65063,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625483073336,"flow_last_seen":1625483073336,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625483073336,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":65063,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1625483073336,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625483073336,"pkt":"eJS0JASgYDjgxTWgCABFAABDR0IAAH8RV\/DAqAJktdYjlf4nAbsAL7S54cABAAABAAAAAAAAATIJc0VDVXJFRG5zBWF2QXN0A0NvTQAAEAAB"}
00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625483073336,"flow_last_seen":1625483073336,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625483073336,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":65063,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625483073336,"flow_last_seen":1625483073336,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625483073336,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":65063,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00687{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1625483073457,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1625483073457,"pkt":"YDjgxTWgeJS0JASgCABFAADMaN0AADIRgsy11iOVwKgCZAG7\/icAuC0o4cCBgAABAAEAAAAAATIJc0VDVXJFRG5zBWF2QXN0A0NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625483073457,"flow_last_seen":1625483073457,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625483073457,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51929,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625483073457,"flow_last_seen":1625483073457,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625483073457,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51929,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1625483073457,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625483073457,"pkt":"eJS0JASgYDjgxTWgCABFAABDRz4AAH8RV\/TAqAJktdYjlcrZAbsAL46OWvoBAAABAAAAAAAAATIJU0VjVXJlRG5zBWFWQXN0A2NPbQAAEAAB"}
00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625483073457,"flow_last_seen":1625483073457,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625483073457,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51929,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625483073457,"flow_last_seen":1625483073457,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625483073457,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51929,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1625483073457,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1625483073457,"pkt":"YDjgxTWgeJS0JASgCABFAADMZ5oAADIRhA+11iOVwKgCZAG7ytkAuAb9WvqBgAABAAEAAAAAATIJU0VjVXJlRG5zBWFWQXN0A2NPbQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625483073457,"flow_last_seen":1625483073457,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625483073457,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":52417,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625483073457,"flow_last_seen":1625483073457,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625483073457,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":52417,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1625483073457,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625483073457,"pkt":"eJS0JASgYDjgxTWgCABFAABDRzoAAH8RV\/jAqAJktdYjlczBAbsAL78\/SIEBAAABAAAAAAAAATIJc2VDVXJlZE5zBWFWQVNUA2NPTQAAEAAB"}
00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625483073457,"flow_last_seen":1625483073457,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625483073457,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":52417,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625483073457,"flow_last_seen":1625483073457,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625483073457,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":52417,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00687{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1625483073457,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1625483073457,"pkt":"YDjgxTWgeJS0JASgCABFAADMX7kAADIRi\/C11iOVwKgCZAG7zMEAuDeuSIGBgAABAAEAAAAAATIJc2VDVXJlZE5zBWFWQVNUA2NPTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
00568{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":63,"source":"avast_securedns.pcapng","alias":"nDPId-test","packets-captured":63,"packets-processed":62,"total-skipped-flows":0,"total-l4-payload-len":6665,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":31,"total-detection-updates":0,"total-updates":0,"current-active-flows":5,"total-active-flows":31,"total-idle-flows":26,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":162,"global_ts_msec":1625511643408}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625511643408,"flow_last_seen":1625511643408,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625511643408,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59474,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625511643408,"flow_last_seen":1625511643408,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625511643408,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59474,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1625511643408,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625511643408,"pkt":"eJS0JASgYDjgxTWgCABFAABDhScAAH8RGgvAqAJktdYjlehSAbsAL7NiOO0BAAABAAAAAAAAATIJU2VDVVJFZG5zBUFWYVN0A2NPTQAAEAAB"}
00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625511643408,"flow_last_seen":1625511643408,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625511643408,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59474,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625511643408,"flow_last_seen":1625511643408,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625511643408,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59474,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1625511643529,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1625511643529,"pkt":"YDjgxTWgeJS0JASgCABFAADM0vYAADMRF7O11iOVwKgCZAG76FIAuCvROO2BgAABAAEAAAAAATIJU2VDVVJFZG5zBUFWYVN0A2NPTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625511645426,"flow_last_seen":1625511645426,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625511645426,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":53839,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625511645426,"flow_last_seen":1625511645426,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625511645426,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":53839,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1625511645426,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625511645426,"pkt":"eJS0JASgYDjgxTWgCABFAABDhSsAAH8RGgfAqAJktdYjldJPAbsAL0czmx8BAAABAAAAAAAAATIJc2VDVVJFRE5TBWF2QVN0A2NvbQAAEAAB"}
00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":65,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625511645426,"flow_last_seen":1625511645426,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625511645426,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":53839,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":65,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625511645426,"flow_last_seen":1625511645426,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625511645426,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":53839,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1625511645546,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1625511645546,"pkt":"YDjgxTWgeJS0JASgCABFAADM008AADMRF1q11iOVwKgCZAG70k8AuL+hmx+BgAABAAEAAAAAATIJc2VDVVJFRE5TBWF2QVN0A2NvbQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":67,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625483010449,"flow_last_seen":1625483010570,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625511645546,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59613,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":67,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625483073457,"flow_last_seen":1625483073457,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625511645546,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51929,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":67,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625482998213,"flow_last_seen":1625482998333,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625511645546,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64432,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":67,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625483073457,"flow_last_seen":1625483073457,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625511645546,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":52417,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":67,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625483073336,"flow_last_seen":1625483073457,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625511645546,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":65063,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":67,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625483010449,"flow_last_seen":1625483010570,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"midstream":0,"thread_ts_msec":1625511645546,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59613,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":67,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625483073457,"flow_last_seen":1625483073457,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"midstream":0,"thread_ts_msec":1625511645546,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51929,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":67,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625482998213,"flow_last_seen":1625482998333,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"midstream":0,"thread_ts_msec":1625511645546,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64432,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":67,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625483073457,"flow_last_seen":1625483073457,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"midstream":0,"thread_ts_msec":1625511645546,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":52417,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":67,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625483073336,"flow_last_seen":1625483073457,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"midstream":0,"thread_ts_msec":1625511645546,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":65063,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00568{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":67,"source":"avast_securedns.pcapng","alias":"nDPId-test","packets-captured":67,"packets-processed":66,"total-skipped-flows":0,"total-l4-payload-len":7095,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":33,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":33,"total-idle-flows":31,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":176,"global_ts_msec":1625556065479}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":67,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625556065479,"flow_last_seen":1625556065479,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625556065479,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":55948,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":67,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625556065479,"flow_last_seen":1625556065479,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625556065479,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":55948,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1625556065479,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625556065479,"pkt":"eJS0JASgYDjgxTWgCABFAABDHAQAAH8Rgy7AqAJktdYjldqMAbsAL9sh3zMBAAABAAAAAAAAATIJU2VDVXJlRG5zBUF2QVNUA0NPbQAAEAAB"}
00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625556065479,"flow_last_seen":1625556065479,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625556065479,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":55948,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":68,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625556067432,"flow_last_seen":1625556067432,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625556067432,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51383,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625556065479,"flow_last_seen":1625556065479,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625556065479,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":55948,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":68,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625556067432,"flow_last_seen":1625556067432,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625556067432,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51383,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1625556067432,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625556067432,"pkt":"eJS0JASgYDjgxTWgCABFAABDHAgAAH8RgyrAqAJktdYjlci3AbsAL6ehZCkBAAABAAAAAAAAATIJc0VDVXJlRE5zBWF2YVNUA2NPTQAAEAAB"}
00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625556067432,"flow_last_seen":1625556067432,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625556067432,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51383,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625556067432,"flow_last_seen":1625556067432,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625556067432,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51383,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1625556067553,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1625556067553,"pkt":"YDjgxTWgeJS0JASgCABFAADMazAAADIRgHm11iOVwKgCZAG7yLcAuCAQZCmBgAABAAEAAAAAATIJc0VDVXJlRE5zBWF2YVNUA2NPTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":70,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625511643408,"flow_last_seen":1625511643529,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625556067553,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59474,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":70,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625511645426,"flow_last_seen":1625511645546,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625556067553,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":53839,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":70,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625556100118,"flow_last_seen":1625556100118,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625556100118,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64700,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":70,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625511643408,"flow_last_seen":1625511643529,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"midstream":0,"thread_ts_msec":1625556067553,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59474,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":70,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625511645426,"flow_last_seen":1625511645546,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"midstream":0,"thread_ts_msec":1625556067553,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":53839,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":70,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625556100118,"flow_last_seen":1625556100118,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625556100118,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64700,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1625556100118,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625556100118,"pkt":"eJS0JASgYDjgxTWgCABFAABDGwQAAH8RhC7AqAJktdYjlfy8AbsAL4gY7+wBAAABAAAAAAAAATIJU2VjdXJlRG5TBWFWYVNUA0NvTQAAEAAB"}
00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625556100118,"flow_last_seen":1625556100118,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625556100118,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64700,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625556100118,"flow_last_seen":1625556100118,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625556100118,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64700,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00687{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1625556100236,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1625556100236,"pkt":"YDjgxTWgeJS0JASgCABFAADMlbkAADIRVfC11iOVwKgCZAG7\/LwAuACH7+yBgAABAAEAAAAAATIJU2VjdXJlRG5TBWFWYVNUA0NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625556102196,"flow_last_seen":1625556102196,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625556102196,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54549,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625556102196,"flow_last_seen":1625556102196,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625556102196,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54549,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1625556102196,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625556102196,"pkt":"eJS0JASgYDjgxTWgCABFAABDGwgAAH8RhCrAqAJktdYjldUVAbsAL6kdFo8BAAABAAAAAAAAATIJU0VjVXJlRG5TBUFWYXN0A0NvTQAAEAAB"}
00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625556102196,"flow_last_seen":1625556102196,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625556102196,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54549,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625556102196,"flow_last_seen":1625556102196,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625556102196,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54549,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":1625556102314,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1625556102314,"pkt":"YDjgxTWgeJS0JASgCABFAADMmGEAADMRUki11iOVwKgCZAG71RUAuCGMFo+BgAABAAEAAAAAATIJU0VjVXJlRG5TBUFWYXN0A0NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
00568{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":74,"source":"avast_securedns.pcapng","alias":"nDPId-test","packets-captured":74,"packets-processed":73,"total-skipped-flows":0,"total-l4-payload-len":7779,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":37,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":37,"total-idle-flows":33,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":194,"global_ts_msec":1625558730271}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625558730271,"flow_last_seen":1625558730271,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625558730271,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54760,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625558730271,"flow_last_seen":1625558730271,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625558730271,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54760,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1625558730271,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625558730271,"pkt":"eJS0JASgYDjgxTWgCABFAABDLFIAAH8RcuDAqAJktdYjldXoAbsALw4O0KsBAAABAAAAAAAAATIJU0VDdXJlZE5zBUFWYVNUA2NvTQAAEAAB"}
00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625558730271,"flow_last_seen":1625558730271,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625558730271,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54760,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625558730271,"flow_last_seen":1625558730271,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625558730271,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54760,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00687{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1625558730389,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1625558730389,"pkt":"YDjgxTWgeJS0JASgCABFAADM7EMAADIR\/2W11iOVwKgCZAG71egAuIZ80KuBgAABAAEAAAAAATIJU0VDdXJlZE5zBUFWYVNUA2NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625558735043,"flow_last_seen":1625558735043,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625558735043,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":49152,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625558735043,"flow_last_seen":1625558735043,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625558735043,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":49152,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1625558735043,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625558735043,"pkt":"eJS0JASgYDjgxTWgCABFAABDLFYAAH8RctzAqAJktdYjlcAAAbsAL9\/2VKsBAAABAAAAAAAAATIJc0VjVVJFZE5TBUFWQVN0A2NvTQAAEAAB"}
00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625558735043,"flow_last_seen":1625558735043,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625558735043,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":49152,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625558735043,"flow_last_seen":1625558735043,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625558735043,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":49152,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00687{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_last_seen":1625558735164,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1625558735164,"pkt":"YDjgxTWgeJS0JASgCABFAADM7yMAADIR\/IW11iOVwKgCZAG7wAAAuFhlVKuBgAABAAEAAAAAATIJc0VjVVJFZE5TBUFWQVN0A2NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625558735043,"flow_last_seen":1625558735164,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625558735164,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":49152,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625556067432,"flow_last_seen":1625556067553,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625558735164,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51383,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1625556065479,"flow_last_seen":1625556065479,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625558735164,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":55948,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625556100118,"flow_last_seen":1625556100236,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625558735164,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64700,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625556102196,"flow_last_seen":1625556102314,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625558735164,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54549,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625558730271,"flow_last_seen":1625558730389,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625558735164,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54760,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625558735043,"flow_last_seen":1625558735164,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"midstream":0,"thread_ts_msec":1625558735164,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":49152,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625556067432,"flow_last_seen":1625556067553,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"midstream":0,"thread_ts_msec":1625558735164,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51383,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625556065479,"flow_last_seen":1625556065479,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625558735164,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":55948,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625556100118,"flow_last_seen":1625556100236,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"midstream":0,"thread_ts_msec":1625558735164,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64700,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625556102196,"flow_last_seen":1625556102314,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"midstream":0,"thread_ts_msec":1625558735164,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54549,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625558730271,"flow_last_seen":1625558730389,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"midstream":0,"thread_ts_msec":1625558735164,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54760,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
00570{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":77,"source":"avast_securedns.pcapng","alias":"nDPId-test","packets-captured":77,"packets-processed":77,"total-skipped-flows":0,"total-l4-payload-len":8209,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":39,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":39,"total-idle-flows":39,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":209,"global_ts_msec":1625558735164}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 77/77
@@ -215,10 +215,10 @@
~~ total active/idle flows...: 39/39
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6045590 bytes
~~ total memory freed........: 6045590 bytes
~~ total memory allocated....: 6045902 bytes
~~ total memory freed........: 6045902 bytes
~~ total allocations/frees...: 121105/121105
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 473 chars
~~ json string max len.......: 702 chars
~~ json string avg len.......: 587 chars
~~ json string max len.......: 707 chars
~~ json string avg len.......: 590 chars

42
test/results/bad-dns-traffic.pcap.out
View File

@@ -1,31 +1,31 @@
00466{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00555{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1486012623234}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1486012623234,"flow_last_seen":1486012623234,"flow_idle_time":200000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":91,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1486012623234,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1486012623234,"flow_last_seen":1486012623234,"flow_idle_time":200000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":91,"midstream":0,"thread_ts_msec":1486012623234,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1486012623234,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"thread_ts_msec":1486012623234,"pkt":"AhoR+f4q5LMYS\/DDCABFAAB3821AAEARVP\/AqCtbBAICBIx+ADUAYyoIa68BAAABAAAAAAAAODA1ZTEwMGE2MjFjMzYyMDAwMTYzNmY2ZTczNmY2YzY1MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAAA8AAQ=="}
00959{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1486012623234,"flow_last_seen":1486012623234,"flow_idle_time":200000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":91,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1486012623234,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"05e100a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00965{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1486012623234,"flow_last_seen":1486012623234,"flow_idle_time":200000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":91,"midstream":0,"thread_ts_msec":1486012623234,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"05e100a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1486012624242,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"thread_ts_msec":1486012624242,"pkt":"AhoR+f4q5LMYS\/DDCABFAAB38+5AAEARVH7AqCtbBAICBIx+ADUAY73N0g0BAAABAAAAAAAAODk1ODcwMGE2MjFjMzYyMDAwMTYzNmY2ZTczNmY2YzY1MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAAA8AAQ=="}
00968{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1486012623234,"flow_last_seen":1486012624242,"flow_idle_time":200000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1486012624242,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00974{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1486012623234,"flow_last_seen":1486012624242,"flow_idle_time":200000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":182,"midstream":0,"thread_ts_msec":1486012624242,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1486012624325,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1486012624325,"pkt":"5LMYS\/DDAhoR+f4qCABFAACaAABAADMRVUoEAgIEwKgrWwA1jH4AhhPK0g2BgAABAAEAAAAAODk1ODcwMGE2MjFjMzYyMDAwMTYzNmY2ZTczNmY2YzY1MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAAA8AAcAMAA8AAQAAADwAFwAKEjYzNGYwMGE2MjEwMTBhMDAwMMBF"}
01080{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1486012623234,"flow_last_seen":1486012624325,"flow_idle_time":200000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":308,"flow_avg_l4_payload_len":102,"midstream":0,"thread_ts_msec":1486012624325,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":15,"rsp_type":15,"rsp_addr":"0.0.0.0"}}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1486012635073,"flow_last_seen":1486012635073,"flow_idle_time":200000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":91,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1486012635073,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01085{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1486012623234,"flow_last_seen":1486012624325,"flow_idle_time":200000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":308,"midstream":0,"thread_ts_msec":1486012624325,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":15,"rsp_type":15,"rsp_addr":"0.0.0.0"}}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1486012635073,"flow_last_seen":1486012635073,"flow_idle_time":200000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":91,"midstream":0,"thread_ts_msec":1486012635073,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1486012635073,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"thread_ts_msec":1486012635073,"pkt":"AhoR+f4q5LMYS\/DDCABFAAB3+zhAAEARTTTAqCtbBAICBNwiADUAYwrvCk0BAAABAAAAAAAAODI0NDMwMGZkZjUyNTMyMDAyMTYzNmY2ZDZkNjE2ZTY0MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAAA8AAQ=="}
00960{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1486012635073,"flow_last_seen":1486012635073,"flow_idle_time":200000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":91,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1486012635073,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"244300fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00966{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1486012635073,"flow_last_seen":1486012635073,"flow_idle_time":200000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":91,"midstream":0,"thread_ts_msec":1486012635073,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"244300fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1486012636079,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"thread_ts_msec":1486012636079,"pkt":"AhoR+f4q5LMYS\/DDCABFAAB3+7NAAEARTLnAqCtbBAICBNwiADUAY1S7n3sBAAABAAAAAAAAODZiNTAwMGZkZjUyNTMyMDAyMTYzNmY2ZDZkNjE2ZTY0MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAAAUAAQ=="}
00968{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":21,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1486012635073,"flow_last_seen":1486012636079,"flow_idle_time":200000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1486012636079,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"6b5000fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":5,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00974{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":21,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1486012635073,"flow_last_seen":1486012636079,"flow_idle_time":200000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":182,"midstream":0,"thread_ts_msec":1486012636079,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"6b5000fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":5,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1486012637085,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"thread_ts_msec":1486012637085,"pkt":"AhoR+f4q5LMYS\/DDCABFAAB3\/ElAAEARTCPAqCtbBAICBNwiADUAY0RMqrgBAAABAAAAAAAAOGUxOGYwMGZkZjUyNTMyMDAyMTYzNmY2ZDZkNjE2ZTY0MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAAAUAAQ=="}
00968{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1486012635073,"flow_last_seen":1486012637085,"flow_idle_time":200000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":273,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1486012637085,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":5,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00968{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":23,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1486012635073,"flow_last_seen":1486012638093,"flow_idle_time":200000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":364,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1486012638093,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"46b100fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":5,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00969{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":24,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1486012635073,"flow_last_seen":1486012639101,"flow_idle_time":200000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":455,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1486012639101,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"c75900fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":16,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
01080{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1486012635073,"flow_last_seen":1486012639174,"flow_idle_time":200000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":122,"flow_tot_l4_payload_len":577,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1486012639174,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"c75900fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":16,"rsp_type":16,"rsp_addr":"0.0.0.0"}}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":369,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1486012730177,"flow_last_seen":1486012730177,"flow_idle_time":200000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":91,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1486012730177,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00974{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1486012635073,"flow_last_seen":1486012637085,"flow_idle_time":200000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":273,"midstream":0,"thread_ts_msec":1486012637085,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":5,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00974{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":23,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1486012635073,"flow_last_seen":1486012638093,"flow_idle_time":200000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":364,"midstream":0,"thread_ts_msec":1486012638093,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"46b100fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":5,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00975{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":24,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1486012635073,"flow_last_seen":1486012639101,"flow_idle_time":200000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":455,"midstream":0,"thread_ts_msec":1486012639101,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"c75900fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":16,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
01086{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1486012635073,"flow_last_seen":1486012639174,"flow_idle_time":200000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":122,"flow_tot_l4_payload_len":577,"midstream":0,"thread_ts_msec":1486012639174,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"c75900fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":16,"rsp_type":16,"rsp_addr":"0.0.0.0"}}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":369,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1486012730177,"flow_last_seen":1486012730177,"flow_idle_time":200000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":91,"midstream":0,"thread_ts_msec":1486012730177,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":369,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1486012730177,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"thread_ts_msec":1486012730177,"pkt":"AhoR+f4q5LMYS\/DDCABFAAB3Lk5AAEARGh\/AqCtbBAICBLdxADUAYz49\/HsBAAABAAAAAAAAOGEwNTcwMGU2ZGE4MzUxMDAwMTYzNmY2ZTczNmY2YzY1MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAAA8AAQ=="}
00961{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":369,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1486012730177,"flow_last_seen":1486012730177,"flow_idle_time":200000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":91,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1486012730177,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00967{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":369,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1486012730177,"flow_last_seen":1486012730177,"flow_idle_time":200000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":91,"midstream":0,"thread_ts_msec":1486012730177,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":370,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1486012730381,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1486012730381,"pkt":"5LMYS\/DDAhoR+f4qCABFAACaAABAADMRVUoEAgIEwKgrWwA1t3EAhvb+\/HuBgAABAAEAAAAAOGEwNTcwMGU2ZGE4MzUxMDAwMTYzNmY2ZTczNmY2YzY1MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAAA8AAcAMAA8AAQAAADwAFwAKEmRlNjkwMGU2ZGE2ZWEyMDAwMMBF"}
01082{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":370,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1486012730177,"flow_last_seen":1486012730381,"flow_idle_time":200000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":108,"midstream":0,"thread_ts_msec":1486012730381,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":15,"rsp_type":15,"rsp_addr":"0.0.0.0"}}
01087{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":370,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1486012730177,"flow_last_seen":1486012730381,"flow_idle_time":200000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":217,"midstream":0,"thread_ts_msec":1486012730381,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":15,"rsp_type":15,"rsp_addr":"0.0.0.0"}}
00514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":371,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1486012730381,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_msec":1486012730381,"pkt":"AhoR+f4q5LMYS\/DDCABFAABRLntAAEARGhjAqCtbBAICBLdxADUAPY6IeT8BAAABAAAAAAAAEmI1NDEwMWU2ZGE4MzUxNmVhMgxza3VsbHNlY2xhYnMDb3JnAAAPAAE="}
00924{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1486012730177,"flow_last_seen":1486012733669,"flow_idle_time":200000,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":1495,"flow_avg_l4_payload_len":106,"midstream":0,"thread_ts_msec":1486012733669,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00926{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":349,"flow_first_seen":1486012635073,"flow_last_seen":1486012727540,"flow_idle_time":200000,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":80215,"flow_avg_l4_payload_len":229,"midstream":0,"thread_ts_msec":1486012733669,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00923{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1486012623234,"flow_last_seen":1486012630741,"flow_idle_time":200000,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":1620,"flow_avg_l4_payload_len":85,"midstream":0,"thread_ts_msec":1486012733669,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00928{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1486012730177,"flow_last_seen":1486012733669,"flow_idle_time":200000,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":1495,"midstream":0,"thread_ts_msec":1486012733669,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00933{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":203,"flow_dst_packets_processed":146,"flow_first_seen":1486012635073,"flow_last_seen":1486012727540,"flow_idle_time":200000,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":80215,"midstream":0,"thread_ts_msec":1486012733669,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00929{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":9,"flow_first_seen":1486012623234,"flow_last_seen":1486012630741,"flow_idle_time":200000,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":1620,"midstream":0,"thread_ts_msec":1486012733669,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00568{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":382,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","packets-captured":382,"packets-processed":382,"total-skipped-flows":0,"total-l4-payload-len":83330,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":8,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":29,"global_ts_msec":1486012733669}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 382/382
@@ -35,10 +35,10 @@
~~ total active/idle flows...: 3/3
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6016599 bytes
~~ total memory freed........: 6016599 bytes
~~ total memory allocated....: 6016623 bytes
~~ total memory freed........: 6016623 bytes
~~ total allocations/frees...: 121272/121272
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 471 chars
~~ json string max len.......: 1087 chars
~~ json string avg len.......: 778 chars
~~ json string max len.......: 1092 chars
~~ json string avg len.......: 780 chars

40
test/results/bitcoin.pcap.out
View File

@@ -1,44 +1,44 @@
00458{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"bitcoin.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00547{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"bitcoin.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1301327937725}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301327937725,"flow_last_seen":1301327937725,"flow_idle_time":7580000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301327937725,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"188.165.213.169","src_port":55317,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1301327937725,"flow_last_seen":1301327937725,"flow_idle_time":7580000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301327937725,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"188.165.213.169","src_port":55317,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00615{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1301327937725,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1301327937725,"pkt":"ACPrIpS0ACNshovhCABFAACdb3BAAEAGdmXAqAGOvKXVqdgVII1UFpaF9ORId4AY\/\/\/XwQAAAQEICicy22Mwkrss+b602XZlcnNpb24AAAAAAFUAAAABfQAAAQAAAAAAAABBsJBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/vKXVqSCNAQAAAAAAAAAAAAAAAAAAAAAA\/\/\/AqAGOII3ZMDrPGxAeDAD6vQEA"}
00762{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301327937725,"flow_last_seen":1301327937725,"flow_idle_time":7580000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301327937725,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"188.165.213.169","src_port":55317,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00767{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1301327937725,"flow_last_seen":1301327937725,"flow_idle_time":7580000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301327937725,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"188.165.213.169","src_port":55317,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1301327937800,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1301327937800,"pkt":"ACNshovhACPrIpS0CABFAACd8zJAADQG\/qK8pdWpwKgBjiCN2BX05Eh3VBaWhYAYAC7fMwAAAQEICjCSu0gnMttj+b602XZlcnNpb24AAAAAAFUAAACcfAAAAQAAAAAAAABqsJBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/JmCEHtgVAQAAAAAAAAAAAAAAAAAAAAAA\/\/+8pdWpII1MLcnArv8XlgAGwwEA"}
01828{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1301327937931,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1067,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1067,"pkt_l4_len":1033,"thread_ts_msec":1301327937931,"pkt":"ACPrIpS0ACNshovhCABFAAQdZEVAAEAGfhDAqAGOvKXVqdgVII1UFpbu9ORI4IAY\/\/\/JGQAAAQEICicy22UwkrtL+b602XZlcmFjawAAAAAAAAAAAAD5vrTZZ2V0YWRkcgAAAAAAAAAAAF324OL5vrTZZ2V0YmxvY2tzAAAApQMAAGlfIuqcfAAAHKh7ybVTxuZIQjrl7yTcgS++hNhBt1zq9NegAAAAAAAA0isW7TPLR9+QJv0A5WbZVCvm695mFYsw+RcAAAAAAAAKtKqLikjG018uz8LfLAtdjFIkeP\/i1erq1gAAAAAAAJBdQRxOhTejsSgFAkOe4jLdh+MgkNThEJ18AAAAAAAAuqLvaBfSt3u\/xIqIdA14a1vMRWgufw\/9NSQAAAAAAABmO+ZaHQMV8GVsd2tLL4rFQTc0+9Vfwkt\/KAAAAAAAAJT+LTuh4xfC31zGm\/GrV7uiO60OaIRMkzcNAAAAAAAAuhdRV0aXd6Zg2v\/d1GRW41CXeTNnyZ2lADQAAAAAAADN6C3MlB3uxd0izHdkP3dhS0au0yU7AWAQZwAAAAAAAL+B7POHga71M99A8Eu3CYdV7ruvTTFqTRaEAAAAAAAA3UsnAThWfVMwqZa+fYK\/+mnwaocTsbQIG1kAAAAAAADey3zxujtbDGk\/QTgO92YcU4PswnA6nOZ6FgAAAAAAAMDzxV+Dq1G5LChOJMi\/klliIw7dOCRLUwU1AAAAAAAAPos8A4n6clF7nKE4hFivm22s790lzTk\/xUsAAAAAAAC0sS5A1Mm4fwV3yc3Q1LndsofGdqv023cDhAAAAAAAAGvuGwU2Et\/fX33Zfbvd3fo\/8TaDBcaUcU3CAAAAAAAAP2JWK5H+eMf+Pv\/jSxNvOoqfqtxRlUdLIhEAAAAAAADJveYZh3372qwQQlL9GVXITa9jJ6DXXZhGDQAAAAAAAKMYV6DpTz6VcKhTn2GDUxJn1w6c\/OztngqRAAAAAAAABDCPkjdagfw0FOqHQEeRGYOTGUOY4U7Z+TMAAAAAAABH73UkZZo8i3KUfaLV4BIT5FRuJgLU9+S6PwAAAAAAAEhKQKlsPJI3JIw8Tb+HHwelgYW13heoG+NwAAAAAAAAGoeNNbO0PKw7FoNOsSIzS8W\/U8wXt9nuho8AAAAAAADVlxLK6O44NewFXywS+BNdzYycb7g7WSY\/qQEAAAAAAKqI+qWcSpEbTrldQNWUJik+3hdENRtaz0ynBAAAAAAA\/6kPGMjbu4hU+GZN83C9X6Hc1si6bqd\/l3UhAAAAAABKw0jIrFFXJp9oPx6NizqHl5jwjXfMij2VrHIgAAAAAG\/ijAq28bNywaaiRq5j90+THoNl4VoInGjWGQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301328089970,"flow_last_seen":1301328089970,"flow_idle_time":7580000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301328089970,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"69.118.54.122","src_port":55328,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1301328089970,"flow_last_seen":1301328089970,"flow_idle_time":7580000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301328089970,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"69.118.54.122","src_port":55328,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00615{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1301328089970,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1301328089970,"pkt":"ACPrIpS0ACNshovhCABFAACdrppAAEAGTZrAqAGORXY2etggII0QKtRyRVLzIYAY\/\/\/YagAAAQEICicy4VQAPPkD+b602XZlcnNpb24AAAAAAFUAAAABfQAAAQAAAAAAAADZsJBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/RXY2eiCNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8mYIQeII3pIMJ+i724nwBQvgEA"}
00761{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301328089970,"flow_last_seen":1301328089970,"flow_idle_time":7580000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301328089970,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"69.118.54.122","src_port":55328,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1301328089970,"flow_last_seen":1301328089970,"flow_idle_time":7580000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301328089970,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"69.118.54.122","src_port":55328,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1301328090023,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1301328090023,"pkt":"ACNshovhACPrIpS0CABFAACdT81AAHYGdmdFdjZ6wKgBjiCN2CBFUvMhECrU24AYAQRFgAAAAQEICgA8+QknMuFU+b602XZlcnNpb24AAAAAAFUAAAACfQAAAQAAAAAAAADZsJBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/JmCEHtggAQAAAAAAAAAAAAAAAAAAAAAA\/\/9FdjZ6II3xDaOK7c9BwgAGwwEA"}
00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1301328090082,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1301328090082,"pkt":"ACNshovhACPrIpS0CABFAABIT85AAHYGdrtFdjZ6wKgBjiCN2CBFUvOKECrU24AYAQQkRgAAAQEICgA8+RAnMuFV+b602XZlcmFjawAAAAAAAAAAAAA="}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":81,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301328319392,"flow_last_seen":1301328319392,"flow_idle_time":7580000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301328319392,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"74.89.181.229","src_port":55348,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":81,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1301328319392,"flow_last_seen":1301328319392,"flow_idle_time":7580000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301328319392,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"74.89.181.229","src_port":55348,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00617{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1301328319392,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1301328319392,"pkt":"ACPrIpS0ACNshovhCABFAACdlslAAEAG4RzAqAGOSlm15dg0II2cIEOJr5xIoIAY\/\/\/04QAAAQEICicy6kgDS\/0c+b602XZlcnNpb24AAAAAAFUAAAABfQAAAQAAAAAAAAC\/sZBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/Slm15SCNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8mYIQeII2qu+Pk33arXQC9vgEA"}
00761{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":81,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301328319392,"flow_last_seen":1301328319392,"flow_idle_time":7580000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301328319392,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"74.89.181.229","src_port":55348,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":81,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1301328319392,"flow_last_seen":1301328319392,"flow_idle_time":7580000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301328319392,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"74.89.181.229","src_port":55348,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1301328319451,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1301328319451,"pkt":"ACNshovhACPrIpS0CABFAACdR2RAAHYG+oFKWbXlwKgBjiCN2DSvnEignCBD8oAYAQSuQgAAAQEICgNL\/SInMupI+b602XZlcnNpb24AAAAAAFUAAAAAfQAAAQAAAAAAAAC4sZBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/JmCEHtg0AQAAAAAAAAAAAAAAAAAAAAAA\/\/9KWbXlII1O39\/bLGJPkgAHwwEA"}
00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1301328319554,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1301328319554,"pkt":"ACNshovhACPrIpS0CABFAABIR4lAAHYG+rFKWbXlwKgBjiCN2DSvnEkJnCBD8oAYAQTU7AAAAQEICgNL\/S8nMupI+b602XZlcmFjawAAAAAAAAAAAAA="}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":201,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301328472925,"flow_last_seen":1301328472925,"flow_idle_time":7580000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301328472925,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"66.68.83.22","src_port":55383,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":201,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1301328472925,"flow_last_seen":1301328472925,"flow_idle_time":7580000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301328472925,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"66.68.83.22","src_port":55383,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00615{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1301328472925,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1301328472925,"pkt":"ACPrIpS0ACNshovhCABFAACde+1AAEAGZt3AqAGOQkRTFthXII0tj7Vf9ZidkYAY\/\/+IsAAAAQEICicy8EYAAAAA+b602XZlcnNpb24AAAAAAFUAAAABfQAAAQAAAAAAAABYspBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/QkRTFiCNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8mYIQeII21Dgd4gTLgpgDgvgEA"}
00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":201,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301328472925,"flow_last_seen":1301328472925,"flow_idle_time":7580000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301328472925,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"66.68.83.22","src_port":55383,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":201,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1301328472925,"flow_last_seen":1301328472925,"flow_idle_time":7580000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301328472925,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"66.68.83.22","src_port":55383,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":202,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1301328472987,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1301328472987,"pkt":"ACNshovhACPrIpS0CABFAACdMqtAAG8GgR9CRFMWwKgBjiCN2Ff1mJ2RLY+1yIAY\/5aM3QAAAQEICgBK7W0nMvBG+b602XZlcnNpb24AAAAAAFUAAACcfAAAAQAAAAAAAABZspBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/JmCEHthXAQAAAAAAAAAAAAAAAAAAAAAA\/\/9CRFMWII0z3Rs+AfeDdwAHwwEA"}
00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":203,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1301328473077,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1301328473077,"pkt":"ACNshovhACPrIpS0CABFAABIMqxAAG8GgXNCRFMWwKgBjiCN2Ff1mJ36LY+1yIAY\/5avrAAAAQEICgBK7W4nMvBG+b602XZlcmFjawAAAAAAAAAAAAA="}
00559{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":215,"source":"bitcoin.pcap","alias":"nDPId-test","packets-captured":215,"packets-processed":214,"total-skipped-flows":0,"total-l4-payload-len":260266,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":4,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":23,"global_ts_msec":1301328538215}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":348,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301328699728,"flow_last_seen":1301328699728,"flow_idle_time":7580000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301328699728,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"195.218.16.178","src_port":55400,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":348,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1301328699728,"flow_last_seen":1301328699728,"flow_idle_time":7580000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301328699728,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"195.218.16.178","src_port":55400,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00615{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":348,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1301328699728,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1301328699728,"pkt":"ACPrIpS0ACNshovhCABFAACdK9RAAEAGd8TAqAGOw9oQsthoII1BDXcu4yOzE4AY\/\/9L7wAAAQEICicy+R8AACIN+b602XZlcnNpb24AAAAAAFUAAAABfQAAAQAAAAAAAAA7s5BNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/w9oQsiCNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8mYIQeII38Ree1v7hQ3gC4wAEA"}
00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":348,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301328699728,"flow_last_seen":1301328699728,"flow_idle_time":7580000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301328699728,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"195.218.16.178","src_port":55400,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00768{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":348,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1301328699728,"flow_last_seen":1301328699728,"flow_idle_time":7580000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301328699728,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"195.218.16.178","src_port":55400,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":349,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1301328699856,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1301328699856,"pkt":"ACNshovhACPrIpS0CABFAACdBc9AAHUGaMnD2hCywKgBjiCN2GjjI7MTQQ13l4AYAQQ8gQAAAQEICgAAIhwnMvkf+b602XZlcnNpb24AAAAAAFUAAAACfQAAAQAAAAAAAAA4s5BNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/JmCEHthoAQAAAAAAAAAAAAAAAAAAAAAA\/\/\/D2hCyII0FGo5IhpYwXgAKwwEA"}
00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":350,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1301328699969,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1301328699969,"pkt":"ACNshovhACPrIpS0CABFAABIBdlAAHUGaRTD2hCywKgBjiCN2GjjI7N8QQ13l4AYAQRZWQAAAQEICgAAIignMvkg+b602XZlcmFjawAAAAAAAAAAAAA="}
00559{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":495,"source":"bitcoin.pcap","alias":"nDPId-test","packets-captured":495,"packets-processed":494,"total-skipped-flows":0,"total-l4-payload-len":520135,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":5,"total-active-flows":5,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":29,"global_ts_msec":1301329138452}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":521,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301329304767,"flow_last_seen":1301329304767,"flow_idle_time":7580000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301329304767,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"184.58.165.119","src_port":55487,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":521,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1301329304767,"flow_last_seen":1301329304767,"flow_idle_time":7580000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301329304767,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"184.58.165.119","src_port":55487,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00616{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":521,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1301329304767,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1301329304767,"pkt":"ACPrIpS0ACNshovhCABFAACdDAhAAEAGDmvAqAGOuDqld9i\/II0stRatNDMFDIAY\/\/9S8AAAAQEICiczELoAVdzf+b602XZlcnNpb24AAAAAAFUAAAABfQAAAQAAAAAAAACYtZBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/uDqldyCNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8mYIQeII0b7ZMAlkQ1dwALwwEA"}
00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":521,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301329304767,"flow_last_seen":1301329304767,"flow_idle_time":7580000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301329304767,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"184.58.165.119","src_port":55487,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00768{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":521,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1301329304767,"flow_last_seen":1301329304767,"flow_idle_time":7580000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301329304767,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"184.58.165.119","src_port":55487,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":522,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1301329304813,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1301329304813,"pkt":"ACNshovhACPrIpS0CABFAACdBMxAAHQG4aa4OqV3wKgBjiCN2L80MwUMLLUWrYAYAQTgGAAAAQEICgBV3OcnMxC6+b602XZlcnNpb24AAAAAAFUAAAACfQAAAQAAAAAAAACQtZBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/JmCEHti\/AQAAAAAAAAAAAAAAAAAAAAAA\/\/+4OqV3II2BHa1kLxLeCgCuwgEA"}
00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":523,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1301329305005,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":165,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":165,"pkt_l4_len":131,"thread_ts_msec":1301329305005,"pkt":"ACPrIpS0ACNshovhCABFAACX6RJAAEAGMWbAqAGOuDqld9i\/II0stRcWNDMFdYAY\/\/+hogAAAQEICiczEL0AVdz7+b602XZlcmFjawAAAAAAAAAAAAD5vrTZZ2V0YWRkcgAAAAAAAAAAAF324OL5vrTZYWRkcgAAAAAAAAAAHwAAAKr+QCYBbLWQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/JmCEHiCN"}
00559{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":622,"source":"bitcoin.pcap","alias":"nDPId-test","packets-captured":622,"packets-processed":621,"total-skipped-flows":0,"total-l4-payload-len":537564,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":6,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":35,"global_ts_msec":1301329743430}
00806{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":172,"flow_first_seen":1301328319392,"flow_last_seen":1301329810648,"flow_idle_time":7580000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":152141,"flow_avg_l4_payload_len":884,"midstream":1,"thread_ts_msec":1301329810839,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"74.89.181.229","src_port":55348,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00806{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":119,"flow_first_seen":1301328699728,"flow_last_seen":1301329807659,"flow_idle_time":7580000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":74897,"flow_avg_l4_payload_len":629,"midstream":1,"thread_ts_msec":1301329810839,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"195.218.16.178","src_port":55400,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00803{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1301329304767,"flow_last_seen":1301329810839,"flow_idle_time":7580000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1061,"flow_tot_l4_payload_len":2684,"flow_avg_l4_payload_len":99,"midstream":1,"thread_ts_msec":1301329810839,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"184.58.165.119","src_port":55487,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00804{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":161,"flow_first_seen":1301328472925,"flow_last_seen":1301329809936,"flow_idle_time":7580000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":104984,"flow_avg_l4_payload_len":652,"midstream":1,"thread_ts_msec":1301329810839,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"66.68.83.22","src_port":55383,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00807{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1301327937725,"flow_last_seen":1301327939000,"flow_idle_time":7580000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":22190,"flow_avg_l4_payload_len":1167,"midstream":1,"thread_ts_msec":1301329810839,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"188.165.213.169","src_port":55317,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00807{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":139,"flow_first_seen":1301328089970,"flow_last_seen":1301328420526,"flow_idle_time":7580000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":182136,"flow_avg_l4_payload_len":1310,"midstream":1,"thread_ts_msec":1301329810839,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"69.118.54.122","src_port":55328,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00812{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":55,"flow_dst_packets_processed":117,"flow_first_seen":1301328319392,"flow_last_seen":1301329810648,"flow_idle_time":7580000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":152141,"midstream":1,"thread_ts_msec":1301329810839,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"74.89.181.229","src_port":55348,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00811{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":47,"flow_dst_packets_processed":72,"flow_first_seen":1301328699728,"flow_last_seen":1301329807659,"flow_idle_time":7580000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":74897,"midstream":1,"thread_ts_msec":1301329810839,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"195.218.16.178","src_port":55400,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00809{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":3,"flow_first_seen":1301329304767,"flow_last_seen":1301329810839,"flow_idle_time":7580000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1061,"flow_tot_l4_payload_len":2684,"midstream":1,"thread_ts_msec":1301329810839,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"184.58.165.119","src_port":55487,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00809{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":65,"flow_dst_packets_processed":96,"flow_first_seen":1301328472925,"flow_last_seen":1301329809936,"flow_idle_time":7580000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":104984,"midstream":1,"thread_ts_msec":1301329810839,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"66.68.83.22","src_port":55383,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00811{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":3,"flow_first_seen":1301327937725,"flow_last_seen":1301327939000,"flow_idle_time":7580000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":22190,"midstream":1,"thread_ts_msec":1301329810839,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"188.165.213.169","src_port":55317,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00811{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":137,"flow_first_seen":1301328089970,"flow_last_seen":1301328420526,"flow_idle_time":7580000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":182136,"midstream":1,"thread_ts_msec":1301329810839,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"69.118.54.122","src_port":55328,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00561{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","packets-captured":637,"packets-processed":637,"total-skipped-flows":0,"total-l4-payload-len":539032,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":42,"global_ts_msec":1301329810839}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 637/637
@@ -48,8 +48,8 @@
~~ total active/idle flows...: 6/6
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6035058 bytes
~~ total memory freed........: 6035058 bytes
~~ total memory allocated....: 6035106 bytes
~~ total memory freed........: 6035106 bytes
~~ total allocations/frees...: 121535/121535
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 463 chars

148
test/results/bittorrent.pcap.out
View File

@@ -1,136 +1,136 @@
00461{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"bittorrent.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00550{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"bittorrent.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1455469967246}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469967246,"flow_last_seen":1455469967246,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469967246,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52888,"dst_port":38305,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455469967246,"flow_last_seen":1455469967246,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469967246,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52888,"dst_port":38305,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1455469967246,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469967246,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4eD1AAEAGAADAqAEDUjrYc86YlaHFzANOp3OTAoAY\/\/\/swwAAAQEIChnb8BkAhEMxE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjhgayboXmHFSZj4="}
00855{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469967246,"flow_last_seen":1455469967246,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469967246,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52888,"dst_port":38305,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455469967246,"flow_last_seen":1455469967246,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469967246,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52888,"dst_port":38305,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
01344{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1455469967465,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":624,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":624,"pkt_l4_len":590,"thread_ts_msec":1455469967465,"pkt":"xCwDBkn+LFbcjDU0CABFAAJiKFpAAHUG7uJSOthzwKgBA5Whzpinc5NTxcwDkoAZ\/SDtQgAAAQEICgCEQ0UZ2\/AZNDppcHY0NDpSOthzMTI6Y29tcGxldGVfYWdvaTllMTptZDExOnVwbG9hZF9vbmx5aTNlMTE6bHRfZG9udGhhdmVpN2UxMjp1dF9ob2xlcHVuY2hpNGUxMTp1dF9tZXRhZGF0YWkyZTY6dXRfcGV4aTFlMTA6dXRfY29tbWVudGk2ZWUxMzptZXRhZGF0YV9zaXplaTE5MDA5ZTE6cGkzODMwNWU0OnJlcXFpMjU1ZTE6djE1Os68VG9ycmVudCAzLjQuNTI6eXBpNTI4ODhlNjp5b3VyaXA0OlI3zQFlAAAAdAX\/\/7\/\/\/\/\/\/\/\/\/\/\/v\/\/\/\/\/9\/b\/v\/\/\/\/\/\/\/\/\/+\/\/\/f\/\/\/\/\/\/\/\/\/\/\/\/+\/\/\/\/\/\/+\/\/\/\/\/\/\/\/\/\/+\/3\/9\/\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/++\/\/\/\/\/\/\/\/\/3\/\/\/9\/\/\/\/f\/9\/\/\/\/\/9\/\/\/\/\/7\/\/\/\/\/\/\/v\/\/7\/\/\/\/+AAAAABQQAAAJlAAAABQQAAALYAAAABQQAAAB+AAAABQQAAACJAAAABQQAAAE5AAAABQQAAAARAAAABQQAAAK+AAAABQQAAAMvAAAABQQAAAKkAAAABQQAAAGlAAAABQQAAADmAAAABQQAAAHxAAAABQQAAANdAAAABQQAAABXAAAABQQAAADTAAAABQQAAANxAAAABQQAAAJrAAAABQQAAACTAAAABQQAAAFjAAAABQQAAALoAAAABQQAAACGAAAABQQAAAG8AAAABQQAAAMMAAAABQQAAAGu"}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469967550,"flow_last_seen":1455469967550,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469967550,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52887,"dst_port":53137,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455469967550,"flow_last_seen":1455469967550,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469967550,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52887,"dst_port":53137,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1455469967550,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469967550,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4KZJAAEAGAADAqAEDUjlhU86Xz5EMkOfxIylUooAY70J1ogAAAQEIChnb8UUAFHnUE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjhJMcBHQL4ndrvA="}
00853{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469967550,"flow_last_seen":1455469967550,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469967550,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52887,"dst_port":53137,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00859{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455469967550,"flow_last_seen":1455469967550,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469967550,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52887,"dst_port":53137,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00623{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1455469967858,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":178,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":178,"pkt_l4_len":144,"thread_ts_msec":1455469967858,"pkt":"xCwDBkn+LFbcjDU0CABFAACkC49AAHcGgo1SOWFTwKgBA8+RzpcjKVSiDJDoNYAYAQJHBAAAAQEICgAUefwZ2\/FFE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wornNx4q0nl1XkqQAAADnFABkMTplaTBlNDppcHY0NDpSOWFTMTI6Y29tcGxldGVfYWdvaTNlMQ=="}
01304{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1455469968002,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":593,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":593,"pkt_l4_len":559,"thread_ts_msec":1455469968002,"pkt":"xCwDBkn+LFbcjDU0CABFAAJDC5FAAHcGgOxSOWFTwKgBA8+RzpcjKVUSDJDoNYAZAQLSoQAAAQEICgAUef4Z2\/FFOm1kMTE6dXBsb2FkX29ubHlpM2UxMTpsdF9kb250aGF2ZWk3ZTEyOnV0X2hvbGVwdW5jaGk0ZTExOnV0X21ldGFkYXRhaTJlNjp1dF9wZXhpMWUxMDp1dF9jb21tZW50aTZlZTEzOm1ldGFkYXRhX3NpemVpMTkwMDllMTpwaTUzMTM3ZTQ6cmVxcWkyNTVlMTp2MTU6zrxUb3JyZW50IDMuNC41Mjp5cGk1Mjg4N2U2OnlvdXJpcDQ6UjfNAWUAAAB0Bf\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/f\/\/\/\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/7\/\/93\/\/\/\/\/\/\/\/\/\/\/+f\/\/\/\/\/7\/\/\/3\/\/\/\/\/\/\/\/v\/\/\/v\/+\/\/3\/\/\/\/\/9\/\/\/\/\/\/1\/\/\/f\/\/v9\/\/\/\/\/\/\/\/\/91\/\/\/\/\/9\/\/\/\/\/\/\/\/\/\/\/\/\/\/4AAAAAFBAAAAtIAAAAFBAAAAngAAAAFBAAAAeYAAAAFBAAAAUUAAAAFBAAAAskAAAAFBAAAAGcAAAAFBAAAArYAAAAFBAAAAVgAAAAFBAAAAQEAAAAFBAAAAjMAAAAFBAAAAqAAAAAFBAAAAMoAAAAFBAAAAxIAAAAFBAAAAlIAAAAFBAAAAc8AAAAFBAAAAkMAAAAFBAAAAagAAAAFBAAAAhsAAAAFBAAAAzgAAAAFBAAAAacAAAAFBAAAAxQAAAAFBAAAAw4AAAAFBAAAAVwAAAAFBAAAAqI="}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469969259,"flow_last_seen":1455469969259,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469969259,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52895,"dst_port":51413,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455469969259,"flow_last_seen":1455469969259,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469969259,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52895,"dst_port":51413,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1455469969259,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469969259,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4K5tAAEAGAADAqAEDU9i48c6fyNXli2jySWt7B4AYK\/LO3wAAAQEIChnb9+x4G0bsE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjvi3q9Fc8jVIrp0="}
00724{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469969259,"flow_last_seen":1455469969259,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469969259,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52895,"dst_port":51413,"l4_proto":"tcp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00730{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455469969259,"flow_last_seen":1455469969259,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469969259,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52895,"dst_port":51413,"l4_proto":"tcp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1455469969318,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":148,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":148,"pkt_l4_len":114,"thread_ts_msec":1455469969318,"pkt":"xCwDBkn+LFbcjDU0CABFYACGozdAADIG1mVT2LjxwKgBA8jVzp9Ja3sH5YtpNoAYECl7XAAAAQEICngbRx8Z2\/fsE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMTg4Qi2qniMLxLorRFP2hZAAAAEAFABkMTplaTBlNA=="}
01379{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1455469969391,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":648,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":648,"pkt_l4_len":614,"thread_ts_msec":1455469969391,"pkt":"xCwDBkn+LFbcjDU0CABFYAJ6SOJAADIGLsdT2LjxwKgBA8jVzp9Ja3tZ5YtpNoAYECl87wAAAQEICngbR0YZ2\/gmOmlwdjQ0OlPYuPE0OmlwdjYxNjr+gAAAAAAAAOoGiP\/+zfQTMTI6Y29tcGxldGVfYWdvaTFlMTptZDExOnVwbG9hZF9vbmx5aTNlMTE6bHRfZG9udGhhdmVpN2UxMjp1dF9ob2xlcHVuY2hpNGUxMTp1dF9tZXRhZGF0YWkyZTY6dXRfcGV4aTFlMTA6dXRfY29tbWVudGk2ZWUxMzptZXRhZGF0YV9zaXplaTE5MDA5ZTE6cGk1MTQxM2U0OnJlcXFpMjU1ZTE6djE1Os68VG9ycmVudCAxLjguODI6eXBpNTI4OTVlNjp5b3VyaXA0OlI3zQFlAAAAdAX\/\/3\/\/\/\/\/7\/3\/\/\/\/\/\/\/\/\/\/\/\/\/\/+\/\/\/\/\/b\/\/\/f\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/9\/\/\/\/7\/\/\/\/\/\/\/99\/\/\/\/\/\/3\/\/97\/v\/\/\/\/\/9\/\/v\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/+\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/f\/\/\/\/\/\/7\/\/\/X\/\/\/\/9\/\/+AAAAABQQAAAG6AAAABQQAAAITAAAABQQAAAHTAAAABQQAAAA1AAAABQQAAAAQAAAABQQAAAHdAAAABQQAAAMaAAAABQQAAAE+AAAABQQAAANHAAAABQQAAAN+AAAABQQAAAIEAAAABQQAAAHOAAAABQQAAAGSAAAABQQAAAC8AAAABQQAAANcAAAABQQAAAGMAAAABQQAAABAAAAABQQAAAFbAAAABQQAAAEBAAAABQQAAACdAAAABQQAAADUAAAABQQAAAC\/AAAABQQAAAKPAAAABQQAAANe"}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469969441,"flow_last_seen":1455469969441,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469969441,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52896,"dst_port":14627,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455469969441,"flow_last_seen":1455469969441,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469969441,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52896,"dst_port":14627,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1455469969441,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469969441,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4XbBAAEAGAADAqAEDTzXkAs6gOSOymifHI+P1WoAYmwf1TQAAAQEIChnb+J8AAH2QE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjqb8v2rPEXkzqd0="}
00854{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469969441,"flow_last_seen":1455469969441,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469969441,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52896,"dst_port":14627,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469969441,"flow_last_seen":1455469969441,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469969441,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52894,"dst_port":39332,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00860{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455469969441,"flow_last_seen":1455469969441,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469969441,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52896,"dst_port":14627,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455469969441,"flow_last_seen":1455469969441,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469969441,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52894,"dst_port":39332,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1455469969441,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469969441,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4duZAAEAGAADAqAEDeD4h8c6emaQxnKbPGdPY9oAYmwdcRQAAAQEIChnb+J8AQ+diE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjsdMZTLXvd5m7DE="}
00856{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469969441,"flow_last_seen":1455469969441,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469969441,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52894,"dst_port":39332,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00862{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455469969441,"flow_last_seen":1455469969441,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469969441,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52894,"dst_port":39332,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00589{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1455469969680,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":151,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":151,"pkt_l4_len":117,"thread_ts_msec":1455469969680,"pkt":"xCwDBkn+LFbcjDU0CABFAACJEvpAAHcG+5FPNeQCwKgBAzkjzqAj4\/VaspooC4AYAQLEvgAAAQEICgAAfaoZ2\/ifE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wovPx6i8m4ev0sHgAAADnFABkMTplaTBlNDppcA=="}
01342{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1455469969689,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":620,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":620,"pkt_l4_len":586,"thread_ts_msec":1455469969689,"pkt":"xCwDBkn+LFbcjDU0CABFAAJeEvxAAHcG+bpPNeQCwKgBAzkjzqAj4\/WvspooC4AZAQKoaAAAAQEICgAAfaoZ2\/ifdjQ0Ok815AIxMjpjb21wbGV0ZV9hZ29pNmUxOm1kMTE6dXBsb2FkX29ubHlpM2UxMTpsdF9kb250aGF2ZWk3ZTEyOnV0X2hvbGVwdW5jaGk0ZTExOnV0X21ldGFkYXRhaTJlNjp1dF9wZXhpMWUxMDp1dF9jb21tZW50aTZlZTEzOm1ldGFkYXRhX3NpemVpMTkwMDllMTpwaTE0NjI3ZTQ6cmVxcWkyNTVlMTp2MTU6zrxUb3JyZW50IDMuNC41Mjp5cGk1Mjg5NmU2OnlvdXJpcDQ6UjfNAWUAAAB0Bf\/\/\/\/\/\/\/\/\/\/\/f\/\/\/\/\/\/\/\/\/\/\/\/9\/7\/\/\/\/\/fv\/\/\/\/\/\/f\/\/\/3\/\/\/\/\/9\/7\/\/\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/\/\/\/v\/+\/\/\/\/9\/\/\/\/\/\/\/\/+\/\/\/9\/\/\/\/f\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8\/\/\/\/\/\/f\/\/\/\/\/\/7\/\/\/\/\/\/f\/\/3\/P\/\/\/\/\/4AAAAAFBAAAA2sAAAAFBAAAAW0AAAAFBAAAAlYAAAAFBAAAAdEAAAAFBAAAAPQAAAAFBAAAAtIAAAAFBAAAAMsAAAAFBAAAAyUAAAAFBAAAAKMAAAAFBAAAAMQAAAAFBAAAAcEAAAAFBAAAAtMAAAAFBAAAAiUAAAAFBAAAAEYAAAAFBAAAAT8AAAAFBAAAAe4AAAAFBAAAAjwAAAAFBAAAAvgAAAAFBAAAA2oAAAAFBAAAA2AAAAAFBAAAAJgAAAAFBAAAATQAAAAFBAAAAQ4AAAAFBAAAA0w="}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469970233,"flow_last_seen":1455469970233,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469970233,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52897,"dst_port":22673,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455469970233,"flow_last_seen":1455469970233,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469970233,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52897,"dst_port":22673,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1455469970233,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469970233,"pkt":"LFbcjDU0xCwDBkn+CABFAAB45PBAAEAGAADAqAEDlxpfHs6hWJHZNtVIfkyTS4AYJnO4TgAAAQEIChnb+7IRKfdEE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjjCQUdTBqR8vIZE="}
00855{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469970233,"flow_last_seen":1455469970233,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469970233,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52897,"dst_port":22673,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455469970233,"flow_last_seen":1455469970233,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469970233,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52897,"dst_port":22673,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1455469970293,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":178,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":178,"pkt_l4_len":144,"thread_ts_msec":1455469970293,"pkt":"xCwDBkn+LFbcjDU0CABFAACkCYZAAHIGRuqXGl8ewKgBA1iRzqF+TJNL2TbVjIAYHVxFKAAAAQEIChEp94AZ2\/uyE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC2coXQqpAS87AVXIDwAAADnFABkMTplaTBlNDppcHY0NDqXGl8eMTI6Y29tcGxldGVfYWdvaTFlMQ=="}
01305{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1455469970357,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":593,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":593,"pkt_l4_len":559,"thread_ts_msec":1455469970357,"pkt":"xCwDBkn+LFbcjDU0CABFAAJDCYlAAHIGRUiXGl8ewKgBA1iRzqF+TJO72TbVjIAYHVwHogAAAQEIChEp97wZ2\/vsOm1kMTE6dXBsb2FkX29ubHlpM2UxMTpsdF9kb250aGF2ZWk3ZTEyOnV0X2hvbGVwdW5jaGk0ZTExOnV0X21ldGFkYXRhaTJlNjp1dF9wZXhpMWUxMDp1dF9jb21tZW50aTZlZTEzOm1ldGFkYXRhX3NpemVpMTkwMDllMTpwaTIyNjczZTQ6cmVxcWkyNTVlMTp2MTU6zrxUb3JyZW50IDMuNC41Mjp5cGk1Mjg5N2U2OnlvdXJpcDQ6UjfNAWUAAAB0Bf\/\/\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/2\/3\/\/\/\/r\/\/\/\/\/9\/3\/\/\/\/\/9\/+\/\/+\/\/+\/\/\/\/f\/\/\/\/\/\/9\/\/\/\/\/\/\/\/\/\/f\/9\/\/\/\/\/\/\/\/+\/\/\/+\/v\/\/\/7\/\/7\/\/9\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/\/\/4AAAAAFBAAAAUAAAAAFBAAAAboAAAAFBAAAArkAAAAFBAAAA0EAAAAFBAAAAD0AAAAFBAAAAvsAAAAFBAAAAPwAAAAFBAAAAPMAAAAFBAAAAqcAAAAFBAAAAX0AAAAFBAAAAY8AAAAFBAAAAaEAAAAFBAAAAo0AAAAFBAAAAPAAAAAFBAAAAegAAAAFBAAAAjYAAAAFBAAAARsAAAAFBAAAAm0AAAAFBAAAAoUAAAAFBAAAAUoAAAAFBAAAARkAAAAFBAAAAswAAAAFBAAAAiYAAAAFBAAAAXA="}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469970452,"flow_last_seen":1455469970452,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469970452,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52893,"dst_port":12097,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455469970452,"flow_last_seen":1455469970452,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469970452,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52893,"dst_port":12097,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1455469970452,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469970452,"pkt":"LFbcjDU0xCwDBkn+CABFAAB41kZAAEAGAADAqAEDTzeBFs6dL0HtOa3YPhLeWYAYVhCSYwAAAQEIChnb\/IcCXeBSE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjpi3Emqkm5uHs80="}
00855{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469970452,"flow_last_seen":1455469970452,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469970452,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52893,"dst_port":12097,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469971321,"flow_last_seen":1455469971321,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469971321,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52903,"dst_port":60163,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455469970452,"flow_last_seen":1455469970452,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469970452,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52893,"dst_port":12097,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455469971321,"flow_last_seen":1455469971321,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469971321,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52903,"dst_port":60163,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1455469971321,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469971321,"pkt":"LFbcjDU0xCwDBkn+CABFAAB48HJAAEAGAADAqAEDxmSSCc6n6wMx0mzN3F5zZYAYZooahAAAAQEIChnb\/+QB8nE1E0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjuG56+SlFtqa9S4="}
00856{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469971321,"flow_last_seen":1455469971321,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469971321,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52903,"dst_port":60163,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00862{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455469971321,"flow_last_seen":1455469971321,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469971321,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52903,"dst_port":60163,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1455469971481,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_msec":1455469971481,"pkt":"xCwDBkn+LFbcjDU0CABFAACcFzZAAHYG0wzGZJIJwKgBA+sDzqfcXnNlMdJtEYAYAQK5ewAAAQEICgHycUYZ2\/\/kE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wopccBVvnEHfGIYQAAADnFABkMTplaTBlNDppcHY0NDrGZJIJMTI6Y29tcGxldGU="}
01316{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1455469971641,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":601,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":601,"pkt_l4_len":567,"thread_ts_msec":1455469971641,"pkt":"xCwDBkn+LFbcjDU0CABFAAJLGqBAAHYGzfPGZJIJwKgBA+sDzqfcXnPNMdJtEYAYAQJeTwAAAQEICgHycVYZ3ACEX2Fnb2kyZTE6bWQxMTp1cGxvYWRfb25seWkzZTExOmx0X2RvbnRoYXZlaTdlMTI6dXRfaG9sZXB1bmNoaTRlMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEwOnV0X2NvbW1lbnRpNmVlMTM6bWV0YWRhdGFfc2l6ZWkxOTAwOWUxOnBpNjAxNjNlNDpyZXFxaTI1NWUxOnYxNTrOvFRvcnJlbnQgMy40LjUyOnlwaTUyOTAzZTY6eW91cmlwNDpSN80BZQAAAHQF\/\/\/\/\/\/\/f9\/\/\/\/37\/\/7\/\/\/\/\/\/\/3r\/\/\/\/3+\/\/7\/\/\/\/3\/\/9\/\/\/\/\/\/\/\/\/\/\/37\/7\/\/\/\/f\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/f\/\/\/f\/\/\/\/\/v\/\/\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/+\/\/\/\/\/9\/\/\/gAAAAAUEAAAClAAAAAUEAAAAnQAAAAUEAAAAVwAAAAUEAAACuQAAAAUEAAAAUAAAAAUEAAAA8gAAAAUEAAAB4QAAAAUEAAADfAAAAAUEAAABUwAAAAUEAAAAKgAAAAUEAAAANAAAAAUEAAABXwAAAAUEAAAAaQAAAAUEAAAAmAAAAAUEAAACfAAAAAUEAAADWQAAAAUEAAABTAAAAAUEAAABBgAAAAUEAAABegAAAAUEAAAA1QAAAAUEAAAAxQAAAAUEAAAAvAAAAAUEAAAAnwAAAAUEAAAC6Q=="}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469971675,"flow_last_seen":1455469971675,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469971675,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52902,"dst_port":46633,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455469971675,"flow_last_seen":1455469971675,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469971675,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52902,"dst_port":46633,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1455469971675,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469971675,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4IXFAAEAGAADAqAEDvmfDOM6mtimT1S+nN0acgIAY\/\/9DtgAAAQEIChncAUQAv2TsE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjkGjzZtimXS5YKE="}
00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469971675,"flow_last_seen":1455469971675,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469971675,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52902,"dst_port":46633,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455469971675,"flow_last_seen":1455469971675,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469971675,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52902,"dst_port":46633,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00632{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1455469972136,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":185,"pkt_l4_len":151,"thread_ts_msec":1455469972136,"pkt":"xCwDBkn+LFbcjDU0CABFAACrWLRAAHIGbE2+Z8M4wKgBA7YpzqY3RpyAk9Uv64AYAQLhNwAAAQEICgC\/ZvwZ3AFEE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLUJUNzk1MC3xopUl3euuGS1IpvoAAAEBFABkMTplaTBlNDppcHY0NDq+Z8M4NDppcHY2MTY6IAEAAF71efs4aCApQZg8xzE="}
00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1455469973108,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"thread_ts_msec":1455469973108,"pkt":"LFbcjDU0xCwDBkn+CABFAADJDUpAAEAGAADAqAEDvmfDOM6mtimT1TBDN0ac94AZ\/\/9EBwAAAQEIChncBtUAv2b8M2UxMjp1dF9ob2xlcHVuY2hpNGUxMTp1dF9tZXRhZGF0YWkyZTY6dXRfcGV4aTFlMTI6dXRfcmVjb21tZW5kaTVlMTA6dXRfY29tbWVudGk2ZWUxOnBpNDA5NTllNDpyZXFxaTI1NWUxOnYxOTrCtVRvcnJlbnQgTWFjIDEuOC42Njp5b3VyaXA0Or5nwzhlAAAAAQ8="}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469974358,"flow_last_seen":1455469974358,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469974358,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52907,"dst_port":38305,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455469974358,"flow_last_seen":1455469974358,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469974358,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52907,"dst_port":38305,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1455469974358,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469974358,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4DCdAAEAGAADAqAEDUjrYc86rlaExvR02+FTOIoAY\/\/\/swwAAAQEIChncC64AhEXwE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjk6UZQGZj8psqfs="}
00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469974358,"flow_last_seen":1455469974358,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469974358,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52907,"dst_port":38305,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469974533,"flow_last_seen":1455469974533,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469974533,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52906,"dst_port":53137,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455469974358,"flow_last_seen":1455469974358,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469974358,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52907,"dst_port":38305,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455469974533,"flow_last_seen":1455469974533,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469974533,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52906,"dst_port":53137,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1455469974533,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469974533,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4WuVAAEAGAADAqAEDUjlhU86qz5GeFCpM34MiOYAY0pJ1ogAAAQEIChncDF0AFHySE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjjDhVI8cWXj55ew="}
00855{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469974533,"flow_last_seen":1455469974533,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469974533,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52906,"dst_port":53137,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455469974533,"flow_last_seen":1455469974533,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469974533,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52906,"dst_port":53137,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00632{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1455469974879,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":185,"pkt_l4_len":151,"thread_ts_msec":1455469974879,"pkt":"xCwDBkn+LFbcjDU0CABFAACrC6JAAHcGgnNSOWFTwKgBA8+RzqrfgyI5nhQqkIAYAQJ8JwAAAQEICgAUfLUZ3AxdE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wosdxOntFzioIvnoAAADnFABkMTplaTBlNDppcHY0NDpSOWFTMTI6Y29tcGxldGVfYWdvaTBlMTptZDExOnU="}
01301{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1455469974888,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":586,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":586,"pkt_l4_len":552,"thread_ts_msec":1455469974888,"pkt":"xCwDBkn+LFbcjDU0CABFAAI8C6RAAHcGgOBSOWFTwKgBA8+RzqrfgyKwnhQqkIAZAQKTPAAAAQEICgAUfLYZ3AxdcGxvYWRfb25seWkzZTExOmx0X2RvbnRoYXZlaTdlMTI6dXRfaG9sZXB1bmNoaTRlMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEwOnV0X2NvbW1lbnRpNmVlMTM6bWV0YWRhdGFfc2l6ZWkxOTAwOWUxOnBpNTMxMzdlNDpyZXFxaTI1NWUxOnYxNTrOvFRvcnJlbnQgMy40LjUyOnlwaTUyOTA2ZTY6eW91cmlwNDpSN80BZQAAAHQF\/f\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/v\/\/\/\/+\/\/\/\/\/\/\/\/\/r\/\/\/\/\/\/\/\/\/\/9\/\/P\/v\/\/\/\/\/+\/3\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/v\/\/ff\/\/\/3\/f\/\/\/\/\/\/\/\/\/\/7\/\/\/\/+\/\/\/\/\/\/f\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/v\/t\/u\/\/\/\/\/\/\/\/\/gAAAAAUEAAABGAAAAAUEAAACxAAAAAUEAAAAmwAAAAUEAAAB\/wAAAAUEAAABMwAAAAUEAAABJgAAAAUEAAABZAAAAAUEAAACOgAAAAUEAAAA1QAAAAUEAAACEAAAAAUEAAACFgAAAAUEAAADTAAAAAUEAAABWwAAAAUEAAACMAAAAAUEAAADPQAAAAUEAAADSQAAAAUEAAACnwAAAAUEAAAAeQAAAAUEAAAABgAAAAUEAAAA0wAAAAUEAAABJwAAAAUEAAACfwAAAAUEAAADVQAAAAUEAAADWQ=="}
01456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1455469975129,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":705,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":705,"pkt_l4_len":671,"thread_ts_msec":1455469975129,"pkt":"xCwDBkn+LFbcjDU0CABFAAKzM7RAAHUG4zdSOthzwKgBA5Whzqv4VM4iMb0deoAY\/SAeWQAAAQEICgCERjQZ3AuuE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3woo6KDyQqidsX6OsAAADnFABkMTplaTBlNDppcHY0NDpSOthzMTI6Y29tcGxldGVfYWdvaTFlMTptZDExOnVwbG9hZF9vbmx5aTNlMTE6bHRfZG9udGhhdmVpN2UxMjp1dF9ob2xlcHVuY2hpNGUxMTp1dF9tZXRhZGF0YWkyZTY6dXRfcGV4aTFlMTA6dXRfY29tbWVudGk2ZWUxMzptZXRhZGF0YV9zaXplaTE5MDA5ZTE6cGkzODMwNWU0OnJlcXFpMjU1ZTE6djE1Os68VG9ycmVudCAzLjQuNTI6eXBpNTI5MDdlNjp5b3VyaXA0OlI3zQFlAAAAdAX\/\/e\/\/\/\/\/9\/\/\/\/\/v\/\/2\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/+\/\/\/7\/f\/+\/\/\/\/\/\/\/\/\/9\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/v\/\/\/\/\/\/\/7\/\/\/\/7+\/+\/\/\/+\/\/\/\/\/v\/\/\/\/\/\/3\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/8\/\/\/\/\/\/\/f\/\/\/\/3\/\/\/\/\/\/\/\/+AAAAABQQAAAI1AAAABQQAAAEuAAAABQQAAABqAAAABQQAAAE\/AAAABQQAAABtAAAABQQAAAKkAAAABQQAAAElAAAABQQAAAL5AAAABQQAAANYAAAABQQAAAA2AAAABQQAAAIPAAAABQQAAAJBAAAABQQAAAAOAAAABQQAAAMMAAAABQQAAAJ5AAAABQQAAAF6AAAABQQAAAJZAAAABQQAAAATAAAABQQAAAM4AAAABQQAAAItAAAABQQAAAHdAAAABQQAAAEPAAAABQQAAAMNAAAABQQAAABX"}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469975234,"flow_last_seen":1455469975234,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469975234,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52911,"dst_port":22673,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455469975234,"flow_last_seen":1455469975234,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469975234,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52911,"dst_port":22673,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1455469975234,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469975234,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4WJNAAEAGAADAqAEDlxpfHs6vWJEERbWJ8qKonIAYJJ+4TgAAAQEIChncDxURKgrLE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjhul1XASmRgFxRA="}
00856{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469975234,"flow_last_seen":1455469975234,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469975234,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52911,"dst_port":22673,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469975240,"flow_last_seen":1455469975240,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469975240,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.72.255.163","src_port":52912,"dst_port":59928,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00862{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455469975234,"flow_last_seen":1455469975234,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469975234,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52911,"dst_port":22673,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455469975240,"flow_last_seen":1455469975240,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469975240,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.72.255.163","src_port":52912,"dst_port":59928,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1455469975240,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469975240,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4VgZAAEAGAADAqAEDl0j\/o86w6hjbuZSz\/XvqFoAYKEhZAgAAAQEIChncDxoAaM\/9E0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjpHIptJ+s3GSLpo="}
00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469975240,"flow_last_seen":1455469975240,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469975240,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.72.255.163","src_port":52912,"dst_port":59928,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":47,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469975265,"flow_last_seen":1455469975265,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469975265,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52909,"dst_port":14627,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455469975240,"flow_last_seen":1455469975240,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469975240,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.72.255.163","src_port":52912,"dst_port":59928,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":47,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455469975265,"flow_last_seen":1455469975265,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469975265,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52909,"dst_port":14627,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1455469975265,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469975265,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4dKFAAEAGAADAqAEDTzXkAs6tOSO1PcfcBOlxsoAYN4r1TQAAAQEIChncDzIAAH\/nE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjpuHBUmeY0dBAis="}
00855{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469975265,"flow_last_seen":1455469975265,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469975265,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52909,"dst_port":14627,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455469975265,"flow_last_seen":1455469975265,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469975265,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52909,"dst_port":14627,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00596{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1455469975295,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":157,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":157,"pkt_l4_len":123,"thread_ts_msec":1455469975295,"pkt":"xCwDBkn+LFbcjDU0CABFAACPKABAAHIGh9GXSP+jwKgBA+oYzrD9e+oW27mU94AYAQF3EQAAAQEICgBo0AMZ3A8aE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wopW+kcQUcjSA5QoAAADnFABkMTplaTBlNDppcHY0NDqXSA=="}
00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1455469975314,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1455469975314,"pkt":"xCwDBkn+LFbcjDU0CABFAACdCeVAAHIGRpKXGl8ewKgBA1iRzq\/yoqicBEW1zYAYHVwArAAAAQEIChEqCxYZ3A8VE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC2coV7lk33H8ZRraqcAAADnFABkMTplaTBlNDppcHY0NDqXGl8eMTI6Y29tcGxldGVf"}
00991{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1455469975341,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":449,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":449,"pkt_l4_len":415,"thread_ts_msec":1455469975341,"pkt":"LFbcjDU0xCwDBkn+CABFAAGz+chAAEAGAADAqAEDUjrYc86rlaExvR16+FTQoYAY\/\/\/t\/gAAAQEIChncD3wAhEZHAAAA+hQAZDE6ZWkwZTQ6aXB2NDQ6UjfNATQ6aXB2NjE2Ov6AAAAAAAAAxiwD\/\/4GSf4xMjpjb21wbGV0ZV9hZ29pMWUxOm1kMTE6dXBsb2FkX29ubHlpM2UxMjp1dF9ob2xlcHVuY2hpNGUxMTp1dF9tZXRhZGF0YWkyZTY6dXRfcGV4aTFlMTI6dXRfcmVjb21tZW5kaTVlMTA6dXRfY29tbWVudGk2ZWUxMzptZXRhZGF0YV9zaXplaTE5MDA5ZTE6cGk0MDk1OWU0OnJlcXFpMjU1ZTE6djE5OsK1VG9ycmVudCBNYWMgMS44LjY2OnlvdXJpcDQ6UjrYc2UAAAABDwAAAAMJn\/8AAAADFAMAAAAAAQIAAABlFAZkODptc2dfdHlwZWkwZTM6bnVtaTIwZTY6ZmlsdGVyNjQ6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGU="}
01314{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1455469975379,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":600,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":600,"pkt_l4_len":566,"thread_ts_msec":1455469975379,"pkt":"xCwDBkn+LFbcjDU0CABFAAJKCedAAHIGROOXGl8ewKgBA1iRzq\/yoqkFBEW1zYAYHVwJbQAAAQEIChEqC1QZ3A9hYWdvaTJlMTptZDExOnVwbG9hZF9vbmx5aTNlMTE6bHRfZG9udGhhdmVpN2UxMjp1dF9ob2xlcHVuY2hpNGUxMTp1dF9tZXRhZGF0YWkyZTY6dXRfcGV4aTFlMTA6dXRfY29tbWVudGk2ZWUxMzptZXRhZGF0YV9zaXplaTE5MDA5ZTE6cGkyMjY3M2U0OnJlcXFpMjU1ZTE6djE1Os68VG9ycmVudCAzLjQuNTI6eXBpNTI5MTFlNjp5b3VyaXA0OlI3zQFlAAAAdAV\/v+\/\/f\/\/+\/\/\/\/\/\/\/\/\/\/fv\/\/\/\/\/\/\/\/\/\/3\/\/\/\/\/\/\/\/f\/\/\/\/\/9\/\/\/\/\/\/\/\/\/+\/\/\/\/\/\/\/\/\/\/7\/\/9\/\/\/\/\/\/\/\/\/\/\/\/\/9\/\/\/\/\/f\/\/\/\/7\/7\/\/3\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/9\/9\/\/\/f\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/9\/\/\/ff+AAAAABQQAAAC+AAAABQQAAAB0AAAABQQAAAJcAAAABQQAAAOGAAAABQQAAAEaAAAABQQAAAA3AAAABQQAAAL2AAAABQQAAAOAAAAABQQAAAGXAAAABQQAAALiAAAABQQAAAIeAAAABQQAAAFXAAAABQQAAAJLAAAABQQAAAB7AAAABQQAAAI\/AAAABQQAAADyAAAABQQAAAAAAAAABQQAAAAgAAAABQQAAAH+AAAABQQAAANsAAAABQQAAAATAAAABQQAAALWAAAABQQAAAAJAAAABQQAAAGq"}
00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1455469975393,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"thread_ts_msec":1455469975393,"pkt":"LFbcjDU0xCwDBkn+CABFAADeIplAAEAGAADAqAEDl0j\/o86w6hjbuZVQ\/XvsloAYKDdZaAAAAQEIChncD64AaNAEMTI6dXRfaG9sZXB1bmNoaTRlMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEyOnV0X3JlY29tbWVuZGk1ZTEwOnV0X2NvbW1lbnRpNmVlMTM6bWV0YWRhdGFfc2l6ZWkxOTAwOWUxOnBpNDA5NTllNDpyZXFxaTI1NWUxOnYxOTrCtVRvcnJlbnQgTWFjIDEuOC42Njp5b3VyaXA0OpdI\/6NlAAAAAQ8="}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469975407,"flow_last_seen":1455469975407,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469975407,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52910,"dst_port":39332,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455469975407,"flow_last_seen":1455469975407,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469975407,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52910,"dst_port":39332,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1455469975407,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469975407,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4fvZAAEAGAADAqAEDeD4h8c6umaQbpzY0C9TW44AYjjZcRQAAAQEIChncD7sAQ+m5E0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjhq4aGFIV+2F24M="}
00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469975407,"flow_last_seen":1455469975407,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469975407,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52910,"dst_port":39332,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469975622,"flow_last_seen":1455469975622,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469975622,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52908,"dst_port":12097,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455469975407,"flow_last_seen":1455469975407,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469975407,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52910,"dst_port":39332,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455469975622,"flow_last_seen":1455469975622,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469975622,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52908,"dst_port":12097,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1455469975622,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469975622,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4JlBAAEAGAADAqAEDTzeBFs6sL0FM+lulp3q\/xoAYVhCSYwAAAQEIChncEJACXeJGE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjsY\/A3YcaePRRY8="}
00856{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469975622,"flow_last_seen":1455469975622,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469975622,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52908,"dst_port":12097,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469976336,"flow_last_seen":1455469976336,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469976336,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52915,"dst_port":60163,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00862{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455469975622,"flow_last_seen":1455469975622,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469975622,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52908,"dst_port":12097,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455469976336,"flow_last_seen":1455469976336,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469976336,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52915,"dst_port":60163,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1455469976336,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469976336,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4SfNAAEAGAADAqAEDxmSSCc6z6wOon+tuBozVl4AYZVEahAAAAQEIChncE1MB8nMrE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjlkC3tYvcSfI56Y="}
00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469976336,"flow_last_seen":1455469976336,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469976336,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52915,"dst_port":60163,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455469976336,"flow_last_seen":1455469976336,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469976336,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52915,"dst_port":60163,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1455469976513,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_msec":1455469976513,"pkt":"xCwDBkn+LFbcjDU0CABFEACEZqRAAHYGg6bGZJIJwKgBA+sDzrMGjNWXqJ\/rsoAYAQLT1gAAAQEICgHycz0Z3BNTE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wokMyLr47j7jk1aEAAADnFABkMTplaTA="}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469976582,"flow_last_seen":1455469976582,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469976582,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52914,"dst_port":46633,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455469976582,"flow_last_seen":1455469976582,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469976582,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52914,"dst_port":46633,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1455469976582,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469976582,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4BctAAEAGAADAqAEDvmfDOM6ytinSUvXkM6bvoIAY+3dDtgAAAQEIChncFEcAv3iAE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjkKv+eYrLs2+ChY="}
00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469976582,"flow_last_seen":1455469976582,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469976582,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52914,"dst_port":46633,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455469976582,"flow_last_seen":1455469976582,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469976582,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52914,"dst_port":46633,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
01351{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1455469976697,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":625,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":625,"pkt_l4_len":591,"thread_ts_msec":1455469976697,"pkt":"xCwDBkn+LFbcjDU0CABFEAJjaOxAAHYGf3\/GZJIJwKgBA+sDzrMGjNXnqJ\/rsoAYAQJs0QAAAQEICgHyc00Z3BQDZTQ6aXB2NDQ6xmSSCTEyOmNvbXBsZXRlX2Fnb2kxZTE6bWQxMTp1cGxvYWRfb25seWkzZTExOmx0X2RvbnRoYXZlaTdlMTI6dXRfaG9sZXB1bmNoaTRlMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEwOnV0X2NvbW1lbnRpNmVlMTM6bWV0YWRhdGFfc2l6ZWkxOTAwOWUxOnBpNjAxNjNlNDpyZXFxaTI1NWUxOnYxNTrOvFRvcnJlbnQgMy40LjUyOnlwaTUyOTE1ZTY6eW91cmlwNDpSN80BZQAAAHQFv\/\/3\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/3\/\/\/\/\/\/f\/\/\/\/\/3\/f\/\/\/\/\/\/\/\/\/\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/7\/\/\/\/\/f\/\/\/\/\/\/\/7\/\/\/\/\/\/\/v\/\/\/9\/\/\/\/\/\/7\/\/\/7\/+7\/\/f\/3\/f\/\/\/\/v\/\/\/\/\/\/\/9\/9\/\/\/\/\/\/\/\/\/\/\/\/\/v\/\/\/\/\/3\/\/\/\/gAAAAAUEAAAClgAAAAUEAAAA6gAAAAUEAAAAugAAAAUEAAAA4AAAAAUEAAABqgAAAAUEAAACZwAAAAUEAAACTwAAAAUEAAAC8gAAAAUEAAABiQAAAAUEAAAB3QAAAAUEAAADdAAAAAUEAAAC\/gAAAAUEAAACJgAAAAUEAAACiAAAAAUEAAACvwAAAAUEAAACeQAAAAUEAAABRQAAAAUEAAACCwAAAAUEAAAAkgAAAAUEAAACdQAAAAUEAAACoAAAAAUEAAAAAQAAAAUEAAAAFAAAAAUEAAADTw=="}
00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1455469977023,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":147,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":147,"pkt_l4_len":113,"thread_ts_msec":1455469977023,"pkt":"xCwDBkn+LFbcjDU0CABFAACFWMJAAHMGa2W+Z8M4wKgBA7YpzrIzpu+g0lL2KIAYAQKm2wAAAQEICgC\/ehQZ3BRHE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLUJUNzk1MC3xovjV8bH+iIGCHSYAAAEBFABkMTplaTBl"}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":67,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469977229,"flow_last_seen":1455469977229,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469977229,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.15.48.189","src_port":52917,"dst_port":47001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":67,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455469977229,"flow_last_seen":1455469977229,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469977229,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.15.48.189","src_port":52917,"dst_port":47001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1455469977229,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469977229,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4L\/xAAEAGAADAqAEDlw8wvc61t5l0EJCE2E\/BJoAYIPWJ4gAAAQEIChncFslLXJigE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjv4JZL7rS4V2Vgo="}
00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469977229,"flow_last_seen":1455469977229,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469977229,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.15.48.189","src_port":52917,"dst_port":47001,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455469977229,"flow_last_seen":1455469977229,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469977229,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.15.48.189","src_port":52917,"dst_port":47001,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00589{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1455469977285,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":153,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":153,"pkt_l4_len":119,"thread_ts_msec":1455469977285,"pkt":"xCwDBkn+LFbcjDU0CABFAACLG6xAAHIGY0mXDzC9wKgBA7eZzrXYT8EmdBCQyIAYAQLHiQAAAQEICktcmNgZ3BbJE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wogWCKk\/sCNEtOuUAAADnFABkMTplaTBlNDppcHY0"}
01336{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1455469977324,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":618,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":618,"pkt_l4_len":584,"thread_ts_msec":1455469977324,"pkt":"xCwDBkn+LFbcjDU0CABFAAJcG65AAHIGYXaXDzC9wKgBA7eZzrXYT8F9dBCQyIAZAQKR1gAAAQEICktcmOYZ3BbJNDqXDzC9MTI6Y29tcGxldGVfYWdvaTFlMTptZDExOnVwbG9hZF9vbmx5aTNlMTE6bHRfZG9udGhhdmVpN2UxMjp1dF9ob2xlcHVuY2hpNGUxMTp1dF9tZXRhZGF0YWkyZTY6dXRfcGV4aTFlMTA6dXRfY29tbWVudGk2ZWUxMzptZXRhZGF0YV9zaXplaTE5MDA5ZTE6cGk0NzAwMWU0OnJlcXFpMjU1ZTE6djE1Os68VG9ycmVudCAzLjQuNTI6eXBpNTI5MTdlNjp5b3VyaXA0OlI3zQFlAAAAdAX\/\/\/\/\/\/7\/\/\/\/\/\/\/f\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/v7\/\/v\/\/\/\/\/u\/\/\/\/\/\/\/\/\/\/\/7\/\/\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/37\/\/\/\/\/\/\/\/\/\/f\/\/3\/\/3\/\/\/7\/\/\/\/v\/\/f\/\/\/f\/\/\/3\/\/\/\/\/\/v\/\/f\/\/\/\/\/\/\/\/\/\/\/7\/\/\/\/3\/\/\/+AAAAABQQAAAMOAAAABQQAAAApAAAABQQAAAJ1AAAABQQAAAKiAAAABQQAAADVAAAABQQAAAH3AAAABQQAAANZAAAABQQAAADFAAAABQQAAAN2AAAABQQAAAD5AAAABQQAAAD9AAAABQQAAAL9AAAABQQAAAKRAAAABQQAAAK6AAAABQQAAAC9AAAABQQAAAFxAAAABQQAAAHwAAAABQQAAAJKAAAABQQAAAFDAAAABQQAAAJcAAAABQQAAABWAAAABQQAAALUAAAABQQAAAI2AAAABQQAAAB7"}
01382{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1455469977685,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":650,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":650,"pkt_l4_len":616,"thread_ts_msec":1455469977685,"pkt":"xCwDBkn+LFbcjDU0CABFAAJ8WMNAAHMGaW2+Z8M4wKgBA7YpzrIzpu\/x0lL2fIAYAQLBOgAAAQEICgC\/e9sZ3BX+NDppcHY0NDq+Z8M4NDppcHY2MTY6IAEAAF71efs4aCApQZg8xzEyOmNvbXBsZXRlX2Fnb2kyZTE6bWQxMTp1cGxvYWRfb25seWkzZTExOmx0X2RvbnRoYXZlaTdlMTI6dXRfaG9sZXB1bmNoaTRlMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEwOnV0X2NvbW1lbnRpNmVlMTM6bWV0YWRhdGFfc2l6ZWkxOTAwOWUxOnBpNDY2MzNlNDpyZXFxaTI1NWUxOnYxNjpCaXRUb3JyZW50IDcuOS41Mjp5cGk1MjkxNGU2OnlvdXJpcDQ6UjfNAWUAAAB0Bf\/\/\/\/\/X\/\/\/v\/\/\/\/\/\/\/\/\/\/+\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/f+\/\/\/7\/\/\/\/v\/\/\/\/\/99\/\/+\/\/\/\/\/\/\/\/\/\/\/\/3\/\/\/\/\/\/\/\/\/\/\/\/\/\/+7\/\/3\/\/\/\/\/\/+\/\/\/\/\/\/\/\/\/\/\/77\/\/\/f\/\/\/3\/3f\/3\/\/\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/4AAAAAFBAAAApsAAAAFBAAAAk8AAAAFBAAAAtoAAAAFBAAAAWUAAAAFBAAAAxcAAAAFBAAAAVIAAAAFBAAAAsoAAAAFBAAAASUAAAAFBAAAADsAAAAFBAAAAOgAAAAFBAAAAg0AAAAFBAAAArAAAAAFBAAAApUAAAAFBAAAAtYAAAAFBAAAAIEAAAAFBAAAAQkAAAAFBAAAAugAAAAFBAAAAhEAAAAFBAAAAUwAAAAFBAAAAiIAAAAFBAAAAPMAAAAFBAAAAbAAAAAFBAAAACQAAAAFBAAAACI="}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469978413,"flow_last_seen":1455469978413,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469978413,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.234.159.16","src_port":52921,"dst_port":41205,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455469978413,"flow_last_seen":1455469978413,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469978413,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.234.159.16","src_port":52921,"dst_port":41205,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1455469978413,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469978413,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4DnNAAEAGAADAqAEDX+qfEM65oPXUDpz5ZKj0loAYkUPBEAAAAQEIChncG14CELSbE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjvUWScco35PygrU="}
00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":77,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469978413,"flow_last_seen":1455469978413,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469978413,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.234.159.16","src_port":52921,"dst_port":41205,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":78,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469978422,"flow_last_seen":1455469978422,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469978422,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.237.193.34","src_port":52922,"dst_port":11321,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":77,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455469978413,"flow_last_seen":1455469978413,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469978413,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.234.159.16","src_port":52921,"dst_port":41205,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":78,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455469978422,"flow_last_seen":1455469978422,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469978422,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.237.193.34","src_port":52922,"dst_port":11321,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1455469978422,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469978422,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4xBlAAEAGAADAqAEDX+3BIs66LDm\/gbIP+oH76IAYlsHjJQAAAQEIChncG2YAA5hpE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjvGP0W3l6zj59Ik="}
00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469978422,"flow_last_seen":1455469978422,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469978422,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.237.193.34","src_port":52922,"dst_port":11321,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455469978422,"flow_last_seen":1455469978422,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469978422,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.237.193.34","src_port":52922,"dst_port":11321,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00633{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1455469978654,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":185,"pkt_l4_len":151,"thread_ts_msec":1455469978654,"pkt":"xCwDBkn+LFbcjDU0CABFAACrIv1AAHYG\/pRf7cEiwKgBAyw5zrr6gfvov4GyU4AYAQLALAAAAQEICgADmIEZ3BtmE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wog5gTbVhOs8MSY8AAADnFABkMTplaTBlNDppcHY0NDpf7cEiMTI6Y29tcGxldGVfYWdvaTJlMTptZDExOnU="}
00632{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1455469978662,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":185,"pkt_l4_len":151,"thread_ts_msec":1455469978662,"pkt":"xCwDBkn+LFbcjDU0CABFAACrdTRAAHcGzXJf6p8QwKgBA6D1zrlkqPSW1A6dPYAYAMM1JwAAAQEICgIQtLMZ3BteE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wos5cW3r846cWQCoAAADoFABkMTplaTBlNDppcHY0NDpf6p8QMTI6Y29tcGxldGVfYWdvaTQ1ZTE6bWQxMTo="}
01296{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1455469978678,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":587,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":587,"pkt_l4_len":553,"thread_ts_msec":1455469978678,"pkt":"xCwDBkn+LFbcjDU0CABFAAI9dTZAAHcGy95f6p8QwKgBA6D1zrlkqPUN1A6dPYAZAMPqbAAAAQEICgIQtLMZ3BtedXBsb2FkX29ubHlpM2UxMTpsdF9kb250aGF2ZWk3ZTEyOnV0X2hvbGVwdW5jaGk0ZTExOnV0X21ldGFkYXRhaTJlNjp1dF9wZXhpMWUxMDp1dF9jb21tZW50aTZlZTEzOm1ldGFkYXRhX3NpemVpMTkwMDllMTpwaTQxMjA1ZTQ6cmVxcWkyNTVlMTp2MTU6zrxUb3JyZW50IDMuNC41Mjp5cGk1MjkyMWU2OnlvdXJpcDQ6UjfNAWUAAAB0Bf\/\/\/\/\/7\/\/\/\/\/\/\/\/\/f\/\/\/\/9\/\/\/\/3\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/3\/\/\/\/\/\/\/\/\/\/v7\/\/v\/\/\/\/\/7\/\/3\/f\/\/\/\/\/r\/\/\/v\/\/\/\/9\/\/\/\/\/\/\/\/\/+\/\/\/\/\/3\/7\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/\/9\/\/\/\/\/9\/\/f\/4AAAAAFBAAAACUAAAAFBAAAAJwAAAAFBAAAArkAAAAFBAAAAfAAAAAFBAAAA3QAAAAFBAAAAosAAAAFBAAAAZ8AAAAFBAAAAdUAAAAFBAAAAqwAAAAFBAAAAhUAAAAFBAAAAM0AAAAFBAAAAk4AAAAFBAAAAIAAAAAFBAAAA4IAAAAFBAAAAF4AAAAFBAAAAi0AAAAFBAAAAVYAAAAFBAAAAZcAAAAFBAAAA1AAAAAFBAAAAeYAAAAFBAAAAa8AAAAFBAAAAhcAAAAFBAAAAw0AAAAFBAAAARs="}
01298{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1455469978679,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":586,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":586,"pkt_l4_len":552,"thread_ts_msec":1455469978679,"pkt":"xCwDBkn+LFbcjDU0CABFAAI8IwBAAHYG\/QBf7cEiwKgBAyw5zrr6gfxfv4GyU4AZAQJxbQAAAQEICgADmIEZ3BtmcGxvYWRfb25seWkzZTExOmx0X2RvbnRoYXZlaTdlMTI6dXRfaG9sZXB1bmNoaTRlMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEwOnV0X2NvbW1lbnRpNmVlMTM6bWV0YWRhdGFfc2l6ZWkxOTAwOWUxOnBpMTEzMjFlNDpyZXFxaTI1NWUxOnYxNTrOvFRvcnJlbnQgMy40LjUyOnlwaTUyOTIyZTY6eW91cmlwNDpSN80BZQAAAHQF\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/+\/\/\/+\/\/7\/\/\/\/\/7\/\/\/\/\/\/\/\/\/\/\/\/\/\/v\/\/\/v\/\/v\/\/+P\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/+\/7\/7\/\/\/\/\/\/7\/\/\/\/\/\/v\/\/3+\/\/+\/\/\/\/\/\/\/\/\/\/\/\/\/9\/\/\/7\/\/\/+\/\/\/\/\/\/\/\/\/\/\/\/\/\/+\/\/\/\/\/\/\/\/\/\/3\/\/gAAAAAUEAAACNQAAAAUEAAACYwAAAAUEAAADgAAAAAUEAAAB1wAAAAUEAAAAyQAAAAUEAAABzQAAAAUEAAACUQAAAAUEAAABYQAAAAUEAAACzQAAAAUEAAAApQAAAAUEAAACtgAAAAUEAAACSAAAAAUEAAACDQAAAAUEAAABIQAAAAUEAAABYwAAAAUEAAAC5wAAAAUEAAAAlQAAAAUEAAABYgAAAAUEAAABlQAAAAUEAAADQQAAAAUEAAAB4wAAAAUEAAABOQAAAAUEAAABSwAAAAUEAAAAfQ=="}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469980213,"flow_last_seen":1455469980213,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469980213,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52927,"dst_port":51413,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455469980213,"flow_last_seen":1455469980213,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469980213,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52927,"dst_port":51413,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1455469980213,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469980213,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4U25AAEAGAADAqAEDU9i48c6\/yNUzq1kTBM6UFIAYL5vO3wAAAQEIChncIiN4G2eaE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjq+Lj4Q+qUQM4PY="}
00727{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469980213,"flow_last_seen":1455469980213,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469980213,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52927,"dst_port":51413,"l4_proto":"tcp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":114,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469980262,"flow_last_seen":1455469980262,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469980262,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.249.100","src_port":52926,"dst_port":31336,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00733{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455469980213,"flow_last_seen":1455469980213,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469980213,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52927,"dst_port":51413,"l4_proto":"tcp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":114,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455469980262,"flow_last_seen":1455469980262,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469980262,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.249.100","src_port":52926,"dst_port":31336,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1455469980262,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469980262,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4esFAAEAGAADAqAEDXUH5ZM6+emiQl\/fDL3XicoAYTYMYvAAAAQEIChncIlIAH\/RSE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjkTA1ljAvA+q8j0="}
00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":114,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469980262,"flow_last_seen":1455469980262,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469980262,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.249.100","src_port":52926,"dst_port":31336,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":115,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469980275,"flow_last_seen":1455469980275,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469980275,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.227.100","src_port":52925,"dst_port":19116,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":114,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455469980262,"flow_last_seen":1455469980262,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469980262,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.249.100","src_port":52926,"dst_port":31336,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":115,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455469980275,"flow_last_seen":1455469980275,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469980275,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.227.100","src_port":52925,"dst_port":19116,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1455469980275,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469980275,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4g5FAAEAGAADAqAEDXUHjZM69Sqzdpe7S802+OYAYVXMCvAAAAQEIChncIl4AhA2FE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjlkhEgSgYOOKqPw="}
00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":115,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469980275,"flow_last_seen":1455469980275,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469980275,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.227.100","src_port":52925,"dst_port":19116,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":115,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455469980275,"flow_last_seen":1455469980275,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469980275,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.227.100","src_port":52925,"dst_port":19116,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1455469980297,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_msec":1455469980297,"pkt":"xCwDBkn+LFbcjDU0CABFYACEPABAADIGPZ9T2LjxwKgBA8jVzr8EzpQUM6tZV4AYECksHwAAAQEICngbZ84Z3CIjE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMTg4Qi2qnlHDgsE5LNSCYRoAAAEAFABkMTplaTA="}
01382{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":1455469980371,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":650,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":650,"pkt_l4_len":616,"thread_ts_msec":1455469980371,"pkt":"xCwDBkn+LFbcjDU0CABFYAJ8C7pAADIGa+1T2LjxwKgBA8jVzr8EzpRkM6tZV4AYECkszQAAAQEICngbaAwZ3CJzZTQ6aXB2NDQ6U9i48TQ6aXB2NjE2Ov6AAAAAAAAA6gaI\/\/7N9BMxMjpjb21wbGV0ZV9hZ29pMWUxOm1kMTE6dXBsb2FkX29ubHlpM2UxMTpsdF9kb250aGF2ZWk3ZTEyOnV0X2hvbGVwdW5jaGk0ZTExOnV0X21ldGFkYXRhaTJlNjp1dF9wZXhpMWUxMDp1dF9jb21tZW50aTZlZTEzOm1ldGFkYXRhX3NpemVpMTkwMDllMTpwaTUxNDEzZTQ6cmVxcWkyNTVlMTp2MTU6zrxUb3JyZW50IDEuOC44Mjp5cGk1MjkyN2U2OnlvdXJpcDQ6UjfNAWUAAAB0Bf\/\/\/v\/\/\/\/\/\/\/\/9\/f\/+\/\/9\/\/\/f\/\/\/\/\/\/\/73v\/\/\/\/\/\/\/\/\/\/f\/9\/\/\/\/\/\/\/\/\/\/\/\/\/9\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/3\/\/7\/\/3\/9v\/\/\/9+\/\/\/\/\/\/\/\/\/\/+\/\/\/\/\/\/\/\/\/\/\/3\/\/\/\/\/\/\/\/\/\/+\/\/\/\/7\/\/\/\/\/\/\/\/+\/\/\/\/\/\/\/\/\/\/\/4AAAAAFBAAAAiQAAAAFBAAAAQwAAAAFBAAAAisAAAAFBAAAArIAAAAFBAAAAFgAAAAFBAAAAxMAAAAFBAAAAgYAAAAFBAAAAfgAAAAFBAAAAvcAAAAFBAAAAm0AAAAFBAAAAMYAAAAFBAAAA0sAAAAFBAAAAXAAAAAFBAAAAMEAAAAFBAAAAecAAAAFBAAAABcAAAAFBAAAAI4AAAAFBAAAAHoAAAAFBAAAAgkAAAAFBAAAAMsAAAAFBAAAAGkAAAAFBAAAARwAAAAFBAAAAdQAAAAFBAAAAFA="}
00629{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1455469980390,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":182,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":182,"pkt_l4_len":148,"thread_ts_msec":1455469980390,"pkt":"xCwDBkn+LFbcjDU0CABFAACocqBAAHMGfF5dQflkwKgBA3pozr4vdeJykJf4B4AYAMOuCwAAAQEICgAf9F4Z3CJSE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wogL0Pl3FbMgdQMAAAAEAFABkMTplaTBlNDppcHY0NDpdQflkNDppcHY2MTY6IAEAAF71ef0Mhifaor4="}
01334{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1455469980488,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":614,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":614,"pkt_l4_len":580,"thread_ts_msec":1455469980488,"pkt":"xCwDBkn+LFbcjDU0CABFAAJYcqJAAHMGeqxdQflkwKgBA3pozr4vdeLmkJf4B4AZAMO1LAAAAQEICgAf9F8Z3CJSBpsxMjpjb21wbGV0ZV9hZ29pMmUxOm1kMTE6dXBsb2FkX29ubHlpM2UxMTpsdF9kb250aGF2ZWk3ZTEyOnV0X2hvbGVwdW5jaGk0ZTExOnV0X21ldGFkYXRhaTJlNjp1dF9wZXhpMWUxMDp1dF9jb21tZW50aTZlZTEzOm1ldGFkYXRhX3NpemVpMTkwMDllMTpwaTMxMzM2ZTQ6cmVxcWkyNTVlMTp2MTU6zrxUb3JyZW50IDMuNC41Mjp5cGk1MjkyNmU2OnlvdXJpcDQ6UjfNAWUAAAB0Bf\/\/\/\/\/\/\/\/\/\/\/99\/\/\/\/\/\/9\/\/+\/\/\/\/\/\/\/\/7\/\/3\/\/\/\/\/\/\/\/\/\/\/\/3\/\/\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/\/\/\/+\/\/\/\/\/v\/\/\/\/\/9\/\/\/\/\/\/3\/\/\/\/\/\/\/\/\/\/\/36\/\/\/\/\/93\/\/\/\/\/\/\/\/\/\/\/\/\/fv\/\/\/9P\/\/3\/\/\/\/\/f\/\/\/\/\/\/\/\/\/\/\/\/4AAAAAFBAAAAm0AAAAFBAAAApQAAAAFBAAAAI0AAAAFBAAAA0AAAAAFBAAAASAAAAAFBAAAAwgAAAAFBAAAAHoAAAAFBAAAAV0AAAAFBAAAAfQAAAAFBAAAAwsAAAAFBAAAAmsAAAAFBAAAAhwAAAAFBAAAAuYAAAAFBAAAAmQAAAAFBAAAApAAAAAFBAAAAFAAAAAFBAAAAc0AAAAFBAAAAa0AAAAFBAAAAx4AAAAFBAAAANIAAAAFBAAAAu0AAAAFBAAAAwoAAAAFBAAAAEoAAAAFBAAAAME="}
00830{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1455469967550,"flow_last_seen":1455469968002,"flow_idle_time":7580000,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":527,"flow_tot_l4_payload_len":871,"flow_avg_l4_payload_len":174,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52887,"dst_port":53137,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00831{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1455469974533,"flow_last_seen":1455469974889,"flow_idle_time":7580000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":520,"flow_tot_l4_payload_len":875,"flow_avg_l4_payload_len":175,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52906,"dst_port":53137,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00701{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1455469969259,"flow_last_seen":1455469973374,"flow_idle_time":7580000,"flow_min_l4_payload_len":7,"flow_max_l4_payload_len":582,"flow_tot_l4_payload_len":1030,"flow_avg_l4_payload_len":128,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52895,"dst_port":51413,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00704{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1455469980213,"flow_last_seen":1455469981133,"flow_idle_time":7580000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":584,"flow_tot_l4_payload_len":1048,"flow_avg_l4_payload_len":209,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52927,"dst_port":51413,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00833{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1455469978422,"flow_last_seen":1455469978679,"flow_idle_time":7580000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":520,"flow_tot_l4_payload_len":875,"flow_avg_l4_payload_len":175,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.237.193.34","src_port":52922,"dst_port":11321,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00833{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1455469975240,"flow_last_seen":1455469975394,"flow_idle_time":7580000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":348,"flow_avg_l4_payload_len":87,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.72.255.163","src_port":52912,"dst_port":59928,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00832{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1455469970233,"flow_last_seen":1455469971153,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":527,"flow_tot_l4_payload_len":951,"flow_avg_l4_payload_len":190,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52897,"dst_port":22673,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00833{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1455469975234,"flow_last_seen":1455469976169,"flow_idle_time":7580000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":534,"flow_tot_l4_payload_len":883,"flow_avg_l4_payload_len":176,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52911,"dst_port":22673,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00833{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1455469978413,"flow_last_seen":1455469978679,"flow_idle_time":7580000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":521,"flow_tot_l4_payload_len":882,"flow_avg_l4_payload_len":176,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.234.159.16","src_port":52921,"dst_port":41205,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00833{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1455469980262,"flow_last_seen":1455469980488,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":548,"flow_tot_l4_payload_len":732,"flow_avg_l4_payload_len":244,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.249.100","src_port":52926,"dst_port":31336,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00831{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1455469980275,"flow_last_seen":1455469980275,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.227.100","src_port":52925,"dst_port":19116,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00832{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1455469971675,"flow_last_seen":1455469973590,"flow_idle_time":7580000,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":350,"flow_avg_l4_payload_len":87,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52902,"dst_port":46633,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00835{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1455469976582,"flow_last_seen":1455469980118,"flow_idle_time":7580000,"flow_min_l4_payload_len":9,"flow_max_l4_payload_len":584,"flow_tot_l4_payload_len":1088,"flow_avg_l4_payload_len":155,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52914,"dst_port":46633,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00830{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1455469969441,"flow_last_seen":1455469969689,"flow_idle_time":7580000,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":554,"flow_tot_l4_payload_len":850,"flow_avg_l4_payload_len":170,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52896,"dst_port":14627,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00829{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1455469975265,"flow_last_seen":1455469975265,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52909,"dst_port":14627,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00829{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1455469970452,"flow_last_seen":1455469970452,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52893,"dst_port":12097,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1455469975622,"flow_last_seen":1455469975622,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52908,"dst_port":12097,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00833{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1455469977229,"flow_last_seen":1455469977324,"flow_idle_time":7580000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":552,"flow_tot_l4_payload_len":896,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.15.48.189","src_port":52917,"dst_port":47001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00833{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1455469971321,"flow_last_seen":1455469972136,"flow_idle_time":7580000,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":535,"flow_tot_l4_payload_len":865,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52903,"dst_port":60163,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00841{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":210,"flow_first_seen":1455469976336,"flow_last_seen":1455469982106,"flow_idle_time":7580000,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":271267,"flow_avg_l4_payload_len":1291,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52915,"dst_port":60163,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00832{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1455469967246,"flow_last_seen":1455469967465,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":558,"flow_tot_l4_payload_len":626,"flow_avg_l4_payload_len":313,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52888,"dst_port":38305,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00835{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1455469974358,"flow_last_seen":1455469976244,"flow_idle_time":7580000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":639,"flow_tot_l4_payload_len":1137,"flow_avg_l4_payload_len":284,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52907,"dst_port":38305,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1455469969441,"flow_last_seen":1455469969441,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52894,"dst_port":39332,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00831{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1455469975407,"flow_last_seen":1455469975407,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52910,"dst_port":39332,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00835{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1455469967550,"flow_last_seen":1455469968002,"flow_idle_time":7580000,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":527,"flow_tot_l4_payload_len":871,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52887,"dst_port":53137,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00836{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1455469974533,"flow_last_seen":1455469974889,"flow_idle_time":7580000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":520,"flow_tot_l4_payload_len":875,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52906,"dst_port":53137,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00706{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1455469969259,"flow_last_seen":1455469973374,"flow_idle_time":7580000,"flow_min_l4_payload_len":7,"flow_max_l4_payload_len":582,"flow_tot_l4_payload_len":1030,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52895,"dst_port":51413,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00709{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1455469980213,"flow_last_seen":1455469981133,"flow_idle_time":7580000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":584,"flow_tot_l4_payload_len":1048,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52927,"dst_port":51413,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00838{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1455469978422,"flow_last_seen":1455469978679,"flow_idle_time":7580000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":520,"flow_tot_l4_payload_len":875,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.237.193.34","src_port":52922,"dst_port":11321,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00839{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1455469975240,"flow_last_seen":1455469975394,"flow_idle_time":7580000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":348,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.72.255.163","src_port":52912,"dst_port":59928,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00837{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1455469970233,"flow_last_seen":1455469971153,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":527,"flow_tot_l4_payload_len":951,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52897,"dst_port":22673,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00838{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1455469975234,"flow_last_seen":1455469976169,"flow_idle_time":7580000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":534,"flow_tot_l4_payload_len":883,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52911,"dst_port":22673,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00838{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1455469978413,"flow_last_seen":1455469978679,"flow_idle_time":7580000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":521,"flow_tot_l4_payload_len":882,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.234.159.16","src_port":52921,"dst_port":41205,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00838{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1455469980262,"flow_last_seen":1455469980488,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":548,"flow_tot_l4_payload_len":732,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.249.100","src_port":52926,"dst_port":31336,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00837{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455469980275,"flow_last_seen":1455469980275,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.227.100","src_port":52925,"dst_port":19116,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00838{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1455469971675,"flow_last_seen":1455469973590,"flow_idle_time":7580000,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":350,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52902,"dst_port":46633,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00840{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1455469976582,"flow_last_seen":1455469980118,"flow_idle_time":7580000,"flow_min_l4_payload_len":9,"flow_max_l4_payload_len":584,"flow_tot_l4_payload_len":1088,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52914,"dst_port":46633,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00835{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1455469969441,"flow_last_seen":1455469969689,"flow_idle_time":7580000,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":554,"flow_tot_l4_payload_len":850,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52896,"dst_port":14627,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00835{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455469975265,"flow_last_seen":1455469975265,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52909,"dst_port":14627,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00835{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455469970452,"flow_last_seen":1455469970452,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52893,"dst_port":12097,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00836{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455469975622,"flow_last_seen":1455469975622,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52908,"dst_port":12097,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00838{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1455469977229,"flow_last_seen":1455469977324,"flow_idle_time":7580000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":552,"flow_tot_l4_payload_len":896,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.15.48.189","src_port":52917,"dst_port":47001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00838{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1455469971321,"flow_last_seen":1455469972136,"flow_idle_time":7580000,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":535,"flow_tot_l4_payload_len":865,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52903,"dst_port":60163,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00846{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":193,"flow_first_seen":1455469976336,"flow_last_seen":1455469982106,"flow_idle_time":7580000,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":271267,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52915,"dst_port":60163,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00837{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1455469967246,"flow_last_seen":1455469967465,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":558,"flow_tot_l4_payload_len":626,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52888,"dst_port":38305,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00840{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1455469974358,"flow_last_seen":1455469976244,"flow_idle_time":7580000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":639,"flow_tot_l4_payload_len":1137,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52907,"dst_port":38305,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00836{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455469969441,"flow_last_seen":1455469969441,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52894,"dst_port":39332,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00837{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455469975407,"flow_last_seen":1455469975407,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52910,"dst_port":39332,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00568{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","packets-captured":299,"packets-processed":299,"total-skipped-flows":0,"total-l4-payload-len":285982,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":24,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":24,"total-idle-flows":24,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":134,"global_ts_msec":1455469982106}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 299/299
@@ -140,8 +140,8 @@
~~ total active/idle flows...: 24/24
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6343344 bytes
~~ total memory freed........: 6343344 bytes
~~ total memory allocated....: 6343536 bytes
~~ total memory freed........: 6343536 bytes
~~ total allocations/frees...: 121291/121291
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 466 chars

14
test/results/bittorrent_utp.pcap.out
View File

@@ -1,11 +1,11 @@
00465{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"bittorrent_utp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00554{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"bittorrent_utp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1456385034843}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bittorrent_utp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1456385034843,"flow_last_seen":1456385034843,"flow_idle_time":200000,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":104,"midstream":0,"thread_ts_msec":1456385034843,"l3_proto":"ip4","src_ip":"82.243.113.43","dst_ip":"192.168.1.5","src_port":64969,"dst_port":40959,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bittorrent_utp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1456385034843,"flow_last_seen":1456385034843,"flow_idle_time":200000,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"midstream":0,"thread_ts_msec":1456385034843,"l3_proto":"ip4","src_ip":"82.243.113.43","dst_ip":"192.168.1.5","src_port":64969,"dst_port":40959,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"bittorrent_utp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1456385034843,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_msec":1456385034843,"pkt":"xCwDBkn+LFbcjDU0CABFCACEN6IAAHARjPNS83ErwKgBBf3Jn\/8AcJbNZDE6YWQyOmlkMjA69\/YAfOoTUG5RTefsvJTyrlFxFfg5OmluZm9faGFzaDIwOvf2AdimJ292LCw98nSvKCf40fHeZTE6cTk6Z2V0X3BlZXJzMTp0MjoOYTE6djQ6TFQBATE6eTE6cWU="}
00822{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"bittorrent_utp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1456385034843,"flow_last_seen":1456385034843,"flow_idle_time":200000,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":104,"midstream":0,"thread_ts_msec":1456385034843,"l3_proto":"ip4","src_ip":"82.243.113.43","dst_ip":"192.168.1.5","src_port":64969,"dst_port":40959,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":""}}
00827{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"bittorrent_utp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1456385034843,"flow_last_seen":1456385034843,"flow_idle_time":200000,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"midstream":0,"thread_ts_msec":1456385034843,"l3_proto":"ip4","src_ip":"82.243.113.43","dst_ip":"192.168.1.5","src_port":64969,"dst_port":40959,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":""}}
00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"bittorrent_utp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1456385039236,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_msec":1456385039236,"pkt":"xCwDBkn+LFbcjDU0CABFCACEPR1AAHARR3hS83ErwKgBBf3Jn\/8AcOi+ZDE6YWQyOmlkMjA69\/YAfOoTUG5RTefsvJTyrlFxFfg5OmluZm9faGFzaDIwOvf2AbAuK1Rd0f1URppB\/xHRD5bKZTE6cTk6Z2V0X3BlZXJzMTp0MjoZ4TE6djQ6TFQBATE6eTE6cWU="}
00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"bittorrent_utp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1456385040274,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1456385040274,"pkt":"xCwDBkn+LFbcjDU0CABFCAAwPfxAAHARRu1S83ErwKgBBf3Jn\/8AHJxJQQBTAhDusvAAAAAAAAAAAOf1AAA="}
00839{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":86,"source":"bittorrent_utp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":86,"flow_first_seen":1456385034843,"flow_last_seen":1456385054059,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":37877,"flow_avg_l4_payload_len":440,"midstream":0,"thread_ts_msec":1456385054059,"l3_proto":"ip4","src_ip":"82.243.113.43","dst_ip":"192.168.1.5","src_port":64969,"dst_port":40959,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00845{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":86,"source":"bittorrent_utp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":47,"flow_dst_packets_processed":39,"flow_first_seen":1456385034843,"flow_last_seen":1456385054059,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":37877,"midstream":0,"thread_ts_msec":1456385054059,"l3_proto":"ip4","src_ip":"82.243.113.43","dst_ip":"192.168.1.5","src_port":64969,"dst_port":40959,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00563{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":86,"source":"bittorrent_utp.pcap","alias":"nDPId-test","packets-captured":86,"packets-processed":86,"total-skipped-flows":0,"total-l4-payload-len":37877,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1456385054059}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 86/86
@@ -15,10 +15,10 @@
~~ total active/idle flows...: 1/1
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6267731 bytes
~~ total memory freed........: 6267731 bytes
~~ total memory allocated....: 6267739 bytes
~~ total memory freed........: 6267739 bytes
~~ total allocations/frees...: 120964/120964
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 470 chars
~~ json string max len.......: 844 chars
~~ json string avg len.......: 649 chars
~~ json string max len.......: 850 chars
~~ json string avg len.......: 652 chars

68
test/results/bjnp.pcap.out
View File

@@ -1,45 +1,45 @@
00455{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"bjnp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00544{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"bjnp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1467725378685}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725378685,"flow_last_seen":1467725378685,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725378685,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.17","src_port":50087,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467725378685,"flow_last_seen":1467725378685,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725378685,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.17","src_port":50087,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3}
00435{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1467725378685,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":46,"pkt_l4_len":24,"thread_ts_msec":1467725378685,"pkt":"RQAALAmDAAB5EfxOwKi5jcCoARHDpyGkABg0Q0JKTlACAQAAF6QAAAAAAADK6w=="}
00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725378685,"flow_last_seen":1467725378685,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725378685,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.17","src_port":50087,"dst_port":8612,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725383705,"flow_last_seen":1467725383705,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725383705,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.1","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3}
00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467725378685,"flow_last_seen":1467725378685,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725378685,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.17","src_port":50087,"dst_port":8612,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467725383705,"flow_last_seen":1467725383705,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725383705,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.1","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3}
00435{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1467725383705,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":46,"pkt_l4_len":24,"thread_ts_msec":1467725383705,"pkt":"RQAALAmRAAB5EfxQwKi5jcCoAQHDqSGkABg0T0JKTlACAQAAF6YAAAAAAACF3A=="}
00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725383705,"flow_last_seen":1467725383705,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725383705,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.1","src_port":50089,"dst_port":8612,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725383909,"flow_last_seen":1467725383909,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725383909,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.2","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3}
00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467725383705,"flow_last_seen":1467725383705,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725383705,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.1","src_port":50089,"dst_port":8612,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467725383909,"flow_last_seen":1467725383909,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725383909,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.2","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3}
00435{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1467725383909,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":46,"pkt_l4_len":24,"thread_ts_msec":1467725383909,"pkt":"RQAALAmSAAB5EfxOwKi5jcCoAQLDqSGkABg0TUJKTlACAQAAF6cAAAAAAAAfDQ=="}
00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725383909,"flow_last_seen":1467725383909,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725383909,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.2","src_port":50089,"dst_port":8612,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725384113,"flow_last_seen":1467725384113,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725384113,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.3","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3}
00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467725383909,"flow_last_seen":1467725383909,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725383909,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.2","src_port":50089,"dst_port":8612,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467725384113,"flow_last_seen":1467725384113,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725384113,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.3","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3}
00435{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1467725384113,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":46,"pkt_l4_len":24,"thread_ts_msec":1467725384113,"pkt":"RQAALAmTAAB5EfxMwKi5jcCoAQPDqSGkABg0S0JKTlACAQAAF6gAAAAAAACCRA=="}
00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725384113,"flow_last_seen":1467725384113,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725384113,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.3","src_port":50089,"dst_port":8612,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725384313,"flow_last_seen":1467725384313,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725384313,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.4","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3}
00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467725384113,"flow_last_seen":1467725384113,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725384113,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.3","src_port":50089,"dst_port":8612,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467725384313,"flow_last_seen":1467725384313,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725384313,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.4","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3}
00435{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1467725384313,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":46,"pkt_l4_len":24,"thread_ts_msec":1467725384313,"pkt":"RQAALAmVAAB5EfxJwKi5jcCoAQTDqSGkABg0SUJKTlACAQAAF6kAAAAAAADs+w=="}
00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725384313,"flow_last_seen":1467725384313,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725384313,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.4","src_port":50089,"dst_port":8612,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725384517,"flow_last_seen":1467725384517,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725384517,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.5","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3}
00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467725384313,"flow_last_seen":1467725384313,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725384313,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.4","src_port":50089,"dst_port":8612,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467725384517,"flow_last_seen":1467725384517,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725384517,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.5","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3}
00435{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1467725384517,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":46,"pkt_l4_len":24,"thread_ts_msec":1467725384517,"pkt":"RQAALAmWAAB5EfxHwKi5jcCoAQXDqSGkABg0R0JKTlACAQAAF6oAAAAAAADhdg=="}
00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725384517,"flow_last_seen":1467725384517,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725384517,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.5","src_port":50089,"dst_port":8612,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725384721,"flow_last_seen":1467725384721,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725384721,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.6","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3}
00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467725384517,"flow_last_seen":1467725384517,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725384517,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.5","src_port":50089,"dst_port":8612,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467725384721,"flow_last_seen":1467725384721,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725384721,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.6","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3}
00435{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1467725384721,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":46,"pkt_l4_len":24,"thread_ts_msec":1467725384721,"pkt":"RQAALAmXAAB5EfxFwKi5jcCoAQbDqSGkABg0RUJKTlACAQAAF6sAAAAAAACzRQ=="}
00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725384721,"flow_last_seen":1467725384721,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725384721,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.6","src_port":50089,"dst_port":8612,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725384921,"flow_last_seen":1467725384921,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725384921,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.7","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3}
00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467725384721,"flow_last_seen":1467725384721,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725384721,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.6","src_port":50089,"dst_port":8612,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467725384921,"flow_last_seen":1467725384921,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725384921,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.7","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3}
00435{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1467725384921,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":46,"pkt_l4_len":24,"thread_ts_msec":1467725384921,"pkt":"RQAALAmYAAB5EfxDwKi5jcCoAQfDqSGkABg0Q0JKTlACAQAAF6wAAAAAAAC5aQ=="}
00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725384921,"flow_last_seen":1467725384921,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725384921,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.7","src_port":50089,"dst_port":8612,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725385125,"flow_last_seen":1467725385125,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725385125,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.8","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3}
00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467725384921,"flow_last_seen":1467725384921,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725384921,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.7","src_port":50089,"dst_port":8612,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467725385125,"flow_last_seen":1467725385125,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725385125,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.8","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3}
00435{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1467725385125,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":46,"pkt_l4_len":24,"thread_ts_msec":1467725385125,"pkt":"RQAALAmaAAB5EfxAwKi5jcCoAQjDqSGkABg0QUJKTlACAQAAF60AAAAAAACvDw=="}
00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725385125,"flow_last_seen":1467725385125,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725385125,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.8","src_port":50089,"dst_port":8612,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725385329,"flow_last_seen":1467725385329,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725385329,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.9","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3}
00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467725385125,"flow_last_seen":1467725385125,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725385125,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.8","src_port":50089,"dst_port":8612,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467725385329,"flow_last_seen":1467725385329,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725385329,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.9","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3}
00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1467725385329,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":46,"pkt_l4_len":24,"thread_ts_msec":1467725385329,"pkt":"RQAALAmbAAB5Efw+wKi5jcCoAQnDqSGkABg0P0JKTlACAQAAF64AAAAAAABjbw=="}
00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725385329,"flow_last_seen":1467725385329,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725385329,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.9","src_port":50089,"dst_port":8612,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}}
00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1467725378685,"flow_last_seen":1467725378685,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725385329,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.17","src_port":50087,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}}
00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1467725385329,"flow_last_seen":1467725385329,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725385329,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.9","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}}
00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1467725385125,"flow_last_seen":1467725385125,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725385329,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.8","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}}
00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1467725384921,"flow_last_seen":1467725384921,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725385329,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.7","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}}
00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1467725384721,"flow_last_seen":1467725384721,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725385329,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.6","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}}
00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1467725384517,"flow_last_seen":1467725384517,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725385329,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.5","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}}
00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1467725384313,"flow_last_seen":1467725384313,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725385329,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.4","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}}
00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1467725384113,"flow_last_seen":1467725384113,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725385329,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.3","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}}
00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1467725383909,"flow_last_seen":1467725383909,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725385329,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.2","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}}
00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1467725383705,"flow_last_seen":1467725383705,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725385329,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.1","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}}
00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467725385329,"flow_last_seen":1467725385329,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725385329,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.9","src_port":50089,"dst_port":8612,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}}
00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467725378685,"flow_last_seen":1467725378685,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725385329,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.17","src_port":50087,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}}
00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467725385329,"flow_last_seen":1467725385329,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725385329,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.9","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}}
00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467725385125,"flow_last_seen":1467725385125,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725385329,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.8","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}}
00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467725384921,"flow_last_seen":1467725384921,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725385329,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.7","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}}
00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467725384721,"flow_last_seen":1467725384721,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725385329,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.6","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}}
00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467725384517,"flow_last_seen":1467725384517,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725385329,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.5","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}}
00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467725384313,"flow_last_seen":1467725384313,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725385329,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.4","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}}
00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467725384113,"flow_last_seen":1467725384113,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725385329,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.3","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}}
00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467725383909,"flow_last_seen":1467725383909,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725385329,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.2","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}}
00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467725383705,"flow_last_seen":1467725383705,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725385329,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.1","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}}
00555{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"bjnp.pcap","alias":"nDPId-test","packets-captured":10,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":160,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":43,"global_ts_msec":1467725385329}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 10/10
@@ -49,10 +49,10 @@
~~ total active/idle flows...: 10/10
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6012907 bytes
~~ total memory freed........: 6012907 bytes
~~ total memory allocated....: 6012987 bytes
~~ total memory freed........: 6012987 bytes
~~ total allocations/frees...: 120922/120922
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 440 chars
~~ json string max len.......: 682 chars
~~ json string avg len.......: 560 chars
~~ json string max len.......: 688 chars
~~ json string avg len.......: 563 chars

14
test/results/bot.pcap.out
View File

@@ -1,11 +1,11 @@
00454{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"bot.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00543{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"bot.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1645108240233}
00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1645108240233,"flow_last_seen":1645108240233,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1645108240233,"l3_proto":"ip4","src_ip":"40.77.167.36","dst_ip":"89.31.72.220","src_port":64768,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1645108240233,"flow_last_seen":1645108240233,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1645108240233,"l3_proto":"ip4","src_ip":"40.77.167.36","dst_ip":"89.31.72.220","src_port":64768,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"bot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1645108240233,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":66,"pkt_l4_len":28,"thread_ts_msec":1645108240233,"pkt":"AFBWtlQQQFU5D63CgQAATQgARQIAMBFSQABuBooHKE2nJFkfSNz9AABQtwbJ7AAAAABwwvrwl9EAAAIEBaABAQQC"}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"bot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1645108240233,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":66,"pkt_l4_len":28,"thread_ts_msec":1645108240233,"pkt":"AAAMB6wytJaRl+L8gQAATQgARQAAMAAAQAA\/BspbWR9I3ChNpyQAUP0AWPWTl7cGye1wEnIQNMAAAAIEBbQBAQQC"}
00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"bot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1645108240339,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":64,"pkt_l4_len":20,"thread_ts_msec":1645108240339,"pkt":"AFBWtlQQQFU5D63CgQAATQgARQAAKBFTQABuBooQKE2nJFkfSNz9AABQtwbJ7Vj1k5hQEPrw2KMAAKqq+vDYow=="}
00872{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"bot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1645108240233,"flow_last_seen":1645108240339,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":316,"flow_tot_l4_payload_len":316,"flow_avg_l4_payload_len":79,"midstream":0,"thread_ts_msec":1645108240339,"l3_proto":"ip4","src_ip":"40.77.167.36","dst_ip":"89.31.72.220","src_port":64768,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Azure","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"atlanteditorino.it","url":"atlanteditorino.it\/quartieri\/img\/S.Donato_M.Vittoria1930_B.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (compatible; bingbot\/2.0; +http:\/\/www.bing.com\/bingbot.htm)"}}
00685{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":402,"source":"bot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":402,"flow_first_seen":1645108240233,"flow_last_seen":1645108245896,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":407096,"flow_avg_l4_payload_len":1012,"midstream":0,"thread_ts_msec":1645108245896,"l3_proto":"ip4","src_ip":"40.77.167.36","dst_ip":"89.31.72.220","src_port":64768,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Azure","breed":"Acceptable","category":"Cloud"}}
00878{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"bot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1645108240233,"flow_last_seen":1645108240339,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":316,"flow_tot_l4_payload_len":316,"midstream":0,"thread_ts_msec":1645108240339,"l3_proto":"ip4","src_ip":"40.77.167.36","dst_ip":"89.31.72.220","src_port":64768,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Azure","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"atlanteditorino.it","url":"atlanteditorino.it\/quartieri\/img\/S.Donato_M.Vittoria1930_B.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (compatible; bingbot\/2.0; +http:\/\/www.bing.com\/bingbot.htm)"}}
00691{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":402,"source":"bot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":115,"flow_dst_packets_processed":287,"flow_first_seen":1645108240233,"flow_last_seen":1645108245896,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":407096,"midstream":0,"thread_ts_msec":1645108245896,"l3_proto":"ip4","src_ip":"40.77.167.36","dst_ip":"89.31.72.220","src_port":64768,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Azure","breed":"Acceptable","category":"Cloud"}}
00556{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":402,"source":"bot.pcap","alias":"nDPId-test","packets-captured":402,"packets-processed":402,"total-skipped-flows":0,"total-l4-payload-len":407096,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1645108245896}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 402/402
@@ -15,10 +15,10 @@
~~ total active/idle flows...: 1/1
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6014957 bytes
~~ total memory freed........: 6014957 bytes
~~ total memory allocated....: 6014965 bytes
~~ total memory freed........: 6014965 bytes
~~ total allocations/frees...: 121283/121283
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 459 chars
~~ json string max len.......: 877 chars
~~ json string avg len.......: 647 chars
~~ json string max len.......: 883 chars
~~ json string avg len.......: 650 chars

14
test/results/bt_search.pcap.out
View File

@@ -1,10 +1,10 @@
00460{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"bt_search.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00549{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"bt_search.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1430752225251}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bt_search.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430752225251,"flow_last_seen":1430752225251,"flow_idle_time":200000,"flow_min_l4_payload_len":119,"flow_max_l4_payload_len":119,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":119,"midstream":0,"thread_ts_msec":1430752225251,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"239.192.152.143","src_port":6771,"dst_port":6771,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bt_search.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430752225251,"flow_last_seen":1430752225251,"flow_idle_time":200000,"flow_min_l4_payload_len":119,"flow_max_l4_payload_len":119,"flow_tot_l4_payload_len":119,"midstream":0,"thread_ts_msec":1430752225251,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"239.192.152.143","src_port":6771,"dst_port":6771,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00596{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"bt_search.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1430752225251,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":161,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":161,"pkt_l4_len":127,"thread_ts_msec":1430752225251,"pkt":"AQBeQJiPABZEH1lmCABFAACTaOEAAP8RCRrAqABm78CYjxpzGnMAf8gHQlQtU0VBUkNIICogSFRUUC8xLjENCkhvc3Q6IDIzOS4xOTIuMTUyLjE0Mzo2NzcxDQpQb3J0OiA2MTE5Nw0KSW5mb2hhc2g6IEVENEYxMDg1RTg4NUY5OEY5QTY5QjcwRUU4OUVCOTg4QjhGRDkxMTUNCg0KDQo="}
00687{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"bt_search.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430752225251,"flow_last_seen":1430752225251,"flow_idle_time":200000,"flow_min_l4_payload_len":119,"flow_max_l4_payload_len":119,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":119,"midstream":0,"thread_ts_msec":1430752225251,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"239.192.152.143","src_port":6771,"dst_port":6771,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":""}}
00692{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"bt_search.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430752225251,"flow_last_seen":1430752225251,"flow_idle_time":200000,"flow_min_l4_payload_len":119,"flow_max_l4_payload_len":119,"flow_tot_l4_payload_len":119,"midstream":0,"thread_ts_msec":1430752225251,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"239.192.152.143","src_port":6771,"dst_port":6771,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":""}}
00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"bt_search.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1430752525284,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":161,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":161,"pkt_l4_len":127,"thread_ts_msec":1430752525284,"pkt":"AQBeQJiPABZEH1lmCABFAACTCiwAAP8RZ8\/AqABm78CYjxpzGnMAf8gHQlQtU0VBUkNIICogSFRUUC8xLjENCkhvc3Q6IDIzOS4xOTIuMTUyLjE0Mzo2NzcxDQpQb3J0OiA2MTE5Nw0KSW5mb2hhc2g6IEVENEYxMDg1RTg4NUY5OEY5QTY5QjcwRUU4OUVCOTg4QjhGRDkxMTUNCg0KDQo="}
00588{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"bt_search.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430752225251,"flow_last_seen":1430752525284,"flow_idle_time":200000,"flow_min_l4_payload_len":119,"flow_max_l4_payload_len":119,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":119,"midstream":0,"thread_ts_msec":1430752525284,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"239.192.152.143","src_port":6771,"dst_port":6771,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00593{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"bt_search.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1430752225251,"flow_last_seen":1430752525284,"flow_idle_time":200000,"flow_min_l4_payload_len":119,"flow_max_l4_payload_len":119,"flow_tot_l4_payload_len":238,"midstream":0,"thread_ts_msec":1430752525284,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"239.192.152.143","src_port":6771,"dst_port":6771,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00553{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"bt_search.pcap","alias":"nDPId-test","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":238,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_msec":1430752525284}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 2/2
@@ -14,10 +14,10 @@
~~ total active/idle flows...: 1/1
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6265267 bytes
~~ total memory freed........: 6265267 bytes
~~ total memory allocated....: 6265275 bytes
~~ total memory freed........: 6265275 bytes
~~ total allocations/frees...: 120879/120879
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 465 chars
~~ json string max len.......: 692 chars
~~ json string avg len.......: 572 chars
~~ json string max len.......: 697 chars
~~ json string avg len.......: 575 chars

18
test/results/cachefly.pcapng.out
View File

@@ -1,13 +1,13 @@
00461{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cachefly.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00550{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cachefly.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1639053996915}
00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cachefly.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639053996915,"flow_last_seen":1639053996915,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1639053996915,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":43766,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cachefly.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639053996915,"flow_last_seen":1639053996915,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1639053996915,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":43766,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cachefly.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1639053996915,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1639053996915,"pkt":"AAAAAAAAAAEAzkGkCABFAAA8AABAADgGbggKCgoBwKgAAQG7qvYcGrARC\/df8aASOJAXeAAAAgQFtAQCCAr4WKdZ8aCtGAEDAwk="}
01168{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cachefly.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1639053997244,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1639053997244,"pkt":"AAAAAAAAAAEAzkGkCABFAAI5KtdAAD8GOjTAqAABCgoKAar2AbsL91\/xHBqwEoAYAECN7gAAAQEICvGgrmz4WKdZFgMBAgABAAH8AwN5I1ozU7xInxtJozbyruWCcUxU4dIiuEr772yEdl+IjiA8lzzThjK9JFGzvzmsOf5jh+xiqEIzY+\/b\/bu2q\/rhKgAgysoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTKioAAAAAABcAFQAAEmFwcHR2LmNhY2hlZmx5Lm5ldAAXAAD\/AQABAAAKAAoACBoaAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApGhoAAQAAHQAgnPDvY\/VXlPM6JRGRsi41pgbweEr23XZr7mS8KeaUbX0ALQACAQEAKwALCjo6AwQDAwMCAwEAGwADAgACRGkABQADAmgyiooAAQAAFQDBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00899{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cachefly.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1639053996915,"flow_last_seen":1639053997244,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":258,"midstream":0,"thread_ts_msec":1639053997244,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":43766,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"apptv.cachefly.net","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00904{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cachefly.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1639053996915,"flow_last_seen":1639053997244,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"midstream":0,"thread_ts_msec":1639053997244,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":43766,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"apptv.cachefly.net","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02281{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cachefly.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1639053997267,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1414,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1414,"pkt_l4_len":1380,"thread_ts_msec":1639053997267,"pkt":"AAAAAAAAAAEAzkGkCABFAAV41QdAADgGk8QKCgoBwKgAAQG7qvYcGrASC\/dh9oAQAB9MhQAAAQEICvhYqLjxoK5sFgMDAEYCAABCAwMckji4QqFlZ8wxA4wqX71jTFy6Bbx3Tac4JpUf64Yh9QDALwAAGv8BAAEAAAsABAMAAQIAIwAAABAABQADAmgyFgMDEs8LABLLABLIAAsKMIILBjCCCe6gAwIBAgIME2NTBK0T7j5OXLNwMA0GCSqGSIb3DQEBCwUAMFAxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMSYwJAYDVQQDEx1HbG9iYWxTaWduIFJTQSBPViBTU0wgQ0EgMjAxODAeFw0yMTEwMTgyMDIxMDNaFw0yMjExMTkyMDIxMDNaMGgxCzAJBgNVBAYTAlVTMREwDwYDVQQIEwhJbGxpbm9pczEQMA4GA1UEBxMHQ2hpY2FnbzEbMBkGA1UEChMSQ2FjaGVuZXR3b3JrcywgTExDMRcwFQYDVQQDDA4qLmNhY2hlZmx5Lm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL\/+fRCDTZEScrfWCMFyaixKeqElAO7ykgeSwfvJjJ0wnRMXDhl9Jl08jKWm\/d3Hktb+0la4oTxnWOXZAHkeMPMd8z5IEjNstMoXVnzzvYTEc4hes6PN3Tko5DyTkpvaiHk24ljRERvEWhRYaw4RnKrT9b+zSwlZOueaejMtqkfNRXDPSR1x3Jl2oQbiXO5T+fqoY+sZN6tOhj6mQW65LLPhC4vk+E4JPhFb1yN\/vHAl5Nki2qqUNydYyxklH4FNUrCnzcInO8MG4k4UvzfLoF5IOdgByO3cVOhvWff2S\/Iy1d3+tC7BZ3FL7Yj\/WhfXV+SI\/dS2PepELisfoFHyq5sCAwEAAaOCB8YwggfCMA4GA1UdDwEB\/wQEAwIFoDCBjgYIKwYBBQUHAQEEgYEwfzBEBggrBgEFBQcwAoY4aHR0cDovL3NlY3VyZS5nbG9iYWxzaWduLmNvbS9jYWNlcnQvZ3Nyc2FvdnNzbGNhMjAxOC5jcnQwNwYIKwYBBQUHMAGGK2h0dHA6Ly9vY3NwLmdsb2JhbHNpZ24uY29tL2dzcnNhb3Zzc2xjYTIwMTgwVgYDVR0gBE8wTTBBBgkrBgEEAaAyARQwNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2lnbi5jb20vcmVwb3NpdG9yeS8wCAYGZ4EMAQICMAkGA1UdEwQCMAAwggTYBgNVHREEggTPMIIEy4IOKi5jYWNoZWZseS5uZXSCEGdldC50YXhjeWNsZS5jb22CDWJvb2tzMjR4Ny5jb22CGHNpdGVjbG9zZWQub3ZlcmRyaXZlLmNvbYIRYy5hZHZlbnR1cmVydi5uZXSCFmRvd25sb2FkLmFjb3VzdGljYS5jb22CE2Nkbi5hcnN0ZWNobmljYS5uZXSCEW9jcC5jc2NnbG9iYWwuY29tghRjZG4tdy5nZXR0cmFmZmljLmNvbYIbY2YuY2RuLnBvdW5kc3RvcG9ja2V0LmNvLnVrghVjZi5jZG4uY2FzaG5ldHVzYS5jb22CFmNmLmNkbi5xdWlja3F1aWQuY28udWuCFmRvd25sb2Fkcy5vbmNlbnRlci5jb22CE2NhY2hlLmdyZWVuMTAyMC5jb22CFXNvZnR3YXJlLm9udGhlaHViLmNvbYIQY29kZS5tdXJkb29nLmNvbYIQaW1nLnRyYWRlcHViLmNvbYIUaW1hZ2VzLm92ZXJkcml2ZS5jb22CF3N0YXRpYy5yZWFkeWZsb3dlcnMuY29tghVjZG4ucmljaA=="}
00955{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"cachefly.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1639053996915,"flow_last_seen":1639053997267,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1348,"flow_tot_l4_payload_len":1865,"flow_avg_l4_payload_len":621,"midstream":0,"thread_ts_msec":1639053997267,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":43766,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"apptv.cachefly.net","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02393{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cachefly.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1639053996915,"flow_last_seen":1639053997267,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1348,"flow_tot_l4_payload_len":5759,"flow_avg_l4_payload_len":959,"midstream":0,"thread_ts_msec":1639053997267,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":43766,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cachefly","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"apptv.cachefly.net","server_names":"*.cachefly.net,get.taxcycle.com,books24x7.com,siteclosed.overdrive.com,c.adventurerv.net,download.acoustica.com,cdn.arstechnica.net,ocp.cscglobal.com,cdn-w.gettraffic.com,cf.cdn.poundstopocket.co.uk,cf.cdn.cashnetusa.com,cf.cdn.quickquid.co.uk,downloads.oncenter.com,cache.green1020.com,software.onthehub.com,code.murdoog.com,img.tradepub.com,images.overdrive.com,static.readyflowers.com,cdn.richrelevance.com,qastatic.richrelevance.net,cache.agilebits.com,cachefly.alfredapp.com,download.fosshub.com,cdncontent.skillsoftcompliance.com,cdnlibrary.qual.skillport.com,cdnlibrary.skillport.com,cdnlibrary.skillport.eu,cdnlibrary-otls.skillport.com,st-cdn01.net-perform.com,assets.yandycdn.com,cdn.nexternal.com,www.workcred.org,img.sedoparking.com,www.standardsboostbusiness.org,cdn.sparklingsociety.net,smartupdate1.centralpointnow.com,cdn.edgeuno.com,downloads.pdf-xchange.com,cachefly.kinematics.com,cachefly.discoverinspire.com,static.volotea.com,*.cachefly.com,*.pluralsight.com,*.cdn.overdrive.com,*.contentreserve.com,*.listen.overdrivechina.cn,*.od-cdn.com,*.overdrivechina.cn,*.read.overdrivechina.cn,*.rbxcdn.com,*.books24x7.com,*.ansi.org,*.livee.com,cachefly.net","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018","subjectDN":"C=US, ST=Illinois, L=Chicago, O=Cachenetworks, LLC, CN=*.cachefly.net","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"14:84:4F:1F:E8:A1:78:8A:12:27:36:B8:42:AB:42:52:FC:3B:C4:BA"}}
00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cachefly.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1639053996915,"flow_last_seen":1639053997267,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1348,"flow_tot_l4_payload_len":5759,"flow_avg_l4_payload_len":959,"midstream":0,"thread_ts_msec":1639053997267,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":43766,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cachefly","breed":"Acceptable","category":"Cloud"}}
00960{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"cachefly.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1639053996915,"flow_last_seen":1639053997267,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1348,"flow_tot_l4_payload_len":1865,"midstream":0,"thread_ts_msec":1639053997267,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":43766,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"apptv.cachefly.net","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02398{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cachefly.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1639053996915,"flow_last_seen":1639053997267,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1348,"flow_tot_l4_payload_len":5759,"midstream":0,"thread_ts_msec":1639053997267,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":43766,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cachefly","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"apptv.cachefly.net","server_names":"*.cachefly.net,get.taxcycle.com,books24x7.com,siteclosed.overdrive.com,c.adventurerv.net,download.acoustica.com,cdn.arstechnica.net,ocp.cscglobal.com,cdn-w.gettraffic.com,cf.cdn.poundstopocket.co.uk,cf.cdn.cashnetusa.com,cf.cdn.quickquid.co.uk,downloads.oncenter.com,cache.green1020.com,software.onthehub.com,code.murdoog.com,img.tradepub.com,images.overdrive.com,static.readyflowers.com,cdn.richrelevance.com,qastatic.richrelevance.net,cache.agilebits.com,cachefly.alfredapp.com,download.fosshub.com,cdncontent.skillsoftcompliance.com,cdnlibrary.qual.skillport.com,cdnlibrary.skillport.com,cdnlibrary.skillport.eu,cdnlibrary-otls.skillport.com,st-cdn01.net-perform.com,assets.yandycdn.com,cdn.nexternal.com,www.workcred.org,img.sedoparking.com,www.standardsboostbusiness.org,cdn.sparklingsociety.net,smartupdate1.centralpointnow.com,cdn.edgeuno.com,downloads.pdf-xchange.com,cachefly.kinematics.com,cachefly.discoverinspire.com,static.volotea.com,*.cachefly.com,*.pluralsight.com,*.cdn.overdrive.com,*.contentreserve.com,*.listen.overdrivechina.cn,*.od-cdn.com,*.overdrivechina.cn,*.read.overdrivechina.cn,*.rbxcdn.com,*.books24x7.com,*.ansi.org,*.livee.com,cachefly.net","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018","subjectDN":"C=US, ST=Illinois, L=Chicago, O=Cachenetworks, LLC, CN=*.cachefly.net","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"14:84:4F:1F:E8:A1:78:8A:12:27:36:B8:42:AB:42:52:FC:3B:C4:BA"}}
00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cachefly.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1639053996915,"flow_last_seen":1639053997267,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1348,"flow_tot_l4_payload_len":5759,"midstream":0,"thread_ts_msec":1639053997267,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":43766,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cachefly","breed":"Acceptable","category":"Cloud"}}
00556{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cachefly.pcapng","alias":"nDPId-test","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":5759,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_msec":1639053997267}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 6/6
@@ -17,10 +17,10 @@
~~ total active/idle flows...: 1/1
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6050694 bytes
~~ total memory freed........: 6050694 bytes
~~ total memory allocated....: 6050702 bytes
~~ total memory freed........: 6050702 bytes
~~ total allocations/frees...: 120945/120945
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 466 chars
~~ json string max len.......: 2398 chars
~~ json string avg len.......: 1404 chars
~~ json string max len.......: 2403 chars
~~ json string avg len.......: 1406 chars

34
test/results/capwap.pcap.out
View File

@@ -1,11 +1,11 @@
00457{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"capwap.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00546{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"capwap.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1422328949167}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"capwap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1422328949167,"flow_last_seen":1422328949167,"flow_idle_time":200000,"flow_min_l4_payload_len":65,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":65,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1422328949167,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12379,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"capwap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1422328949167,"flow_last_seen":1422328949167,"flow_idle_time":200000,"flow_min_l4_payload_len":65,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":65,"midstream":0,"thread_ts_msec":1422328949167,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12379,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"capwap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1422328949167,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"thread_ts_msec":1422328949167,"pkt":"uDhh8wWsJOmzR64gCABFwABdANlAAH8RZJPAqAoJwKgKChR+MFsASQAAAQAAABX+\/wABAAAAAAABADCRUl3gOBqBz\/u8XElQaHVuhYA4Oyehwv8gEXQ+BVAOU1L6bxnlZCgpb3mFtLC\/ZhI="}
00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"capwap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1422328949167,"flow_last_seen":1422328949167,"flow_idle_time":200000,"flow_min_l4_payload_len":65,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":65,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1422328949167,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12379,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"CAPWAP","breed":"Acceptable","category":"Network"}}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"capwap.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1422328963915,"flow_last_seen":1422328963915,"flow_idle_time":200000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1422328963915,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":49259,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"capwap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1422328949167,"flow_last_seen":1422328949167,"flow_idle_time":200000,"flow_min_l4_payload_len":65,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":65,"midstream":0,"thread_ts_msec":1422328949167,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12379,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"CAPWAP","breed":"Acceptable","category":"Network"}}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"capwap.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1422328963915,"flow_last_seen":1422328963915,"flow_idle_time":200000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"midstream":0,"thread_ts_msec":1422328963915,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":49259,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"capwap.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1422328963915,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"thread_ts_msec":1422328963915,"pkt":"\/\/\/\/\/\/\/\/uDhh8wWsCABFAABFAAEAAP8R8PTAqAoK\/\/\/\/\/8BrADUAMQAA9LUBAAABAAAAAAAAF0NJU0NPLUNBUFdBUC1DT05UUk9MTEVSAAABAAE="}
00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"capwap.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1422328963915,"flow_last_seen":1422328963915,"flow_idle_time":200000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1422328963915,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":49259,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"cisco-capwap-controller","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"capwap.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1422328963915,"flow_last_seen":1422328963915,"flow_idle_time":200000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"midstream":0,"thread_ts_msec":1422328963915,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":49259,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"cisco-capwap-controller","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"capwap.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1422328966914,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"thread_ts_msec":1422328966914,"pkt":"\/\/\/\/\/\/\/\/uDhh8wWsCABFAABFAAIAAP8R8PPAqAoK\/\/\/\/\/8BrADUAMQAA9LUBAAABAAAAAAAAF0NJU0NPLUNBUFdBUC1DT05UUk9MTEVSAAABAAE="}
00181{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":4,"source":"capwap.pcap","alias":"nDPId-test","layer_type":351,"global_ts_msec":1422328970067}
00756{"packet_event_id":1,"packet_event_name":"packet","packet_id":4,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":365,"pkt_type":351,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":365,"pkt_l4_len":0,"thread_ts_msec":1422328966914,"pkt":"AQAMzMzMuDhh8wWsAV+qqgMAAAwgAAK0db0AAQAUQVBiODM4LjYxZjMuMDVhYwAFAPJDaXNjbyBJT1MgU29mdHdhcmUsIEMyNjAwIFNvZnR3YXJlIChBUDNHMi1LOVc4LU0pLCBWZXJzaW9uIDE1LjIoNClKQTEsIFJFTEVBU0UgU09GVFdBUkUgKGZjMikKVGVjaG5pY2FsIFN1cHBvcnQ6IGh0dHA6Ly93d3cuY2lzY28uY29tL3RlY2hzdXBwb3J0CkNvcHlyaWdodCAoYykgMTk4Ni0yMDEzIGJ5IENpc2NvIFN5c3RlbXMsIEluYy4KQ29tcGlsZWQgVHVlIDMwLUp1bC0xMyAyMjo1NyBieSBwcm9kX3JlbF90ZWFtAAYAG2Npc2NvIEFJUi1DQVAyNjAySS1RLUs5AAIAEQAAAAEBAcwABMCoCgoAAwAUR2lnYWJpdEV0aGVybmV0MAAEAAgAAAADAAsABQE="}
@@ -19,18 +19,18 @@
00801{"packet_event_id":1,"packet_event_name":"packet","packet_id":11,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":397,"pkt_type":383,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":397,"pkt_l4_len":0,"thread_ts_msec":1422328966914,"pkt":"AQAMzMzMuDhh8wWsAX+qqgMAAAwgAAK0cl0AAQAUQVBiODM4LjYxZjMuMDVhYwAFAPJDaXNjbyBJT1MgU29mdHdhcmUsIEMyNjAwIFNvZnR3YXJlIChBUDNHMi1LOVc4LU0pLCBWZXJzaW9uIDE1LjIoNClKQTEsIFJFTEVBU0UgU09GVFdBUkUgKGZjMikKVGVjaG5pY2FsIFN1cHBvcnQ6IGh0dHA6Ly93d3cuY2lzY28uY29tL3RlY2hzdXBwb3J0CkNvcHlyaWdodCAoYykgMTk4Ni0yMDEzIGJ5IENpc2NvIFN5c3RlbXMsIEluYy4KQ29tcGlsZWQgVHVlIDMwLUp1bC0xMyAyMjo1NyBieSBwcm9kX3JlbF90ZWFtAAYAG2Npc2NvIEFJUi1DQVAyNjAySS1RLUs5AAIAEQAAAAEBAcwABMCoCgoAAwAWR2lnYWJpdEV0aGVybmV0MC4xAAQACAAAAAMACwAFAQAPAAggAAAAABAABjLIABkAEKSNAAAAADwoAAAyyA=="}
00182{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":12,"source":"capwap.pcap","alias":"nDPId-test","layer_type":383,"global_ts_msec":1422328993294}
00801{"packet_event_id":1,"packet_event_name":"packet","packet_id":12,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":397,"pkt_type":383,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":397,"pkt_l4_len":0,"thread_ts_msec":1422328966914,"pkt":"AQAMzMzMuDhh8wWsAX+qqgMAAAwgAAK0cl0AAQAUQVBiODM4LjYxZjMuMDVhYwAFAPJDaXNjbyBJT1MgU29mdHdhcmUsIEMyNjAwIFNvZnR3YXJlIChBUDNHMi1LOVc4LU0pLCBWZXJzaW9uIDE1LjIoNClKQTEsIFJFTEVBU0UgU09GVFdBUkUgKGZjMikKVGVjaG5pY2FsIFN1cHBvcnQ6IGh0dHA6Ly93d3cuY2lzY28uY29tL3RlY2hzdXBwb3J0CkNvcHlyaWdodCAoYykgMTk4Ni0yMDEzIGJ5IENpc2NvIFN5c3RlbXMsIEluYy4KQ29tcGlsZWQgVHVlIDMwLUp1bC0xMyAyMjo1NyBieSBwcm9kX3JlbF90ZWFtAAYAG2Npc2NvIEFJUi1DQVAyNjAySS1RLUs5AAIAEQAAAAEBAcwABMCoCgoAAwAWR2lnYWJpdEV0aGVybmV0MC4xAAQACAAAAAMACwAFAQAPAAggAAAAABAABjLIABkAEKSNAAAAADwoAAAyyA=="}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"capwap.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1422329005766,"flow_last_seen":1422329005766,"flow_idle_time":200000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":123,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":1422329005766,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":12380,"dst_port":5246,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"capwap.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1422329005766,"flow_last_seen":1422329005766,"flow_idle_time":200000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":123,"midstream":0,"thread_ts_msec":1422329005766,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":12380,"dst_port":5246,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"capwap.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1422329005766,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":165,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":165,"pkt_l4_len":131,"thread_ts_msec":1422329005766,"pkt":"\/\/\/\/\/\/\/\/uDhh8wWsCABFwACXAARAAP8Rr9\/AqAoK\/\/\/\/\/zBcFH4AgwAAACACEAAAAAAGWAogaQ4g6AAAAAEAAGYAABQAAQAAJwAoAgIAAQBAlgAAAAAEAQAAAABAlgAAAQAEBwVmAABAlgAAAgAEDAQZAAApAAEEACwAAQEAJQAKAECWAADPAQAAAQAlABYAQJYAAAVBUGI4MzguNjFmMy4wNWFj"}
00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"capwap.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1422329005766,"flow_last_seen":1422329005766,"flow_idle_time":200000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":123,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":1422329005766,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":12380,"dst_port":5246,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"CAPWAP","breed":"Acceptable","category":"Network"}}
00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"capwap.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1422329005766,"flow_last_seen":1422329005766,"flow_idle_time":200000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":123,"midstream":0,"thread_ts_msec":1422329005766,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":12380,"dst_port":5246,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"CAPWAP","breed":"Acceptable","category":"Network"}}
00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"capwap.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1422329005766,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":165,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":165,"pkt_l4_len":131,"thread_ts_msec":1422329005766,"pkt":"\/\/\/\/\/\/\/\/uDhh8wWsCABFwACXAARAAP8Rr9\/AqAoK\/\/\/\/\/zBcFH4AgwAAACACEAAAAAAGWAogaQ4g6AAAAAEAAGYAABQAAQAAJwAoAgIAAQBAlgAAAAAEAQAAAABAlgAAAQAEBwVmAABAlgAAAgAEDAQZAAApAAEEACwAAQEAJQAKAECWAADPAQAAAQAlABYAQJYAAAVBUGI4MzguNjFmMy4wNWFj"}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"capwap.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1422329005767,"flow_last_seen":1422329005767,"flow_idle_time":200000,"flow_min_l4_payload_len":114,"flow_max_l4_payload_len":114,"flow_tot_l4_payload_len":114,"flow_avg_l4_payload_len":114,"midstream":0,"thread_ts_msec":1422329005767,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12380,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"capwap.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1422329005767,"flow_last_seen":1422329005767,"flow_idle_time":200000,"flow_min_l4_payload_len":114,"flow_max_l4_payload_len":114,"flow_tot_l4_payload_len":114,"midstream":0,"thread_ts_msec":1422329005767,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12380,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"capwap.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1422329005767,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":156,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":156,"pkt_l4_len":122,"thread_ts_msec":1422329005767,"pkt":"uDhh8wWsJOmzR64gCABFwACOANoAAH8RpGHAqAoJwKgKChR+MFwAegAAABACAAAAAAAAAAACAABlAAABACQAAAPoAAAABQIBAAMAQJYAAAEABAcFZgAAQJYAAAAABAEAAAEABAAJQ2lzY28yNTA0BBgABQAAAAAAAAoABsCoCgkAAAAlAAcAQJYAANAAACUACwBAlgAAl1THBF8A"}
00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"capwap.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1422329005767,"flow_last_seen":1422329005767,"flow_idle_time":200000,"flow_min_l4_payload_len":114,"flow_max_l4_payload_len":114,"flow_tot_l4_payload_len":114,"flow_avg_l4_payload_len":114,"midstream":0,"thread_ts_msec":1422329005767,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12380,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"CAPWAP","breed":"Acceptable","category":"Network"}}
00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"capwap.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1422329005767,"flow_last_seen":1422329005767,"flow_idle_time":200000,"flow_min_l4_payload_len":114,"flow_max_l4_payload_len":114,"flow_tot_l4_payload_len":114,"midstream":0,"thread_ts_msec":1422329005767,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12380,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"CAPWAP","breed":"Acceptable","category":"Network"}}
00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"capwap.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1422329005767,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":156,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":156,"pkt_l4_len":122,"thread_ts_msec":1422329005767,"pkt":"uDhh8wWsJOmzR64gCABFwACOANsAAH8RpGDAqAoJwKgKChR+MFwAegAAABACAAAAAAAAAAACAABlAAABACQAAAPoAAAABQIBAAMAQJYAAAEABAcFZgAAQJYAAAAABAEAAAEABAAJQ2lzY28yNTA0BBgABQAAAAAAAAoABsCoCgkAAAAlAAcAQJYAANAAACUACwBAlgAAl1THBF8A"}
00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"capwap.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1422329015765,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":115,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":115,"pkt_l4_len":81,"thread_ts_msec":1422329015765,"pkt":"JOmzR64guDhh8wWsCABFwABlAAVAAP8R5V7AqAoKwKgKCTBcFH4AURfgAQAAABb+\/wAAAAAAAAAAADgBAAAsAAAAAAAAACz+\/1Z4mrz13vIlLHFGU8KNmBPwkXkcj0vpbAEOfTafYoZSAAAABAAvADMBAA=="}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":116,"source":"capwap.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1422329017533,"flow_last_seen":1422329017533,"flow_idle_time":200000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":80,"midstream":0,"thread_ts_msec":1422329017533,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"192.168.10.9","src_port":12380,"dst_port":5247,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":116,"source":"capwap.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1422329017533,"flow_last_seen":1422329017533,"flow_idle_time":200000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":80,"midstream":0,"thread_ts_msec":1422329017533,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"192.168.10.9","src_port":12380,"dst_port":5247,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"capwap.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1422329017533,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":122,"pkt_l4_len":88,"thread_ts_msec":1422329017533,"pkt":"JOmzR64guDhh8wWsCABFwABsAAFAAEARpFzAqAoKwKgKCTBcFH8AWAAAACADIAAAAAABBAAAAAAAAABAAABYCiBpDiAAAAAAAABYCiBpDiAAAN0JAECWJQEFKDMU3RsAQJYlAAEcq6fyE50AAEcACwAFJ\/9UIA8C1d0="}
00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":116,"source":"capwap.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1422329017533,"flow_last_seen":1422329017533,"flow_idle_time":200000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":80,"midstream":0,"thread_ts_msec":1422329017533,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"192.168.10.9","src_port":12380,"dst_port":5247,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"CAPWAP","breed":"Acceptable","category":"Network"}}
00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":116,"source":"capwap.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1422329017533,"flow_last_seen":1422329017533,"flow_idle_time":200000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":80,"midstream":0,"thread_ts_msec":1422329017533,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"192.168.10.9","src_port":12380,"dst_port":5247,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"CAPWAP","breed":"Acceptable","category":"Network"}}
00661{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"capwap.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1422329018033,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1422329018033,"pkt":"JOmzR64guDhh8wWsCABFwADDAAJAAEARpATAqAoKwKgKCTBcFH8ArwAAACADIAAAAAABBAAAAAAAAABAAABYCiBpDiAAAAAAAABYCiBpDiAAAN0JAECWJQEFL9Qy3RsAQJYlAAEcq6fyE50AAEkACwAFKFJLQAQC3ePdGwBAliUAARyrp\/ITnQAAHQALAAUtdhsgDQK\/xN0bAECWJQABHKun8hOdAAAOAAsABS9iq+AIAt7o3RsAQJYlAAEcq6fyE50AAAwACwAFL7WkAA0C3+g="}
00779{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"capwap.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1422329018533,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":296,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":296,"pkt_l4_len":262,"thread_ts_msec":1422329018533,"pkt":"JOmzR64guDhh8wWsCABFwAEaAANAAEARo6zAqAoKwKgKCTBcFH8BBgAAACADIAAAAAABBAAAAAAAAABAAABYCiBpDiAAAAAAAABYCiBpDiAAAN0JAECWJQEFN3Va3RsAQJYlAAEcq6fyE50AACMACwAFMGt3IAoC5+ndGwBAliUAARyrp\/ITnQAAEwALAAUwdLNADQLo6d0bAECWJQABZICZPC30AAADAAsABTJ3KPD9AqWm3RsAQJYlAAH4Ht\/dIQ8AAB8ACwAFNejwUJoCvcLdGwBAliUAAfge390hDwAAEgALAAU2FOxglQK9wt0bAECWJQAB+B7f3SEPAAAcAAsABTZHxnCRAr\/A3RsAQJYlAAH4Ht\/dIQ8AAAcACwAFN246sJsCvr4="}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":192,"source":"capwap.pcap","alias":"nDPId-test","layer_type":375,"global_ts_msec":1422329034072}
@@ -40,11 +40,11 @@
00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"capwap.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1422329136181,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":165,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":165,"pkt_l4_len":131,"thread_ts_msec":1422329136181,"pkt":"\/\/\/\/\/\/\/\/uDhh8wWsCABFwACXAGlAAP8Rr3rAqAoK\/\/\/\/\/zBcFH4AgwAAACACEAAAAAAGWAogaQ4g\/wAAABMAAGYAABQAAQEAJwAoAgIAAQBAlgAAAAAEAQAAAABAlgAAAQAEBwVmAABAlgAAAgAEDAQZAAApAAEEACwAAQEAJQAKAECWAADPAQAAAQAlABYAQJYAAAVBUGI4MzguNjFmMy4wNWFj"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":378,"source":"capwap.pcap","alias":"nDPId-test","layer_type":375,"global_ts_msec":1422329141909}
00790{"packet_event_id":1,"packet_event_name":"packet","packet_id":378,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":389,"pkt_type":375,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":389,"pkt_l4_len":0,"thread_ts_msec":1422329141029,"pkt":"AQAMzMzMuDhh8wWsAXeqqgMAAAwgAAK0KHQAAQAUQVBiODM4LjYxZjMuMDVhYwAFAPJDaXNjbyBJT1MgU29mdHdhcmUsIEMyNjAwIFNvZnR3YXJlIChBUDNHMi1LOVc4LU0pLCBWZXJzaW9uIDE1LjIoNClKQTEsIFJFTEVBU0UgU09GVFdBUkUgKGZjMikKVGVjaG5pY2FsIFN1cHBvcnQ6IGh0dHA6Ly93d3cuY2lzY28uY29tL3RlY2hzdXBwb3J0CkNvcHlyaWdodCAoYykgMTk4Ni0yMDEzIGJ5IENpc2NvIFN5c3RlbXMsIEluYy4KQ29tcGlsZWQgVHVlIDMwLUp1bC0xMyAyMjo1NyBieSBwcm9kX3JlbF90ZWFtAAYAG2Npc2NvIEFJUi1DQVAyNjAySS1RLUs5AAIAEQAAAAEBAcwABMCoCgoAAwAWR2lnYWJpdEV0aGVybmV0MC4xAAQACAAAAAMACwAFAQAQAAY8KAAZABCkjQABAAA8KAAAMsg="}
00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":379,"source":"capwap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1422328949167,"flow_last_seen":1422328949167,"flow_idle_time":200000,"flow_min_l4_payload_len":65,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":65,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1422329141029,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12379,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"CAPWAP","breed":"Acceptable","category":"Network"}}
00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":394,"source":"capwap.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1422328963915,"flow_last_seen":1422328966914,"flow_idle_time":200000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":82,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1422329152529,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":49259,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":422,"source":"capwap.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1422329005766,"flow_last_seen":1422329136181,"flow_idle_time":200000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":492,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":1422329175528,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":12380,"dst_port":5246,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"CAPWAP","breed":"Acceptable","category":"Network"}}
00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":422,"source":"capwap.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":217,"flow_first_seen":1422329005767,"flow_last_seen":1422329174862,"flow_idle_time":200000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":1457,"flow_tot_l4_payload_len":54560,"flow_avg_l4_payload_len":251,"midstream":0,"thread_ts_msec":1422329175528,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12380,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"CAPWAP","breed":"Acceptable","category":"Network"}}
00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":422,"source":"capwap.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":173,"flow_first_seen":1422329017533,"flow_last_seen":1422329175528,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":428,"flow_tot_l4_payload_len":26636,"flow_avg_l4_payload_len":153,"midstream":0,"thread_ts_msec":1422329175528,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"192.168.10.9","src_port":12380,"dst_port":5247,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"CAPWAP","breed":"Acceptable","category":"Network"}}
00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":379,"source":"capwap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1422328949167,"flow_last_seen":1422328949167,"flow_idle_time":200000,"flow_min_l4_payload_len":65,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":65,"midstream":0,"thread_ts_msec":1422329141029,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12379,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"CAPWAP","breed":"Acceptable","category":"Network"}}
00588{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":394,"source":"capwap.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1422328963915,"flow_last_seen":1422328966914,"flow_idle_time":200000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":82,"midstream":0,"thread_ts_msec":1422329152529,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":49259,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":422,"source":"capwap.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1422329005766,"flow_last_seen":1422329136181,"flow_idle_time":200000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":492,"midstream":0,"thread_ts_msec":1422329175528,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":12380,"dst_port":5246,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"CAPWAP","breed":"Acceptable","category":"Network"}}
00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":422,"source":"capwap.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":106,"flow_dst_packets_processed":111,"flow_first_seen":1422329005767,"flow_last_seen":1422329174862,"flow_idle_time":200000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":1457,"flow_tot_l4_payload_len":54560,"midstream":0,"thread_ts_msec":1422329175528,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12380,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"CAPWAP","breed":"Acceptable","category":"Network"}}
00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":422,"source":"capwap.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":170,"flow_dst_packets_processed":3,"flow_first_seen":1422329017533,"flow_last_seen":1422329175528,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":428,"flow_tot_l4_payload_len":26636,"midstream":0,"thread_ts_msec":1422329175528,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"192.168.10.9","src_port":12380,"dst_port":5247,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"CAPWAP","breed":"Acceptable","category":"Network"}}
00559{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":422,"source":"capwap.pcap","alias":"nDPId-test","packets-captured":422,"packets-processed":397,"total-skipped-flows":0,"total-l4-payload-len":81835,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":48,"global_ts_msec":1422329175528}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 422/397
@@ -54,8 +54,8 @@
~~ total active/idle flows...: 5/5
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6018774 bytes
~~ total memory freed........: 6018774 bytes
~~ total memory allocated....: 6018814 bytes
~~ total memory freed........: 6018814 bytes
~~ total allocations/frees...: 121287/121287
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 186 chars

20
test/results/cassandra.pcap.out
View File

@@ -1,17 +1,17 @@
00460{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cassandra.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00549{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cassandra.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1450889498032}
00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1450889498032,"flow_last_seen":1450889498032,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1450889498032,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46536,"dst_port":9042,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1450889498032,"flow_last_seen":1450889498032,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1450889498032,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46536,"dst_port":9042,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1450889498032,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1450889498032,"pkt":"AAAAAAAAAAAAAAAACABFAAA86nRAAEAGUkV\/AAABfwAAAbXII1K9tHk3AAAAAKACqqr+MAAAAgT\/1wQCCAon7JNDAAAAAAEDAwc="}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1450889498032,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1450889498032,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGPLp\/AAABfwAAASNStcjswQ7evbR5OKASqqr+MAAAAgT\/1wQCCAon7JNDJ+yTQwEDAwc="}
00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1450889498032,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1450889498032,"pkt":"AAAAAAAAAAAAAAAACABFAAA06nVAAEAGUkx\/AAABfwAAAbXII1K9tHk47MEO34AQAVb+KAAAAQEICifsk0Mn7JND"}
00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1450889498032,"flow_last_seen":1450889498032,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":9,"flow_tot_l4_payload_len":9,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1450889498032,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46536,"dst_port":9042,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Cassandra","breed":"Acceptable","category":"Database"}}
00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1450889498074,"flow_last_seen":1450889498074,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1450889498074,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46537,"dst_port":9042,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1450889498032,"flow_last_seen":1450889498032,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":9,"flow_tot_l4_payload_len":9,"midstream":0,"thread_ts_msec":1450889498032,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46536,"dst_port":9042,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Cassandra","breed":"Acceptable","category":"Database"}}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1450889498074,"flow_last_seen":1450889498074,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1450889498074,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46537,"dst_port":9042,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1450889498074,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1450889498074,"pkt":"AAAAAAAAAAAAAAAACABFAAA81IRAAEAGaDV\/AAABfwAAAbXJI1KmXkfoAAAAAKACqqr+MAAAAgT\/1wQCCAon7JNsAAAAAAEDAwc="}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1450889498074,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1450889498074,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGPLp\/AAABfwAAASNStckXl5aGpl5H6aASqqr+MAAAAgT\/1wQCCAon7JNsJ+yTbAEDAwc="}
00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1450889498074,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1450889498074,"pkt":"AAAAAAAAAAAAAAAACABFAAA01IVAAEAGaDx\/AAABfwAAAbXJI1KmXkfpF5eWh4AQAVb+KAAAAQEICifsk2wn7JNs"}
00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1450889498074,"flow_last_seen":1450889498074,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":9,"flow_tot_l4_payload_len":9,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1450889498074,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46537,"dst_port":9042,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Cassandra","breed":"Acceptable","category":"Database"}}
00688{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":286,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":144,"flow_first_seen":1450889498032,"flow_last_seen":1450889698077,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":25148,"flow_tot_l4_payload_len":78224,"flow_avg_l4_payload_len":543,"midstream":0,"thread_ts_msec":1450889698077,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46536,"dst_port":9042,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Cassandra","breed":"Acceptable","category":"Database"}}
00688{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":286,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":142,"flow_first_seen":1450889498074,"flow_last_seen":1450889698077,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":11446,"flow_tot_l4_payload_len":28884,"flow_avg_l4_payload_len":203,"midstream":0,"thread_ts_msec":1450889698077,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46537,"dst_port":9042,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Cassandra","breed":"Acceptable","category":"Database"}}
00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1450889498074,"flow_last_seen":1450889498074,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":9,"flow_tot_l4_payload_len":9,"midstream":0,"thread_ts_msec":1450889498074,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46537,"dst_port":9042,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Cassandra","breed":"Acceptable","category":"Database"}}
00693{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":286,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":75,"flow_dst_packets_processed":69,"flow_first_seen":1450889498032,"flow_last_seen":1450889698077,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":25148,"flow_tot_l4_payload_len":78224,"midstream":0,"thread_ts_msec":1450889698077,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46536,"dst_port":9042,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Cassandra","breed":"Acceptable","category":"Database"}}
00693{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":286,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":74,"flow_dst_packets_processed":68,"flow_first_seen":1450889498074,"flow_last_seen":1450889698077,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":11446,"flow_tot_l4_payload_len":28884,"midstream":0,"thread_ts_msec":1450889698077,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46537,"dst_port":9042,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Cassandra","breed":"Acceptable","category":"Database"}}
00563{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":286,"source":"cassandra.pcap","alias":"nDPId-test","packets-captured":286,"packets-processed":286,"total-skipped-flows":0,"total-l4-payload-len":107108,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_msec":1450889698077}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 286/286
@@ -21,10 +21,10 @@
~~ total active/idle flows...: 2/2
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6012431 bytes
~~ total memory freed........: 6012431 bytes
~~ total memory allocated....: 6012447 bytes
~~ total memory freed........: 6012447 bytes
~~ total allocations/frees...: 121166/121166
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 465 chars
~~ json string max len.......: 693 chars
~~ json string avg len.......: 575 chars
~~ json string max len.......: 698 chars
~~ json string avg len.......: 577 chars

14
test/results/check_mk_new.pcap.out
View File

@@ -1,11 +1,11 @@
00463{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"check_mk_new.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00552{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"check_mk_new.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1512031663734}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1512031663734,"flow_last_seen":1512031663734,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1512031663734,"l3_proto":"ip4","src_ip":"192.168.100.22","dst_ip":"192.168.100.50","src_port":58998,"dst_port":6556,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1512031663734,"flow_last_seen":1512031663734,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1512031663734,"l3_proto":"ip4","src_ip":"192.168.100.22","dst_ip":"192.168.100.50","src_port":58998,"dst_port":6556,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1512031663734,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1512031663734,"pkt":"RjIA9qTs8soKyPpECABFEAA8gwhAAEAGbgrAqGQWwKhkMuZ2GZzVcug3AAAAAKACchA4TQAAAgQFtAQCCAorDGs\/AAAAAAEDAwc="}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1512031663734,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1512031663734,"pkt":"8soKyPpERjIA9qTsCABFAAA8AABAAEAG8SLAqGQywKhkFhmc5nZuqQJN1XLoOKAScSBJyAAAAgQFtAQCCAoWUVydKwxrPwEDAwc="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1512031663734,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1512031663734,"pkt":"RjIA9qTs8soKyPpECABFEAA0gwlAAEAGbhHAqGQWwKhkMuZ2GZzVcug4bqkCToAQAOVJwAAAAQEICisMaz8WUVyd"}
00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1512031663734,"flow_last_seen":1512031663736,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":15,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":3,"midstream":0,"thread_ts_msec":1512031663736,"l3_proto":"ip4","src_ip":"192.168.100.22","dst_ip":"192.168.100.50","src_port":58998,"dst_port":6556,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"CHECKMK","breed":"Acceptable","category":"DataTransfer"}}
00700{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":98,"source":"check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":98,"flow_first_seen":1512031663734,"flow_last_seen":1512031663775,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":4096,"flow_tot_l4_payload_len":13758,"flow_avg_l4_payload_len":140,"midstream":0,"thread_ts_msec":1512031663775,"l3_proto":"ip4","src_ip":"192.168.100.22","dst_ip":"192.168.100.50","src_port":58998,"dst_port":6556,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"CHECKMK","breed":"Acceptable","category":"DataTransfer"}}
00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1512031663734,"flow_last_seen":1512031663736,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":15,"flow_tot_l4_payload_len":15,"midstream":0,"thread_ts_msec":1512031663736,"l3_proto":"ip4","src_ip":"192.168.100.22","dst_ip":"192.168.100.50","src_port":58998,"dst_port":6556,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"CHECKMK","breed":"Acceptable","category":"DataTransfer"}}
00706{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":98,"source":"check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":49,"flow_dst_packets_processed":49,"flow_first_seen":1512031663734,"flow_last_seen":1512031663775,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":4096,"flow_tot_l4_payload_len":13758,"midstream":0,"thread_ts_msec":1512031663775,"l3_proto":"ip4","src_ip":"192.168.100.22","dst_ip":"192.168.100.50","src_port":58998,"dst_port":6556,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"CHECKMK","breed":"Acceptable","category":"DataTransfer"}}
00561{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":98,"source":"check_mk_new.pcap","alias":"nDPId-test","packets-captured":98,"packets-processed":98,"total-skipped-flows":0,"total-l4-payload-len":13758,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1512031663775}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 98/98
@@ -15,10 +15,10 @@
~~ total active/idle flows...: 1/1
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6005919 bytes
~~ total memory freed........: 6005919 bytes
~~ total memory allocated....: 6005927 bytes
~~ total memory freed........: 6005927 bytes
~~ total allocations/frees...: 120974/120974
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 468 chars
~~ json string max len.......: 705 chars
~~ json string avg len.......: 574 chars
~~ json string max len.......: 711 chars
~~ json string avg len.......: 577 chars

56
test/results/chrome.pcap.out
View File

@@ -1,24 +1,24 @@
00457{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"chrome.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00546{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"chrome.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1620902507870}
00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620902507870,"flow_last_seen":1620902507870,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620902507870,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64393,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1620902507870,"flow_last_seen":1620902507870,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620902507870,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64393,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1620902507870,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620902507870,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EvuJAbsdWbUDAAAAALAC\/\/8TEgAAAgQFtAEDAwUBAQgKM3SSOAAAAAAEAgAA"}
00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1620902507899,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620902507899,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7+4lEvFS6HVm1BKAS\/og8HwAAAgQFrAQCCAo6mxVSM3SSOAEDAwc="}
00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1620902507899,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620902507899,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EvuJAbsdWbUERLxUu4AQECxZJAAAAQEICjN0klQ6mxVS"}
00895{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620902507870,"flow_last_seen":1620902507899,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1620902507899,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64393,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"aa50c12a5dfa717d9d6ab34e97de79d5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00936{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620902507870,"flow_last_seen":1620902507935,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1620902507935,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64393,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"aa50c12a5dfa717d9d6ab34e97de79d5","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"chrome.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620902508740,"flow_last_seen":1620902508740,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620902508740,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64394,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00900{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1620902507870,"flow_last_seen":1620902507899,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"midstream":0,"thread_ts_msec":1620902507899,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64393,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"aa50c12a5dfa717d9d6ab34e97de79d5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00941{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1620902507870,"flow_last_seen":1620902507935,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"midstream":0,"thread_ts_msec":1620902507935,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64393,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"aa50c12a5dfa717d9d6ab34e97de79d5","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"chrome.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1620902508740,"flow_last_seen":1620902508740,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620902508740,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64394,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"chrome.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1620902508740,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620902508740,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EvuKAbtgbcSnAAAAALAC\/\/+8\/wAAAgQFtAEDAwUBAQgKM3SVkQAAAAAEAgAA"}
00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"chrome.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1620902508769,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620902508769,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7+4peZebaYG3EqKAS\/og23AAAAgQFrAQCCAo6mxi5M3SVkQEDAwc="}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"chrome.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1620902508769,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620902508769,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EvuKAbtgbcSoXmXm24AQECxT5gAAAQEICjN0lag6mxi5"}
00896{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"chrome.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620902508740,"flow_last_seen":1620902508769,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":635,"flow_tot_l4_payload_len":635,"flow_avg_l4_payload_len":158,"midstream":0,"thread_ts_msec":1620902508769,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64394,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"1b73862eae8f1711440a446b1ef357fd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00935{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":49,"source":"chrome.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620902508740,"flow_last_seen":1620902508800,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":635,"flow_tot_l4_payload_len":895,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1620902508800,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64394,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"1b73862eae8f1711440a446b1ef357fd","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"chrome.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620902509272,"flow_last_seen":1620902509272,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620902509272,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64408,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00901{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"chrome.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1620902508740,"flow_last_seen":1620902508769,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":635,"flow_tot_l4_payload_len":635,"midstream":0,"thread_ts_msec":1620902508769,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64394,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"1b73862eae8f1711440a446b1ef357fd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00940{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":49,"source":"chrome.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1620902508740,"flow_last_seen":1620902508800,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":635,"flow_tot_l4_payload_len":895,"midstream":0,"thread_ts_msec":1620902508800,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64394,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"1b73862eae8f1711440a446b1ef357fd","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"chrome.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1620902509272,"flow_last_seen":1620902509272,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620902509272,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64408,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"chrome.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1620902509272,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620902509272,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EvuYAbvjd2YSAAAAALAC\/\/+WlQAAAgQFtAEDAwUBAQgKM3SXeAAAAAAEAgAA"}
00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"chrome.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620902509273,"flow_last_seen":1620902509273,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620902509273,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64409,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"chrome.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1620902509273,"flow_last_seen":1620902509273,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620902509273,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64409,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"chrome.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1620902509273,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620902509273,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EvuZAbt3hYKuAAAAALAC\/\/\/l6gAAAgQFtAEDAwUBAQgKM3SXeAAAAAAEAgAA"}
00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"chrome.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620902509274,"flow_last_seen":1620902509274,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620902509274,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64410,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"chrome.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1620902509274,"flow_last_seen":1620902509274,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620902509274,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64410,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"chrome.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1620902509274,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620902509274,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EvuaAbt39JnFAAAAALAC\/\/\/OYgAAAgQFtAEDAwUBAQgKM3SXeQAAAAAEAgAA"}
00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"chrome.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620902509276,"flow_last_seen":1620902509276,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620902509276,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64411,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"chrome.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1620902509276,"flow_last_seen":1620902509276,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620902509276,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64411,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"chrome.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1620902509276,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620902509276,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EvubAbvm4fjEAAAAALAC\/\/8AcwAAAgQFtAEDAwUBAQgKM3SXewAAAAAEAgAA"}
00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"chrome.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1620902509302,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620902509302,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7+5l1X2J5d4WCr6AS\/ojLGgAAAgQFrAQCCAo6mxrNM3SXeAEDAwc="}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"chrome.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1620902509302,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620902509302,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EvuZAbt3hYKvdV9ieoAQECzoIAAAAQEICjN0l5M6mxrN"}
@@ -28,20 +28,20 @@
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"chrome.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1620902509302,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620902509302,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EvuaAbt39JnGf4gLD4AQECwd3QAAAQEICjN0l5M6mxrM"}
00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"chrome.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1620902509303,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620902509303,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7+5sh1fPg5uH4xaAS\/oinwwAAAgQFrAQCCAo6mxrPM3SXewEDAwc="}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"chrome.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1620902509303,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620902509303,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EvubAbvm4fjFIdXz4YAQECzEywAAAQEICjN0l5Q6mxrP"}
00897{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":114,"source":"chrome.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620902509273,"flow_last_seen":1620902509303,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":635,"flow_tot_l4_payload_len":635,"flow_avg_l4_payload_len":158,"midstream":0,"thread_ts_msec":1620902509303,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64409,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"1b73862eae8f1711440a446b1ef357fd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00897{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":115,"source":"chrome.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620902509272,"flow_last_seen":1620902509303,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":635,"flow_tot_l4_payload_len":635,"flow_avg_l4_payload_len":158,"midstream":0,"thread_ts_msec":1620902509303,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64408,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"1b73862eae8f1711440a446b1ef357fd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00897{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":116,"source":"chrome.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620902509274,"flow_last_seen":1620902509304,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1620902509304,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64410,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"aa50c12a5dfa717d9d6ab34e97de79d5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00897{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":117,"source":"chrome.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620902509276,"flow_last_seen":1620902509304,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1620902509304,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64411,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"aa50c12a5dfa717d9d6ab34e97de79d5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00936{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":128,"source":"chrome.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620902509273,"flow_last_seen":1620902509333,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":635,"flow_tot_l4_payload_len":895,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1620902509333,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64409,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"1b73862eae8f1711440a446b1ef357fd","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00936{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":132,"source":"chrome.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620902509272,"flow_last_seen":1620902509335,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":635,"flow_tot_l4_payload_len":895,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1620902509335,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64408,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"1b73862eae8f1711440a446b1ef357fd","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00938{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":136,"source":"chrome.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620902509276,"flow_last_seen":1620902509338,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1620902509338,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64411,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"aa50c12a5dfa717d9d6ab34e97de79d5","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00938{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":143,"source":"chrome.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620902509274,"flow_last_seen":1620902509342,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1620902509342,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64410,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"aa50c12a5dfa717d9d6ab34e97de79d5","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00675{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":862,"flow_first_seen":1620902507870,"flow_last_seen":1620902514626,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":687973,"flow_avg_l4_payload_len":798,"midstream":0,"thread_ts_msec":1620902515049,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64393,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
00676{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1134,"flow_first_seen":1620902508740,"flow_last_seen":1620902515037,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":930115,"flow_avg_l4_payload_len":820,"midstream":0,"thread_ts_msec":1620902515049,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64394,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
00675{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":376,"flow_first_seen":1620902509272,"flow_last_seen":1620902515049,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":297726,"flow_avg_l4_payload_len":791,"midstream":0,"thread_ts_msec":1620902515049,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64408,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
00675{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":956,"flow_first_seen":1620902509273,"flow_last_seen":1620902515019,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":773272,"flow_avg_l4_payload_len":808,"midstream":0,"thread_ts_msec":1620902515049,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64409,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
00676{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":1106,"flow_first_seen":1620902509274,"flow_last_seen":1620902515040,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":914291,"flow_avg_l4_payload_len":826,"midstream":0,"thread_ts_msec":1620902515049,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64410,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
00677{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":1199,"flow_first_seen":1620902509276,"flow_last_seen":1620902515049,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1009870,"flow_avg_l4_payload_len":842,"midstream":0,"thread_ts_msec":1620902515049,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64411,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
00902{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":114,"source":"chrome.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1620902509273,"flow_last_seen":1620902509303,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":635,"flow_tot_l4_payload_len":635,"midstream":0,"thread_ts_msec":1620902509303,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64409,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"1b73862eae8f1711440a446b1ef357fd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00902{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":115,"source":"chrome.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1620902509272,"flow_last_seen":1620902509303,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":635,"flow_tot_l4_payload_len":635,"midstream":0,"thread_ts_msec":1620902509303,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64408,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"1b73862eae8f1711440a446b1ef357fd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00902{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":116,"source":"chrome.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1620902509274,"flow_last_seen":1620902509304,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"midstream":0,"thread_ts_msec":1620902509304,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64410,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"aa50c12a5dfa717d9d6ab34e97de79d5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00902{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":117,"source":"chrome.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1620902509276,"flow_last_seen":1620902509304,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"midstream":0,"thread_ts_msec":1620902509304,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64411,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"aa50c12a5dfa717d9d6ab34e97de79d5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00941{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":128,"source":"chrome.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1620902509273,"flow_last_seen":1620902509333,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":635,"flow_tot_l4_payload_len":895,"midstream":0,"thread_ts_msec":1620902509333,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64409,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"1b73862eae8f1711440a446b1ef357fd","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00941{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":132,"source":"chrome.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1620902509272,"flow_last_seen":1620902509335,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":635,"flow_tot_l4_payload_len":895,"midstream":0,"thread_ts_msec":1620902509335,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64408,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"1b73862eae8f1711440a446b1ef357fd","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00943{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":136,"source":"chrome.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1620902509276,"flow_last_seen":1620902509338,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"midstream":0,"thread_ts_msec":1620902509338,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64411,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"aa50c12a5dfa717d9d6ab34e97de79d5","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00943{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":143,"source":"chrome.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1620902509274,"flow_last_seen":1620902509342,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"midstream":0,"thread_ts_msec":1620902509342,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64410,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"aa50c12a5dfa717d9d6ab34e97de79d5","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":374,"flow_dst_packets_processed":488,"flow_first_seen":1620902507870,"flow_last_seen":1620902514626,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":687973,"midstream":0,"thread_ts_msec":1620902515049,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64393,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":472,"flow_dst_packets_processed":662,"flow_first_seen":1620902508740,"flow_last_seen":1620902515037,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":930115,"midstream":0,"thread_ts_msec":1620902515049,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64394,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":161,"flow_dst_packets_processed":215,"flow_first_seen":1620902509272,"flow_last_seen":1620902515049,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":297726,"midstream":0,"thread_ts_msec":1620902515049,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64408,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":409,"flow_dst_packets_processed":547,"flow_first_seen":1620902509273,"flow_last_seen":1620902515019,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":773272,"midstream":0,"thread_ts_msec":1620902515049,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64409,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":456,"flow_dst_packets_processed":650,"flow_first_seen":1620902509274,"flow_last_seen":1620902515040,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":914291,"midstream":0,"thread_ts_msec":1620902515049,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64410,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":472,"flow_dst_packets_processed":727,"flow_first_seen":1620902509276,"flow_last_seen":1620902515049,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1009870,"midstream":0,"thread_ts_msec":1620902515049,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64411,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
00564{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","packets-captured":5633,"packets-processed":5633,"total-skipped-flows":0,"total-l4-payload-len":4613247,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":6,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":45,"global_ts_msec":1620902515049}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 5633/5633
@@ -51,10 +51,10 @@
~~ total active/idle flows...: 6/6
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6184316 bytes
~~ total memory freed........: 6184316 bytes
~~ total memory allocated....: 6184364 bytes
~~ total memory freed........: 6184364 bytes
~~ total allocations/frees...: 126547/126547
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 462 chars
~~ json string max len.......: 943 chars
~~ json string avg len.......: 701 chars
~~ json string max len.......: 948 chars
~~ json string avg len.......: 704 chars

14
test/results/citrix.pcap.out
View File

@@ -1,10 +1,10 @@
00457{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"citrix.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00530{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"citrix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":0,"flow_last_seen":0,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":0,"l3_proto":"ip4","src_ip":"21.0.0.8","dst_ip":"22.0.0.7","src_port":45225,"dst_port":1494,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00537{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"citrix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":0,"flow_last_seen":0,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":0,"l3_proto":"ip4","src_ip":"21.0.0.8","dst_ip":"22.0.0.7","src_port":45225,"dst_port":1494,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00440{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"citrix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":0,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":24,"thread_ts_msec":0,"pkt":"4F+5aekiABUXp3WjCABFAAAsrYMAAIAGYjoVAAAIFgAAB7CpBdYP1me4AAAAAGACgAC\/CQAAAgQFtAAA6CmQmA=="}
00439{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"citrix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":2,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":24,"thread_ts_msec":2,"pkt":"ABUXp3Wj4F+5aekiCABFAAAsrVIAAH4GZGsWAAAHFQAACAXWsKkP1nFlD9ZnuWASgAA9vQAAAgQFtAAA3WOanQ=="}
00439{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"citrix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":2,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":20,"thread_ts_msec":2,"pkt":"4F+5aekiABUXp3WjCABFAAAorYQAAIAGYj0VAAAIFgAAB7CpBdYP1me5D9ZxZlAQgABVegAAAAAAAAAAIuNIFQ=="}
00591{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"citrix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":2,"flow_last_seen":8,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":8,"l3_proto":"ip4","src_ip":"21.0.0.8","dst_ip":"22.0.0.7","src_port":45225,"dst_port":1494,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Citrix","breed":"Acceptable","category":"Network"}}
00646{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"citrix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":100,"flow_first_seen":2,"flow_last_seen":1605,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":855,"flow_tot_l4_payload_len":5490,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1605,"l3_proto":"ip4","src_ip":"21.0.0.8","dst_ip":"22.0.0.7","src_port":45225,"dst_port":1494,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Citrix","breed":"Acceptable","category":"Network"}}
00598{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"citrix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":2,"flow_last_seen":8,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"midstream":0,"thread_ts_msec":8,"l3_proto":"ip4","src_ip":"21.0.0.8","dst_ip":"22.0.0.7","src_port":45225,"dst_port":1494,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Citrix","breed":"Acceptable","category":"Network"}}
00652{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"citrix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":75,"flow_dst_packets_processed":25,"flow_first_seen":2,"flow_last_seen":1605,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":855,"flow_tot_l4_payload_len":5490,"midstream":0,"thread_ts_msec":1605,"l3_proto":"ip4","src_ip":"21.0.0.8","dst_ip":"22.0.0.7","src_port":45225,"dst_port":1494,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Citrix","breed":"Acceptable","category":"Network"}}
00548{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"citrix.pcap","alias":"nDPId-test","packets-captured":100,"packets-processed":100,"total-skipped-flows":0,"total-l4-payload-len":5490,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_msec":1605}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 100/100
@@ -14,10 +14,10 @@
~~ total active/idle flows...: 1/1
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6005977 bytes
~~ total memory freed........: 6005977 bytes
~~ total memory allocated....: 6005985 bytes
~~ total memory freed........: 6005985 bytes
~~ total allocations/frees...: 120976/120976
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 444 chars
~~ json string max len.......: 651 chars
~~ json string avg len.......: 534 chars
~~ json string max len.......: 657 chars
~~ json string avg len.......: 537 chars

62
test/results/cloudflare-warp.pcap.out
View File

@@ -1,54 +1,54 @@
00466{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cloudflare-warp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00555{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cloudflare-warp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1656230932729}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1656230932729,"flow_last_seen":1656230932729,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1656230932729,"l3_proto":"ip4","src_ip":"10.158.134.93","dst_ip":"142.251.42.106","src_port":55512,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656230932729,"flow_last_seen":1656230932729,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":1,"thread_ts_msec":1656230932729,"l3_proto":"ip4","src_ip":"10.158.134.93","dst_ip":"142.251.42.106","src_port":55512,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1656230932729,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1656230932729,"pkt":"ABoRAAACABoRAAABCABFAAA0l3RAAEAGWO8KnoZdjvsqatjYAbtyVk7QfkNIjoAUAYa94wAAAQEICgCjbMKzFenn"}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1656230932996,"flow_last_seen":1656230932996,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1656230932996,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"159.138.85.48","src_port":42344,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656230932996,"flow_last_seen":1656230932996,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1656230932996,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"159.138.85.48","src_port":42344,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1656230932996,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1656230932996,"pkt":"ABoRAAACABoRAAABCABFAAA8oR5AAEAGmtoKCAABn4pVMKVoFGctlswbAAAAAKAC\/\/8oEgAAAgQFtAQCCAoAo20FAAAAAAEDAwg="}
00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1656230932998,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1656230932998,"pkt":"ABoRAAACABoRAAABCABFAAAoAAJAABAGbAufilUwCggAARRnpWjSaTPkLZbMHFAS\/\/\/3PgAA"}
00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1656230932998,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1656230932998,"pkt":"ABoRAAACABoRAAABCABFAAAooR9AAEAGmu0KCAABn4pVMKVoFGctlswc0mkz5VAQ\/\/\/3PwAA"}
00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1656230932996,"flow_last_seen":1656230933316,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":276,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1656230933316,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"159.138.85.48","src_port":42344,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber","breed":"Acceptable","category":"Web"}}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1656230934073,"flow_last_seen":1656230934073,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1656230934073,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"157.240.16.32","src_port":40214,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1656230932996,"flow_last_seen":1656230933316,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":276,"midstream":0,"thread_ts_msec":1656230933316,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"159.138.85.48","src_port":42344,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber","breed":"Acceptable","category":"Web"}}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656230934073,"flow_last_seen":1656230934073,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1656230934073,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"157.240.16.32","src_port":40214,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1656230934073,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1656230934073,"pkt":"ABoRAAACABoRAAABCABFAAA8zCNAAEAGtn8KCAABnfAQIJ0WAbspbaIxAAAAAKAC\/\/+2wAAAAgQFtAQCCAoAo24SAAAAAAEDAwg="}
00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1656230934076,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1656230934076,"pkt":"ABoRAAACABoRAAABCABFAAAoAAdAABAGsrCd8BAgCggAAQG7nRbWkl3OKW2iMlAS\/\/9Y5wAA"}
00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1656230934076,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1656230934076,"pkt":"ABoRAAACABoRAAABCABFAAAozCRAAEAGtpIKCAABnfAQIJ0WAbspbaIy1pJdz1AQ\/\/9Y6AAA"}
01026{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1656230934073,"flow_last_seen":1656230934082,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":406,"flow_tot_l4_payload_len":406,"flow_avg_l4_payload_len":101,"midstream":0,"thread_ts_msec":1656230934082,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"157.240.16.32","src_port":40214,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Messenger","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mqtt-mini.facebook.com","ja3":"159db30fc8fac7fb58bcaeee8785a687","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}
01065{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1656230934073,"flow_last_seen":1656230934194,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":406,"flow_tot_l4_payload_len":642,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1656230934194,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"157.240.16.32","src_port":40214,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Messenger","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1.3","client_requested_server_name":"mqtt-mini.facebook.com","ja3":"159db30fc8fac7fb58bcaeee8785a687","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1656230934714,"flow_last_seen":1656230934714,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1656230934714,"l3_proto":"ip4","src_ip":"10.158.134.93","dst_ip":"216.58.196.68","src_port":40454,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
01031{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1656230934073,"flow_last_seen":1656230934082,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":406,"flow_tot_l4_payload_len":406,"midstream":0,"thread_ts_msec":1656230934082,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"157.240.16.32","src_port":40214,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Messenger","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mqtt-mini.facebook.com","ja3":"159db30fc8fac7fb58bcaeee8785a687","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}
01070{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1656230934073,"flow_last_seen":1656230934194,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":406,"flow_tot_l4_payload_len":642,"midstream":0,"thread_ts_msec":1656230934194,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"157.240.16.32","src_port":40214,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Messenger","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1.3","client_requested_server_name":"mqtt-mini.facebook.com","ja3":"159db30fc8fac7fb58bcaeee8785a687","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656230934714,"flow_last_seen":1656230934714,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":1,"thread_ts_msec":1656230934714,"l3_proto":"ip4","src_ip":"10.158.134.93","dst_ip":"216.58.196.68","src_port":40454,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1656230934714,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1656230934714,"pkt":"ABoRAAACABoRAAABCABFAAA0ZaRAAEAGp6UKnoZd2DrERJ4GAbvZsETuj7TO0IARAXlU+gAAAQEICgCjbrOWos\/v"}
00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1656230934714,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1656230934714,"pkt":"ABoRAAACABoRAAABCABFAAAoAA1AABAGPUnYOsRECp6GXQG7ngaPtM7Q2bBE71AQ\/\/9lcwAA"}
00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1656230934714,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1656230934714,"pkt":"ABoRAAACABoRAAABCABFAAAoAA5AABAGPUjYOsRECp6GXQG7ngaPtM7Q2bBE71AR\/\/9lcgAA"}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1656230939663,"flow_last_seen":1656230939663,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1656230939663,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.18.47.234","src_port":45606,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656230939663,"flow_last_seen":1656230939663,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1656230939663,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.18.47.234","src_port":45606,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1656230939663,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1656230939663,"pkt":"ABoRAAACABoRAAABCABFAAA8PDFAAEAGXIYKCAABaBIv6rImAbu8t0+5AAAAAKAC\/\/9xfAAAAgQFtAQCCAoAo3OIAAAAAAEDAwg="}
00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1656230939665,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1656230939665,"pkt":"ABoRAAACABoRAAABCABFAAAoABFAABAGyLpoEi\/qCggAAQG7siZDSLBGvLdPulAS\/\/9Z6wAA"}
00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1656230939665,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1656230939665,"pkt":"ABoRAAACABoRAAABCABFAAAoPDJAAEAGXJkKCAABaBIv6rImAbu8t0+6Q0iwR1AQ\/\/9Z7AAA"}
00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1656230939663,"flow_last_seen":1656230939667,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":186,"flow_tot_l4_payload_len":186,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1656230939667,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.18.47.234","src_port":45606,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.CloudflareWarp","breed":"Acceptable","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.cloudflareclient.com","ja3":"6f5e62edfa5933b1332ddf8b9fb3ef9d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1656230939671,"flow_last_seen":1656230939671,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1656230939671,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.18.47.234","src_port":45610,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00870{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1656230939663,"flow_last_seen":1656230939667,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":186,"flow_tot_l4_payload_len":186,"midstream":0,"thread_ts_msec":1656230939667,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.18.47.234","src_port":45606,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.CloudflareWarp","breed":"Acceptable","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.cloudflareclient.com","ja3":"6f5e62edfa5933b1332ddf8b9fb3ef9d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656230939671,"flow_last_seen":1656230939671,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1656230939671,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.18.47.234","src_port":45610,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1656230939671,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1656230939671,"pkt":"ABoRAAACABoRAAABCABFAAA83IJAAEAGvDQKCAABaBIv6rIqAbsuP68IAAAAAKAC\/\/+gnwAAAgQFtAQCCAoAo3OKAAAAAAEDAwg="}
00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1656230939672,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1656230939672,"pkt":"ABoRAAACABoRAAABCABFAAAoABNAABAGyLhoEi\/qCggAAQG7sirRwFD3Lj+vCVAS\/\/9Z5wAA"}
00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1656230939672,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1656230939672,"pkt":"ABoRAAACABoRAAABCABFAAAo3INAAEAGvEcKCAABaBIv6rIqAbsuP68J0cBQ+FAQ\/\/9Z6AAA"}
00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1656230939671,"flow_last_seen":1656230939673,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":186,"flow_tot_l4_payload_len":186,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1656230939673,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.18.47.234","src_port":45610,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.CloudflareWarp","breed":"Acceptable","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.cloudflareclient.com","ja3":"6f5e62edfa5933b1332ddf8b9fb3ef9d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
01222{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":44,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1656230939663,"flow_last_seen":1656230939742,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2837,"flow_tot_l4_payload_len":3023,"flow_avg_l4_payload_len":503,"midstream":0,"thread_ts_msec":1656230939742,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.18.47.234","src_port":45606,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.CloudflareWarp","breed":"Acceptable","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.cloudflareclient.com","server_names":"cloudflareclient.com,*.cloudflareclient.com","ja3":"6f5e62edfa5933b1332ddf8b9fb3ef9d","ja3s":"9ebc57def2efb523f25c77af13aa6d48","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3","subjectDN":"C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=cloudflareclient.com","alpn":"http\/1.1","fingerprint":"E6:54:3B:82:07:1E:29:C4:57:8C:B4:9E:64:38:11:38:9B:FC:66:98"}}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1656230939763,"flow_last_seen":1656230939763,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1656230939763,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"142.250.183.163","src_port":51296,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00870{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1656230939671,"flow_last_seen":1656230939673,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":186,"flow_tot_l4_payload_len":186,"midstream":0,"thread_ts_msec":1656230939673,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.18.47.234","src_port":45610,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.CloudflareWarp","breed":"Acceptable","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.cloudflareclient.com","ja3":"6f5e62edfa5933b1332ddf8b9fb3ef9d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
01227{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":44,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1656230939663,"flow_last_seen":1656230939742,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2837,"flow_tot_l4_payload_len":3023,"midstream":0,"thread_ts_msec":1656230939742,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.18.47.234","src_port":45606,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.CloudflareWarp","breed":"Acceptable","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.cloudflareclient.com","server_names":"cloudflareclient.com,*.cloudflareclient.com","ja3":"6f5e62edfa5933b1332ddf8b9fb3ef9d","ja3s":"9ebc57def2efb523f25c77af13aa6d48","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3","subjectDN":"C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=cloudflareclient.com","alpn":"http\/1.1","fingerprint":"E6:54:3B:82:07:1E:29:C4:57:8C:B4:9E:64:38:11:38:9B:FC:66:98"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656230939763,"flow_last_seen":1656230939763,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1656230939763,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"142.250.183.163","src_port":51296,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1656230939763,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1656230939763,"pkt":"ABoRAAACABoRAAABCABFAAA8inNAAEAGX6IKCAABjvq3o8hgAbvanPnSAAAAAKAC\/\/\/kiAAAAgQFtAQCCAoAo3OhAAAAAAEDAwg="}
00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1656230939765,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1656230939765,"pkt":"ABoRAAACABoRAAABCABFAAAoABZAABAGGhSO+rejCggAAQG7yGAlYwYt2pz501AS\/\/+VDwAA"}
00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1656230939765,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1656230939765,"pkt":"ABoRAAACABoRAAABCABFAAAoinRAAEAGX7UKCAABjvq3o8hgAbvanPnTJWMGLlAQ\/\/+VEAAA"}
00878{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1656230939763,"flow_last_seen":1656230939766,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":202,"flow_tot_l4_payload_len":202,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1656230939766,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"142.250.183.163","src_port":51296,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"crashlyticsreports-pa.googleapis.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
01222{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":51,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1656230939671,"flow_last_seen":1656230939767,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2800,"flow_tot_l4_payload_len":2986,"flow_avg_l4_payload_len":497,"midstream":0,"thread_ts_msec":1656230939767,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.18.47.234","src_port":45610,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.CloudflareWarp","breed":"Acceptable","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.cloudflareclient.com","server_names":"cloudflareclient.com,*.cloudflareclient.com","ja3":"6f5e62edfa5933b1332ddf8b9fb3ef9d","ja3s":"9ebc57def2efb523f25c77af13aa6d48","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3","subjectDN":"C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=cloudflareclient.com","alpn":"http\/1.1","fingerprint":"E6:54:3B:82:07:1E:29:C4:57:8C:B4:9E:64:38:11:38:9B:FC:66:98"}}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1656230939817,"flow_last_seen":1656230939817,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1656230939817,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"172.217.194.188","src_port":43600,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00884{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1656230939763,"flow_last_seen":1656230939766,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":202,"flow_tot_l4_payload_len":202,"midstream":0,"thread_ts_msec":1656230939766,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"142.250.183.163","src_port":51296,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"crashlyticsreports-pa.googleapis.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
01227{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":51,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1656230939671,"flow_last_seen":1656230939767,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2800,"flow_tot_l4_payload_len":2986,"midstream":0,"thread_ts_msec":1656230939767,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.18.47.234","src_port":45610,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.CloudflareWarp","breed":"Acceptable","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.cloudflareclient.com","server_names":"cloudflareclient.com,*.cloudflareclient.com","ja3":"6f5e62edfa5933b1332ddf8b9fb3ef9d","ja3s":"9ebc57def2efb523f25c77af13aa6d48","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3","subjectDN":"C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=cloudflareclient.com","alpn":"http\/1.1","fingerprint":"E6:54:3B:82:07:1E:29:C4:57:8C:B4:9E:64:38:11:38:9B:FC:66:98"}}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656230939817,"flow_last_seen":1656230939817,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1656230939817,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"172.217.194.188","src_port":43600,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1656230939817,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1656230939817,"pkt":"ABoRAAACABoRAAABCABFAAA816BAAEAG6XwKCAABrNnCvKpQFGzl+aQLAAAAAKAC\/\/8RUAAAAgQFtAQCCAoAo3OrAAAAAAEDAwg="}
00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1656230939818,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1656230939818,"pkt":"ABoRAAACABoRAAABCABFAAAoABtAABAG8Ras2cK8CggAARRsqlAaBlv05fmkDFAS\/\/93dgAA"}
00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1656230939818,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1656230939818,"pkt":"ABoRAAACABoRAAABCABFAAAo16FAAEAG6Y8KCAABrNnCvKpQFGzl+aQMGgZb9VAQ\/\/93dwAA"}
00647{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":63,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1656230939817,"flow_last_seen":1656230939818,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1656230939819,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"172.217.194.188","src_port":43600,"dst_port":5228,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Google","breed":"Acceptable","category":"Web"}}
00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":63,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1656230939817,"flow_last_seen":1656230939818,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1656230939819,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"172.217.194.188","src_port":43600,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00653{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":63,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1656230934714,"flow_last_seen":1656230934714,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1656230939819,"l3_proto":"ip4","src_ip":"10.158.134.93","dst_ip":"216.58.196.68","src_port":40454,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":63,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1656230934714,"flow_last_seen":1656230934714,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1656230939819,"l3_proto":"ip4","src_ip":"10.158.134.93","dst_ip":"216.58.196.68","src_port":40454,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00654{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":63,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1656230932729,"flow_last_seen":1656230932729,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1656230939819,"l3_proto":"ip4","src_ip":"10.158.134.93","dst_ip":"142.251.42.106","src_port":55512,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":63,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1656230932729,"flow_last_seen":1656230932729,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1656230939819,"l3_proto":"ip4","src_ip":"10.158.134.93","dst_ip":"142.251.42.106","src_port":55512,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":63,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1656230932996,"flow_last_seen":1656230933366,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":276,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1656230939819,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"159.138.85.48","src_port":42344,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber","breed":"Acceptable","category":"Web"}}
00588{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":63,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1656230939763,"flow_last_seen":1656230939766,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":202,"flow_tot_l4_payload_len":202,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1656230939819,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"142.250.183.163","src_port":51296,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":63,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1656230939663,"flow_last_seen":1656230939818,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2837,"flow_tot_l4_payload_len":3417,"flow_avg_l4_payload_len":310,"midstream":0,"thread_ts_msec":1656230939819,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.18.47.234","src_port":45606,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.CloudflareWarp","breed":"Acceptable","category":"VPN"}}
00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":63,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1656230939671,"flow_last_seen":1656230939819,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2800,"flow_tot_l4_payload_len":3117,"flow_avg_l4_payload_len":283,"midstream":0,"thread_ts_msec":1656230939819,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.18.47.234","src_port":45610,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.CloudflareWarp","breed":"Acceptable","category":"VPN"}}
00827{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":63,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1656230934073,"flow_last_seen":1656230934969,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":522,"flow_tot_l4_payload_len":1431,"flow_avg_l4_payload_len":84,"midstream":0,"thread_ts_msec":1656230939819,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"157.240.16.32","src_port":40214,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Messenger","breed":"Acceptable","category":"Chat"}}
00654{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":63,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1656230939817,"flow_last_seen":1656230939818,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1656230939819,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"172.217.194.188","src_port":43600,"dst_port":5228,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Google","breed":"Acceptable","category":"Web"}}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":63,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1656230939817,"flow_last_seen":1656230939818,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1656230939819,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"172.217.194.188","src_port":43600,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00660{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":63,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1656230934714,"flow_last_seen":1656230934714,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":1,"thread_ts_msec":1656230939819,"l3_proto":"ip4","src_ip":"10.158.134.93","dst_ip":"216.58.196.68","src_port":40454,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
00592{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":63,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1656230934714,"flow_last_seen":1656230934714,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":1,"thread_ts_msec":1656230939819,"l3_proto":"ip4","src_ip":"10.158.134.93","dst_ip":"216.58.196.68","src_port":40454,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00661{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":63,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656230932729,"flow_last_seen":1656230932729,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":1,"thread_ts_msec":1656230939819,"l3_proto":"ip4","src_ip":"10.158.134.93","dst_ip":"142.251.42.106","src_port":55512,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":63,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656230932729,"flow_last_seen":1656230932729,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":1,"thread_ts_msec":1656230939819,"l3_proto":"ip4","src_ip":"10.158.134.93","dst_ip":"142.251.42.106","src_port":55512,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":63,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1656230932996,"flow_last_seen":1656230933366,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":276,"midstream":0,"thread_ts_msec":1656230939819,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"159.138.85.48","src_port":42344,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber","breed":"Acceptable","category":"Web"}}
00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":63,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1656230939763,"flow_last_seen":1656230939766,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":202,"flow_tot_l4_payload_len":202,"midstream":0,"thread_ts_msec":1656230939819,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"142.250.183.163","src_port":51296,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":63,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1656230939663,"flow_last_seen":1656230939818,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2837,"flow_tot_l4_payload_len":3417,"midstream":0,"thread_ts_msec":1656230939819,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.18.47.234","src_port":45606,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.CloudflareWarp","breed":"Acceptable","category":"VPN"}}
00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":63,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1656230939671,"flow_last_seen":1656230939819,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2800,"flow_tot_l4_payload_len":3117,"midstream":0,"thread_ts_msec":1656230939819,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.18.47.234","src_port":45610,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.CloudflareWarp","breed":"Acceptable","category":"VPN"}}
00832{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":63,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1656230934073,"flow_last_seen":1656230934969,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":522,"flow_tot_l4_payload_len":1431,"midstream":0,"thread_ts_msec":1656230939819,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"157.240.16.32","src_port":40214,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Messenger","breed":"Acceptable","category":"Chat"}}
00564{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":63,"source":"cloudflare-warp.pcap","alias":"nDPId-test","packets-captured":63,"packets-processed":63,"total-skipped-flows":0,"total-l4-payload-len":8443,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":5,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":52,"global_ts_msec":1656230939819}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 63/63
@@ -58,10 +58,10 @@
~~ total active/idle flows...: 8/8
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6028661 bytes
~~ total memory freed........: 6028661 bytes
~~ total memory allocated....: 6028725 bytes
~~ total memory freed........: 6028725 bytes
~~ total allocations/frees...: 120987/120987
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 464 chars
~~ json string max len.......: 1227 chars
~~ json string avg len.......: 844 chars
~~ json string max len.......: 1232 chars
~~ json string avg len.......: 847 chars

104
test/results/coap_mqtt.pcap.out
View File

@@ -1,93 +1,93 @@
00460{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"coap_mqtt.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00549{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"coap_mqtt.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1333957710293}
00612{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1333957710293,"flow_last_seen":1333957710293,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1333957710293,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61043,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00618{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1333957710293,"flow_last_seen":1333957710293,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"midstream":0,"thread_ts_msec":1333957710293,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61043,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1333957710293,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1333957710293,"pkt":"ACOJtMwBSF1gwJdKht1gAAAAACARQCABDagCFRFxoQvLSI+DV\/YgAQYgAAg12QAAAAAAAAAQ7nMWMwAg\/RpDAQXKchYzKy53ZWxsLWtub3duBGNvcmU="}
00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1333957710293,"flow_last_seen":1333957710293,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1333957710293,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61043,"dst_port":5683,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}}
00612{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1333957715764,"flow_last_seen":1333957715764,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1333957715764,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61044,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00667{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1333957710293,"flow_last_seen":1333957710293,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"midstream":0,"thread_ts_msec":1333957710293,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61043,"dst_port":5683,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}}
00618{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1333957715764,"flow_last_seen":1333957715764,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"midstream":0,"thread_ts_msec":1333957715764,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61044,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1333957715764,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1333957715764,"pkt":"ACOJtMwBSF1gwJdKht1gAAAAACARQCABDagCFRFxoQvLSI+DV\/YgAQYgAAg12QAAAAAAAAAQ7nQWMwAgAxVDAv\/NchYzKy53ZWxsLWtub3duBGNvcmU="}
00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1333957715764,"flow_last_seen":1333957715764,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1333957715764,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61044,"dst_port":5683,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}}
00612{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1333957717200,"flow_last_seen":1333957717200,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1333957717200,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61045,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00667{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1333957715764,"flow_last_seen":1333957715764,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"midstream":0,"thread_ts_msec":1333957715764,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61044,"dst_port":5683,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}}
00618{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1333957717200,"flow_last_seen":1333957717200,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"midstream":0,"thread_ts_msec":1333957717200,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61045,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1333957717200,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1333957717200,"pkt":"ACOJtMwBSF1gwJdKht1gAAAAACARQCABDagCFRFxoQvLSI+DV\/YgAQYgAAg12QAAAAAAAAAQ7nUWMwAgyuNDAzf9chYzKy53ZWxsLWtub3duBGNvcmU="}
00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1333957717200,"flow_last_seen":1333957717200,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1333957717200,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61045,"dst_port":5683,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}}
00612{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1333957718629,"flow_last_seen":1333957718629,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1333957718629,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61046,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00667{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1333957717200,"flow_last_seen":1333957717200,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"midstream":0,"thread_ts_msec":1333957717200,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61045,"dst_port":5683,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}}
00618{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1333957718629,"flow_last_seen":1333957718629,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"midstream":0,"thread_ts_msec":1333957718629,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61046,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1333957718629,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1333957718629,"pkt":"ACOJtMwBSF1gwJdKht1gAAAAACARQCABDagCFRFxoQvLSI+DV\/YgAQYgAAg12QAAAAAAAAAQ7nYWMwAgvHpDBEZkchYzKy53ZWxsLWtub3duBGNvcmU="}
00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1333957718629,"flow_last_seen":1333957718629,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1333957718629,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61046,"dst_port":5683,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}}
00612{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1333957720773,"flow_last_seen":1333957720773,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1333957720773,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61047,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00667{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1333957718629,"flow_last_seen":1333957718629,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"midstream":0,"thread_ts_msec":1333957718629,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61046,"dst_port":5683,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}}
00618{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1333957720773,"flow_last_seen":1333957720773,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"midstream":0,"thread_ts_msec":1333957720773,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61047,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1333957720773,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":90,"pkt_l4_len":36,"thread_ts_msec":1333957720773,"pkt":"ACOJtMwBSF1gwJdKht1gAAAAACQRQCABDagCFRFxoQvLSI+DV\/YgAQYgAAg12QAAAAAAAAAQ7ncWMwAkKH5FAYp0chYzKy53ZWxsLWtub3duBGNvcmUQEj3U"}
00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1333957720773,"flow_last_seen":1333957720773,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1333957720773,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61047,"dst_port":5683,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}}
00667{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1333957720773,"flow_last_seen":1333957720773,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"midstream":0,"thread_ts_msec":1333957720773,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61047,"dst_port":5683,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}}
00552{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":6,"source":"coap_mqtt.pcap","alias":"nDPId-test","packets-captured":6,"packets-processed":5,"total-skipped-flows":0,"total-l4-payload-len":124,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":5,"total-active-flows":5,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":18,"global_ts_msec":1375090528017}
00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1375090528017,"flow_last_seen":1375090528017,"flow_idle_time":200000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":19,"midstream":0,"thread_ts_msec":1375090528017,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":33499,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1375090528017,"flow_last_seen":1375090528017,"flow_idle_time":200000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"midstream":0,"thread_ts_msec":1375090528017,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":33499,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1375090528017,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":81,"pkt_l4_len":27,"thread_ts_msec":1375090528017,"pkt":"uCfrprIvACTop0mhht1gAAAAABsRQLu7AAAAAAAAAAAAAAAAAAG7uwAAAAAAAAAAAAAAAAADgtsWMwAblIJCAekbB5C4c2VwYXJhdGUQ0SMR"}
00619{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1375090528017,"flow_last_seen":1375090528017,"flow_idle_time":200000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":19,"midstream":0,"thread_ts_msec":1375090528017,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":33499,"dst_port":5683,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}}
00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1375090528017,"flow_last_seen":1375090528017,"flow_idle_time":200000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"midstream":0,"thread_ts_msec":1375090528017,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":33499,"dst_port":5683,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1375090528127,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":66,"pkt_l4_len":12,"thread_ts_msec":1375090528127,"pkt":"ACTop0mhuCfrprIvht1gAAAAAAwRQLu7AAAAAAAAAAAAAAAAAAO7uwAAAAAAAAAAAAAAAAABFjOC2wAMpjBgAOkb"}
00638{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1375090529153,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":191,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":191,"pkt_l4_len":137,"thread_ts_msec":1375090529153,"pkt":"ACTop0mhuCfrprIvht1gAAAAAIkRQLu7AAAAAAAAAAAAAAAAAAO7uwAAAAAAAAAAAAAAAAABFjOC2wCJMIhCRVcPB5D\/VGhpcyBtZXNzYWdlIHdhcyBzZW50IGJ5IGEgc2VwYXJhdGUgcmVzcG9uc2UuCllvdXIgY2xpZW50IHdpbGwgbmVlZCB0byBhY2tub3dsZWRnZSBpdCwgb3RoZXJ3aXNlIGl0IHdpbGwgYmUgcmV0cmFuc21pdHRlZC4="}
00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1333957710293,"flow_last_seen":1333957710293,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1375090529165,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61043,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}}
00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1333957715764,"flow_last_seen":1333957715764,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1375090529165,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61044,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}}
00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1333957717200,"flow_last_seen":1333957717200,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1375090529165,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61045,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}}
00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1333957718629,"flow_last_seen":1333957718629,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1375090529165,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61046,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}}
00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1333957720773,"flow_last_seen":1333957720773,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1375090529165,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61047,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}}
00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1375090926676,"flow_last_seen":1375090926676,"flow_idle_time":200000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":23,"midstream":0,"thread_ts_msec":1375090926676,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":50250,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00707{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1333957710293,"flow_last_seen":1333957710293,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"midstream":0,"thread_ts_msec":1375090529165,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61043,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}}
00707{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1333957715764,"flow_last_seen":1333957715764,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"midstream":0,"thread_ts_msec":1375090529165,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61044,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}}
00707{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1333957717200,"flow_last_seen":1333957717200,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"midstream":0,"thread_ts_msec":1375090529165,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61045,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}}
00707{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1333957718629,"flow_last_seen":1333957718629,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"midstream":0,"thread_ts_msec":1375090529165,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61046,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}}
00707{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1333957720773,"flow_last_seen":1333957720773,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"midstream":0,"thread_ts_msec":1375090529165,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61047,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1375090926676,"flow_last_seen":1375090926676,"flow_idle_time":200000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"midstream":0,"thread_ts_msec":1375090926676,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":50250,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1375090926676,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":85,"pkt_l4_len":31,"thread_ts_msec":1375090926676,"pkt":"uCfrprIvACTop0mhht1gAAAAAB8RQLu7AAAAAAAAAAAAAAAAAAG7uwAAAAAAAAAAAAAAAAADxEoWMwAfdD1AAs6gt3N0b3JhZ2X\/bXlyZXNvdXJjZQ=="}
00620{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1375090926676,"flow_last_seen":1375090926676,"flow_idle_time":200000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":23,"midstream":0,"thread_ts_msec":1375090926676,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":50250,"dst_port":5683,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}}
00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1375090926676,"flow_last_seen":1375090926676,"flow_idle_time":200000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"midstream":0,"thread_ts_msec":1375090926676,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":50250,"dst_port":5683,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}}
00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1375090926735,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":85,"pkt_l4_len":31,"thread_ts_msec":1375090926735,"pkt":"ACTop0mhuCfrprIvht1gAAAAAB8RQLu7AAAAAAAAAAAAAAAAAAO7uwAAAAAAAAAAAAAAAAABFjPESgAfeP9gQc6gh3N0b3JhZ2UKbXlyZXNvdXJjZQ=="}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1375090935026,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":73,"pkt_l4_len":19,"thread_ts_msec":1375090935026,"pkt":"uCfrprIvACTop0mhht1gAAAAABMRQLu7AAAAAAAAAAAAAAAAAAG7uwAAAAAAAAAAAAAAAAADxEoWMwATY+NAA86h\/215ZGF0YQ=="}
00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1375090935240,"flow_last_seen":1375090935240,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1375090935240,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":46819,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1375090935240,"flow_last_seen":1375090935240,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"midstream":0,"thread_ts_msec":1375090935240,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":46819,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1375090935240,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":92,"pkt_l4_len":38,"thread_ts_msec":1375090935240,"pkt":"uCfrprIvACTop0mhht1gAAAAACYRQLu7AAAAAAAAAAAAAAAAAAG7uwAAAAAAAAAAAAAAAAADtuMWMwAmaNlAA5Uit3N0b3JhZ2UKbXlyZXNvdXJjZf9teWRhdGE="}
00620{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1375090935240,"flow_last_seen":1375090935240,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1375090935240,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":46819,"dst_port":5683,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}}
00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1375090935240,"flow_last_seen":1375090935240,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"midstream":0,"thread_ts_msec":1375090935240,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":46819,"dst_port":5683,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}}
00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1375090935293,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":66,"pkt_l4_len":12,"thread_ts_msec":1375090935293,"pkt":"ACTop0mhuCfrprIvht1gAAAAAAwRQLu7AAAAAAAAAAAAAAAAAAO7uwAAAAAAAAAAAAAAAAABFjO24wAMxd1gRJUi"}
00660{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1375090528017,"flow_last_seen":1375090529165,"flow_idle_time":200000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1375090935293,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":33499,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}}
00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1375090528017,"flow_last_seen":1375090529165,"flow_idle_time":200000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":156,"midstream":0,"thread_ts_msec":1375090935293,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":33499,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}}
00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1375091005616,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":85,"pkt_l4_len":31,"thread_ts_msec":1375091005616,"pkt":"uCfrprIvACTop0mhht1gAAAAAB8RQLu7AAAAAAAAAAAAAAAAAAG7uwAAAAAAAAAAAAAAAAADtuMWMwAfsCNAAZUjt3N0b3JhZ2UKbXlyZXNvdXJjZQ=="}
00555{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"coap_mqtt.pcap","alias":"nDPId-test","packets-captured":20,"packets-processed":19,"total-skipped-flows":0,"total-l4-payload-len":436,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":40,"global_ts_msec":1455907243976}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907243976,"flow_last_seen":1455907243976,"flow_idle_time":7580000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":1,"thread_ts_msec":1455907243976,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53522,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455907243976,"flow_last_seen":1455907243976,"flow_idle_time":7580000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"midstream":1,"thread_ts_msec":1455907243976,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53522,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1455907243976,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":22,"thread_ts_msec":1455907243976,"pkt":"CAAnmO\/hCAAnAERyCABFAAAqELhAAIAG+F7AqDgBwKg4ZdESRF16higakEiEGVAYAQAwoAAAwAAAAAAA"}
00768{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907243976,"flow_last_seen":1455907243976,"flow_idle_time":7580000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":1,"thread_ts_msec":1455907243976,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53522,"dst_port":17501,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
00775{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455907243976,"flow_last_seen":1455907243976,"flow_idle_time":7580000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"midstream":1,"thread_ts_msec":1455907243976,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53522,"dst_port":17501,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1455907243977,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":22,"thread_ts_msec":1455907243977,"pkt":"CAAnAERyCAAnmO\/hCABFAAAqrABAAEAGnRbAqDhlwKg4AURd0RKQSIQZeoYoHFAYAOXx0wAA0AA="}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1455907244175,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1455907244175,"pkt":"CAAnmO\/hCAAnAERyCABFAAAoELlAAIAG+F\/AqDgBwKg4ZdESRF16higckEiEG1AQAQDwpgAAAAAAAAAA"}
00658{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":23,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1375090926676,"flow_last_seen":1375090935086,"flow_idle_time":200000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1455907244175,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":50250,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}}
00658{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":23,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1375090935240,"flow_last_seen":1375091022272,"flow_idle_time":200000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":95,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1455907244175,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":46819,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907258332,"flow_last_seen":1455907258332,"flow_idle_time":7580000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":1,"thread_ts_msec":1455907258332,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53523,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":23,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1375090926676,"flow_last_seen":1375090935086,"flow_idle_time":200000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":61,"midstream":0,"thread_ts_msec":1455907244175,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":50250,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}}
00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":23,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1375090935240,"flow_last_seen":1375091022272,"flow_idle_time":200000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":95,"midstream":0,"thread_ts_msec":1455907244175,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":46819,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455907258332,"flow_last_seen":1455907258332,"flow_idle_time":7580000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"midstream":1,"thread_ts_msec":1455907258332,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53523,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1455907258332,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":22,"thread_ts_msec":1455907258332,"pkt":"CAAnmO\/hCAAnAERyCABFAAAqELpAAIAG+FzAqDgBwKg4ZdETRF1NYgogm49Jd1AYAQCrGAAAwAAAAAAA"}
00769{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907258332,"flow_last_seen":1455907258332,"flow_idle_time":7580000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":1,"thread_ts_msec":1455907258332,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53523,"dst_port":17501,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455907258332,"flow_last_seen":1455907258332,"flow_idle_time":7580000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"midstream":1,"thread_ts_msec":1455907258332,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53523,"dst_port":17501,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1455907258332,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":22,"thread_ts_msec":1455907258332,"pkt":"CAAnAERyCAAnmO\/hCABFAAAqf0dAAEAGyc\/AqDhlwKg4AURd0RObj0l3TWIKIlAYAOXx0wAA0AA="}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1455907258532,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1455907258532,"pkt":"CAAnmO\/hCAAnAERyCABFAAAoELtAAIAG+F3AqDgBwKg4ZdETRF1NYgoim49JeVAQAQBrHwAAAAAAAAAA"}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907267002,"flow_last_seen":1455907267002,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1455907267002,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53528,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455907267002,"flow_last_seen":1455907267002,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1455907267002,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53528,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1455907267002,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1455907267002,"pkt":"CAAnmO\/hCAAnAERyCABFAAA0ELxAAIAG+FDAqDgBwKg4ZdEYRF3fAvFmAAAAAIACIAB3eQAAAgQFtAEDAwgBAQQC"}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1455907267002,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1455907267002,"pkt":"CAAnAERyCAAnmO\/hCABFAAA0AABAAEAGSQ3AqDhlwKg4AURd0RiuSO3C3wLxZ4ASchDx3QAAAgQFtAEBBAIBAwMH"}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1455907267002,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1455907267002,"pkt":"CAAnmO\/hCAAnAERyCABFAAAoEL1AAIAG+FvAqDgBwKg4ZdEYRF3fAvFnrkjtw1AQAQA7MAAAAAAAAAAA"}
00771{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1455907267002,"flow_last_seen":1455907267007,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1455907267007,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53528,"dst_port":17501,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907271481,"flow_last_seen":1455907271481,"flow_idle_time":200000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1455907271481,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50311,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00778{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1455907267002,"flow_last_seen":1455907267007,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"midstream":0,"thread_ts_msec":1455907267007,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53528,"dst_port":17501,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455907271481,"flow_last_seen":1455907271481,"flow_idle_time":200000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"midstream":0,"thread_ts_msec":1455907271481,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50311,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1455907271481,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_msec":1455907271481,"pkt":"CAAnmO\/hCAAnAERyCABFAAB8EMQAAIARN\/bAqDgBwKg4ZcSHRFwAaLRJQwM1AW9STXJEXEFyCEJ1czE3Q21kETL\/eyJtZXNzYWdlVHlwZSI6IlVQREFURSIsIm1lc3NhZ2VDb250ZW50IjoiRnJpIEZlYiAxOSAyMDo0MToxMSBFRVQgMjAxNiJ9"}
00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907271481,"flow_last_seen":1455907271481,"flow_idle_time":200000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1455907271481,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50311,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907271483,"flow_last_seen":1455907271483,"flow_idle_time":7580000,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":1,"thread_ts_msec":1455907271483,"l3_proto":"ip4","src_ip":"192.168.56.101","dst_ip":"192.168.56.1","src_port":17501,"dst_port":53524,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455907271481,"flow_last_seen":1455907271481,"flow_idle_time":200000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"midstream":0,"thread_ts_msec":1455907271481,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50311,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455907271483,"flow_last_seen":1455907271483,"flow_idle_time":7580000,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"midstream":1,"thread_ts_msec":1455907271483,"l3_proto":"ip4","src_ip":"192.168.56.101","dst_ip":"192.168.56.1","src_port":17501,"dst_port":53524,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1455907271483,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_msec":1455907271483,"pkt":"CAAnAERyCAAnmO\/hCABFAAB+1KdAAEAGdBvAqDhlwKg4AURd0RSW3pIhxZi6gFAYAOXyJwAAMlQACEJ1czE3Q21kAAJ7Im1lc3NhZ2VUeXBlIjoiVVBEQVRFIiwibWVzc2FnZUNvbnRlbnQiOiJGcmkgRmViIDE5IDIwOjQxOjExIEVFVCAyMDE2In0="}
00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907271483,"flow_last_seen":1455907271483,"flow_idle_time":7580000,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":1,"thread_ts_msec":1455907271483,"l3_proto":"ip4","src_ip":"192.168.56.101","dst_ip":"192.168.56.1","src_port":17501,"dst_port":53524,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455907271483,"flow_last_seen":1455907271483,"flow_idle_time":7580000,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"midstream":1,"thread_ts_msec":1455907271483,"l3_proto":"ip4","src_ip":"192.168.56.101","dst_ip":"192.168.56.1","src_port":17501,"dst_port":53524,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1455907271483,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":61,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":61,"pkt_l4_len":27,"thread_ts_msec":1455907271483,"pkt":"CAAnAERyCAAnmO\/hCABFAAAvXYVAAEAR64HAqDhlwKg4AURcxIcAG\/HjY0Q1AW9STYsvci9CdXMxN0NtZA=="}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1455907271485,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1455907271485,"pkt":"CAAnmO\/hCAAnAERyCABFAAAsEMdAAIAG+E3AqDgBwKg4ZdEURF3FmLqAlt6Sd1AYAP++LAAAQAIAAgAA"}
00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1455907271522,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1455907271522,"pkt":"CAAnAERyCAAnmO\/hCABFAAAo1KhAAEAGdHDAqDhlwKg4AURd0RSW3pJ3xZi6hFAQAOXx0QAA"}
00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1455907271585,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":137,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":137,"pkt_l4_len":103,"thread_ts_msec":1455907271585,"pkt":"CAAnmO\/hCAAnAERyCABFAAB7EM0AAIARN+7AqDgBwKg4ZcSHRFwAZzJrQgM1Anj4ckRcQXIIQnVzMTdDbWQRMv97Im1lc3NhZ2VUeXBlIjoiVVBEQVRFIiwibWVzc2FnZUNvbnRlbnQiOiJGcmkgRmViIDE5IDIwOjQxOjExIEVFVCAyMDE2In0="}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":429,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907272856,"flow_last_seen":1455907272856,"flow_idle_time":200000,"flow_min_l4_payload_len":95,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":95,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1455907272856,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50318,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":429,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455907272856,"flow_last_seen":1455907272856,"flow_idle_time":200000,"flow_min_l4_payload_len":95,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":95,"midstream":0,"thread_ts_msec":1455907272856,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50318,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":429,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1455907272856,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":137,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":137,"pkt_l4_len":103,"thread_ts_msec":1455907272856,"pkt":"CAAnmO\/hCAAnAERyCABFAAB7EWkAAIARN1LAqDgBwKg4ZcSORFwAZ7scQgMdqQeYckRcQXIIQnVzMTdDbWQRMv97Im1lc3NhZ2VUeXBlIjoiVVBEQVRFIiwibWVzc2FnZUNvbnRlbnQiOiJGcmkgRmViIDE5IDIwOjQxOjEyIEVFVCAyMDE2In0="}
00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":429,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907272856,"flow_last_seen":1455907272856,"flow_idle_time":200000,"flow_min_l4_payload_len":95,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":95,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1455907272856,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50318,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":429,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455907272856,"flow_last_seen":1455907272856,"flow_idle_time":200000,"flow_min_l4_payload_len":95,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":95,"midstream":0,"thread_ts_msec":1455907272856,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50318,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":439,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1455907272858,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_msec":1455907272858,"pkt":"CAAnAERyCAAnmO\/hCABFAAAuXhFAAEAR6vbAqDhlwKg4AURcxI4AGvHiYkQdqQeYiy9yL0J1czE3Q21k"}
00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":489,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1455907272969,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"thread_ts_msec":1455907272969,"pkt":"CAAnmO\/hCAAnAERyCABFAAB\/EYMAAIARNzTAqDgBwKg4ZcSORFwAa8WlRgMdqhF5z0YYRXJEXEFyCEJ1czE3Q21kETL\/eyJtZXNzYWdlVHlwZSI6IlVQREFURSIsIm1lc3NhZ2VDb250ZW50IjoiRnJpIEZlYiAxOSAyMDo0MToxMyBFRVQgMjAxNiJ9"}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1032,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907274088,"flow_last_seen":1455907274088,"flow_idle_time":200000,"flow_min_l4_payload_len":97,"flow_max_l4_payload_len":97,"flow_tot_l4_payload_len":97,"flow_avg_l4_payload_len":97,"midstream":0,"thread_ts_msec":1455907274088,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50312,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1032,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455907274088,"flow_last_seen":1455907274088,"flow_idle_time":200000,"flow_min_l4_payload_len":97,"flow_max_l4_payload_len":97,"flow_tot_l4_payload_len":97,"midstream":0,"thread_ts_msec":1455907274088,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50312,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1032,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1455907274088,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"thread_ts_msec":1455907274088,"pkt":"CAAnmO\/hCAAnAERyCABFAAB9EncAAIARNkLAqDgBwKg4ZcSIRFwAaR7GRANSj9XGl0FyRFxBcghCdXMxN0NtZBEy\/3sibWVzc2FnZVR5cGUiOiJVUERBVEUiLCJtZXNzYWdlQ29udGVudCI6IkZyaSBGZWIgMTkgMjA6NDE6MTQgRUVUIDIwMTYifQ=="}
00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1032,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907274088,"flow_last_seen":1455907274088,"flow_idle_time":200000,"flow_min_l4_payload_len":97,"flow_max_l4_payload_len":97,"flow_tot_l4_payload_len":97,"flow_avg_l4_payload_len":97,"midstream":0,"thread_ts_msec":1455907274088,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50312,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1032,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455907274088,"flow_last_seen":1455907274088,"flow_idle_time":200000,"flow_min_l4_payload_len":97,"flow_max_l4_payload_len":97,"flow_tot_l4_payload_len":97,"midstream":0,"thread_ts_msec":1455907274088,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50312,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1042,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1455907274089,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1455907274089,"pkt":"CAAnAERyCAAnmO\/hCABFAAAwXqNAAEAR6mLAqDhlwKg4AURcxIgAHPHkZERSj9XGl0GLL3IvQnVzMTdDbWQ="}
00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1083,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1455907274193,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"thread_ts_msec":1455907274193,"pkt":"CAAnmO\/hCAAnAERyCABFAACBEpIAAIARNiPAqDgBwKg4ZcSIRFwAbeMnSANSkLugNTWCkTE2ckRcQXIIQnVzMTdDbWQRMv97Im1lc3NhZ2VUeXBlIjoiVVBEQVRFIiwibWVzc2FnZUNvbnRlbnQiOiJGcmkgRmViIDE5IDIwOjQxOjE0IEVFVCAyMDE2In0="}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1927,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907275690,"flow_last_seen":1455907275690,"flow_idle_time":200000,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":99,"flow_avg_l4_payload_len":99,"midstream":0,"thread_ts_msec":1455907275690,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50319,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1927,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455907275690,"flow_last_seen":1455907275690,"flow_idle_time":200000,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":99,"midstream":0,"thread_ts_msec":1455907275690,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50319,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1927,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1455907275690,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"thread_ts_msec":1455907275690,"pkt":"CAAnmO\/hCAAnAERyCABFAAB\/FCAAAIARNJfAqDgBwKg4ZcSPRFwAa2JLRgOAZtDWwMpn\/nJEXEFyCEJ1czE3Q21kETL\/eyJtZXNzYWdlVHlwZSI6IlVQREFURSIsIm1lc3NhZ2VDb250ZW50IjoiRnJpIEZlYiAxOSAyMDo0MToxNSBFRVQgMjAxNiJ9"}
00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1927,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907275690,"flow_last_seen":1455907275690,"flow_idle_time":200000,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":99,"flow_avg_l4_payload_len":99,"midstream":0,"thread_ts_msec":1455907275690,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50319,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1927,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455907275690,"flow_last_seen":1455907275690,"flow_idle_time":200000,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":99,"midstream":0,"thread_ts_msec":1455907275690,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50319,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1936,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1455907275695,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"thread_ts_msec":1455907275695,"pkt":"CAAnAERyCAAnmO\/hCABFAAAyX35AAEAR6YXAqDhlwKg4AURcxI8AHvHmZkSAZtDWwMpn\/osvci9CdXMxN0NtZA=="}
00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2015,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1455907275831,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_msec":1455907275831,"pkt":"CAAnmO\/hCAAnAERyCABFAACAFEwAAIARNGrAqDgBwKg4ZcSPRFwAbLkURwOAZ6ExGoh1VzNyRFxBcghCdXMxN0NtZBEy\/3sibWVzc2FnZVR5cGUiOiJVUERBVEUiLCJtZXNzYWdlQ29udGVudCI6IkZyaSBGZWIgMTkgMjA6NDE6MTUgRUVUIDIwMTYifQ=="}
00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":200,"flow_first_seen":1455907271481,"flow_last_seen":1455907282686,"flow_idle_time":200000,"flow_min_l4_payload_len":17,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":11720,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1455907286855,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50311,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":200,"flow_first_seen":1455907274088,"flow_last_seen":1455907285181,"flow_idle_time":200000,"flow_min_l4_payload_len":17,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":11794,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1455907286855,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50312,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":200,"flow_first_seen":1455907272856,"flow_last_seen":1455907284046,"flow_idle_time":200000,"flow_min_l4_payload_len":17,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":11820,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1455907286855,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50318,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":200,"flow_first_seen":1455907275690,"flow_last_seen":1455907286608,"flow_idle_time":200000,"flow_min_l4_payload_len":17,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":11742,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1455907286855,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50319,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00818{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":1922,"flow_first_seen":1455907243976,"flow_last_seen":1455907286855,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":61604,"flow_avg_l4_payload_len":32,"midstream":1,"thread_ts_msec":1455907286855,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53522,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
00819{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":1926,"flow_first_seen":1455907258332,"flow_last_seen":1455907286855,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":61604,"flow_avg_l4_payload_len":31,"midstream":1,"thread_ts_msec":1455907286855,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53523,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
00819{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":1919,"flow_first_seen":1455907271483,"flow_last_seen":1455907286855,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":61604,"flow_avg_l4_payload_len":32,"midstream":1,"thread_ts_msec":1455907286855,"l3_proto":"ip4","src_ip":"192.168.56.101","dst_ip":"192.168.56.1","src_port":17501,"dst_port":53524,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
00819{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":1928,"flow_first_seen":1455907267002,"flow_last_seen":1455907286845,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":61855,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1455907286855,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53528,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":100,"flow_dst_packets_processed":100,"flow_first_seen":1455907271481,"flow_last_seen":1455907282686,"flow_idle_time":200000,"flow_min_l4_payload_len":17,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":11720,"midstream":0,"thread_ts_msec":1455907286855,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50311,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":100,"flow_dst_packets_processed":100,"flow_first_seen":1455907274088,"flow_last_seen":1455907285181,"flow_idle_time":200000,"flow_min_l4_payload_len":17,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":11794,"midstream":0,"thread_ts_msec":1455907286855,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50312,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":100,"flow_dst_packets_processed":100,"flow_first_seen":1455907272856,"flow_last_seen":1455907284046,"flow_idle_time":200000,"flow_min_l4_payload_len":17,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":11820,"midstream":0,"thread_ts_msec":1455907286855,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50318,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":100,"flow_dst_packets_processed":100,"flow_first_seen":1455907275690,"flow_last_seen":1455907286608,"flow_idle_time":200000,"flow_min_l4_payload_len":17,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":11742,"midstream":0,"thread_ts_msec":1455907286855,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50319,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00826{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":921,"flow_dst_packets_processed":1001,"flow_first_seen":1455907243976,"flow_last_seen":1455907286855,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":61604,"midstream":1,"thread_ts_msec":1455907286855,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53522,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
00827{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":918,"flow_dst_packets_processed":1008,"flow_first_seen":1455907258332,"flow_last_seen":1455907286855,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":61604,"midstream":1,"thread_ts_msec":1455907286855,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53523,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
00827{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":1005,"flow_dst_packets_processed":914,"flow_first_seen":1455907271483,"flow_last_seen":1455907286855,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":61604,"midstream":1,"thread_ts_msec":1455907286855,"l3_proto":"ip4","src_ip":"192.168.56.101","dst_ip":"192.168.56.1","src_port":17501,"dst_port":53524,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
00827{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":924,"flow_dst_packets_processed":1004,"flow_first_seen":1455907267002,"flow_last_seen":1455907286845,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":61855,"midstream":0,"thread_ts_msec":1455907286855,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53528,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
00569{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","packets-captured":8516,"packets-processed":8514,"total-skipped-flows":0,"total-l4-payload-len":294179,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":16,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":16,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":91,"global_ts_msec":1455907286855}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 8516/8514
@@ -97,10 +97,10 @@
~~ total active/idle flows...: 16/16
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6274075 bytes
~~ total memory freed........: 6274075 bytes
~~ total memory allocated....: 6274203 bytes
~~ total memory freed........: 6274203 bytes
~~ total allocations/frees...: 129454/129454
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 458 chars
~~ json string max len.......: 824 chars
~~ json string avg len.......: 640 chars
~~ json string max len.......: 832 chars
~~ json string avg len.......: 644 chars

66
test/results/collectd.pcap.out
View File

@@ -1,56 +1,56 @@
00459{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"collectd.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00547{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"collectd.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":946742154132}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"collectd.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946742154132,"flow_last_seen":946742154132,"flow_idle_time":200000,"flow_min_l4_payload_len":1326,"flow_max_l4_payload_len":1326,"flow_tot_l4_payload_len":1326,"flow_avg_l4_payload_len":1326,"midstream":0,"thread_ts_msec":946742154132,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36576,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"collectd.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946742154132,"flow_last_seen":946742154132,"flow_idle_time":200000,"flow_min_l4_payload_len":1326,"flow_max_l4_payload_len":1326,"flow_tot_l4_payload_len":1326,"midstream":0,"thread_ts_msec":946742154132,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36576,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02208{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"collectd.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":946742154132,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1368,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1368,"pkt_l4_len":1334,"thread_ts_msec":946742154132,"pkt":"AAAAAAAAAAAAAAAACABFAAVKil5AAEARrUJ\/AAABfwAAAY7gZOIFNgNKAAAAFWRldmxhcC5mcml0ei5ib3gAAAgADBiqh0gIgY30AAkADAAAAAKAAAAAAAIACGNwdQAAAwAGMQAABAAIY3B1AAAFAApzdGVhbAAABgAPAAECAAAAAAAAAAAACAAMGKqHSAiByMEAAwAGMwAABgAPAAECAAAAAAAAAAAACAAMGKqHSAiBcUEAAwAGMgAABQAMc29mdGlycQAABgAPAAECAAAAAAAAUz8ACAAMGKqHSAiB0JMAAwAGMAAABQAJaWRsZQAABgAPAAECAAAAAABG4skACAAMGKqHSAiB3pAAAwAGMgAABgAPAAECAAAAAABKYAwACAAMGKqHSAiB1uQAAwAGMQAABgAPAAECAAAAAABIjKAACAAMGKqHSAiB5qEAAwAGMwAABgAPAAECAAAAAABJKEEACAAMGKqHSAiDZ5YAAgALbWVtb3J5AAADAAUAAAQAC21lbW9yeQAABQAJdXNlZAAABgAPAAEBAAAAAGaR7UEABQANYnVmZmVyZWQAAAYADwABAQAAAABgfcBBAAgADBiqh0gIgR9KAAIACGNwdQAAAwAGMAAABAAIY3B1AAAFAA5pbnRlcnJ1cHQAAAYADwABAgAAAAAAAQ\/5AAgADBiqh0gIg2eWAAIAC21lbW9yeQAAAwAFAAAEAAttZW1vcnkAAAUAC2NhY2hlZAAABgAPAAEBAAAAABRC50EACAAMGKqHSAiBMQAAAgAIY3B1AAADAAYyAAAEAAhjcHUAAAUADmludGVycnVwdAAABgAPAAECAAAAAAAA0OkACAAMGKqHSAiDZ5YAAgALbWVtb3J5AAADAAUAAAQAC21lbW9yeQAABQAQc2xhYl91bnJlY2wAAAYADwABAQAAAADA25dBAAgADBiqh0gIgb+WAAIACGNwdQAAAwAGMgAABAAIY3B1AAAFAApzdGVhbAAABgAPAAECAAAAAAAAAAAACAAMGKqHSAiDZ5YAAgALbWVtb3J5AAADAAUAAAQAC21lbW9yeQAABQAOYXZhaWxhYmxlAAAGAA8AAQEAAAAA6E7rQQAFAAlmcmVlAAAGAA8AAQEAAAAAwJ+1QQAFAA5zbGFiX3JlY2wAAAYADwABAQAAAAAgTKlBAAgADBiqh0qIftQ9AAIACGNwdQAAAwAGMAAABAAIY3B1AAAFAAl1c2VyAAAGAA8AAQIAAAAAABaxWwAIAAwYqodKiH8nRwADAAYxAAAGAA8AAQIAAAAAABX6SQAIAAwYqodKiH9osQADAAYyAAAGAA8AAQIAAAAAABQajAAIAAwYqodKiH+V7gADAAYzAAAGAA8AAQIAAAAAABX6jAAIAAwYqodKiH\/NZwADAAYwAAAFAAtzeXN0ZW0AAAYADwABAgAAAAAABKtmAAgADBiqh0qIgA6xAAMABjEAAAYADwABAgAAAAAABKpXAAgADBiqh0qIgBbKAAMABjIAAAYADwABAgAAAAAABKBGAAgADBiqh0qIgB0cAAMABjMAAAYADwABAgAAAAAABI2rAAgADBiqh0qIgCfPAAMABjAAAAUACXdhaXQAAAYADwABAgAAAAAAAEPsAAgADBiqh0qIgC9\/AAMABjEAAAYADwABAgAAAAAAAEPBAAgADBiqh0qIgDfpAAMABjIAAAYADwABAgAAAAAAAEdVAAgADBiqh0qIgD96AAMABjMAAAYADwABAgAAAAAAAD6AAAgADBiqh0qIgEcAAAMABjAAAAUACW5pY2UAAAYADwABAgAAAAAAAAAm"}
00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"collectd.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946742154132,"flow_last_seen":946742154132,"flow_idle_time":200000,"flow_min_l4_payload_len":1326,"flow_max_l4_payload_len":1326,"flow_tot_l4_payload_len":1326,"flow_avg_l4_payload_len":1326,"midstream":0,"thread_ts_msec":946742154132,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36576,"dst_port":25826,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"collectd","breed":"Acceptable","category":"System"}}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"collectd.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946742155132,"flow_last_seen":946742155132,"flow_idle_time":200000,"flow_min_l4_payload_len":1326,"flow_max_l4_payload_len":1326,"flow_tot_l4_payload_len":1326,"flow_avg_l4_payload_len":1326,"midstream":0,"thread_ts_msec":946742155132,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36320,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"collectd.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946742154132,"flow_last_seen":946742154132,"flow_idle_time":200000,"flow_min_l4_payload_len":1326,"flow_max_l4_payload_len":1326,"flow_tot_l4_payload_len":1326,"midstream":0,"thread_ts_msec":946742154132,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36576,"dst_port":25826,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"collectd","breed":"Acceptable","category":"System"}}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"collectd.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946742155132,"flow_last_seen":946742155132,"flow_idle_time":200000,"flow_min_l4_payload_len":1326,"flow_max_l4_payload_len":1326,"flow_tot_l4_payload_len":1326,"midstream":0,"thread_ts_msec":946742155132,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36320,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02210{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"collectd.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":946742155132,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1368,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1368,"pkt_l4_len":1334,"thread_ts_msec":946742155132,"pkt":"AAAAAAAAAAAAAAAACABFAAVKil5AAEARrUJ\/AAABfwAAAY3gZOIFNgNKAAD\/\/2RldmxhcC5mcml0ei5ib3gAAAgADBiqh0gIgY30AAkADAAAAAKAAAAAAAIACGNwdQAAAwAGMQAABAAIY3B1AAAFAApzdGVhbAAABgAPAAECAAAAAAAAAAAACAAMGKqHSAiByMEAAwAGMwAABgAPAAECAAAAAAAAAAAACAAMGKqHSAiBcUEAAwAGMgAABQAMc29mdGlycQAABgAPAAECAAAAAAAAUz8ACAAMGKqHSAiB0JMAAwAGMAAABQAJaWRsZQAABgAPAAECAAAAAABG4skACAAMGKqHSAiB3pAAAwAGMgAABgAPAAECAAAAAABKYAwACAAMGKqHSAiB1uQAAwAGMQAABgAPAAECAAAAAABIjKAACAAMGKqHSAiB5qEAAwAGMwAABgAPAAECAAAAAABJKEEACAAMGKqHSAiDZ5YAAgALbWVtb3J5AAADAAUAAAQAC21lbW9yeQAABQAJdXNlZAAABgAPAAEBAAAAAGaR7UEABQANYnVmZmVyZWQAAAYADwABAQAAAABgfcBBAAgADBiqh0gIgR9KAAIACGNwdQAAAwAGMAAABAAIY3B1AAAFAA5pbnRlcnJ1cHQAAAYADwABAgAAAAAAAQ\/5AAgADBiqh0gIg2eWAAIAC21lbW9yeQAAAwAFAAAEAAttZW1vcnkAAAUAC2NhY2hlZAAABgAPAAEBAAAAABRC50EACAAMGKqHSAiBMQAAAgAIY3B1AAADAAYyAAAEAAhjcHUAAAUADmludGVycnVwdAAABgAPAAECAAAAAAAA0OkACAAMGKqHSAiDZ5YAAgALbWVtb3J5AAADAAUAAAQAC21lbW9yeQAABQAQc2xhYl91bnJlY2wAAAYADwABAQAAAADA25dBAAgADBiqh0gIgb+WAAIACGNwdQAAAwAGMgAABAAIY3B1AAAFAApzdGVhbAAABgAPAAECAAAAAAAAAAAACAAMGKqHSAiDZ5YAAgALbWVtb3J5AAADAAUAAAQAC21lbW9yeQAABQAOYXZhaWxhYmxlAAAGAA8AAQEAAAAA6E7rQQAFAAlmcmVlAAAGAA8AAQEAAAAAwJ+1QQAFAA5zbGFiX3JlY2wAAAYADwABAQAAAAAgTKlBAAgADBiqh0qIftQ9AAIACGNwdQAAAwAGMAAABAAIY3B1AAAFAAl1c2VyAAAGAA8AAQIAAAAAABaxWwAIAAwYqodKiH8nRwADAAYxAAAGAA8AAQIAAAAAABX6SQAIAAwYqodKiH9osQADAAYyAAAGAA8AAQIAAAAAABQajAAIAAwYqodKiH+V7gADAAYzAAAGAA8AAQIAAAAAABX6jAAIAAwYqodKiH\/NZwADAAYwAAAFAAtzeXN0ZW0AAAYADwABAgAAAAAABKtmAAgADBiqh0qIgA6xAAMABjEAAAYADwABAgAAAAAABKpXAAgADBiqh0qIgBbKAAMABjIAAAYADwABAgAAAAAABKBGAAgADBiqh0qIgB0cAAMABjMAAAYADwABAgAAAAAABI2rAAgADBiqh0qIgCfPAAMABjAAAAUACXdhaXQAAAYADwABAgAAAAAAAEPsAAgADBiqh0qIgC9\/AAMABjEAAAYADwABAgAAAAAAAEPBAAgADBiqh0qIgDfpAAMABjIAAAYADwABAgAAAAAAAEdVAAgADBiqh0qIgD96AAMABjMAAAYADwABAgAAAAAAAD6AAAgADBiqh0qIgEcAAAMABjAAAAUACW5pY2UAAAYADwABAgAAAAAAAAAm"}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"collectd.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946742156132,"flow_last_seen":946742156132,"flow_idle_time":200000,"flow_min_l4_payload_len":1326,"flow_max_l4_payload_len":1326,"flow_tot_l4_payload_len":1326,"flow_avg_l4_payload_len":1326,"midstream":0,"thread_ts_msec":946742156132,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36064,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"collectd.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946742156132,"flow_last_seen":946742156132,"flow_idle_time":200000,"flow_min_l4_payload_len":1326,"flow_max_l4_payload_len":1326,"flow_tot_l4_payload_len":1326,"midstream":0,"thread_ts_msec":946742156132,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36064,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02210{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"collectd.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":946742156132,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1368,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1368,"pkt_l4_len":1334,"thread_ts_msec":946742156132,"pkt":"AAAAAAAAAAAAAAAACABFAAVKil5AAEARrUJ\/AAABfwAAAYzgZOIFNgNKAAAAFWRldmxhcC5mcml0ei5ib3gAAAgADBiqh0gIgY30AAkADAAAAAKAAAAA\/\/8ACGNwdQAAAwAGMQAABAAIY3B1AAAFAApzdGVhbAAABgAPAAECAAAAAAAAAAAACAAMGKqHSAiByMEAAwAGMwAABgAPAAECAAAAAAAAAAAACAAMGKqHSAiBcUEAAwAGMgAABQAMc29mdGlycQAABgAPAAECAAAAAAAAUz8ACAAMGKqHSAiB0JMAAwAGMAAABQAJaWRsZQAABgAPAAECAAAAAABG4skACAAMGKqHSAiB3pAAAwAGMgAABgAPAAECAAAAAABKYAwACAAMGKqHSAiB1uQAAwAGMQAABgAPAAECAAAAAABIjKAACAAMGKqHSAiB5qEAAwAGMwAABgAPAAECAAAAAABJKEEACAAMGKqHSAiDZ5YAAgALbWVtb3J5AAADAAUAAAQAC21lbW9yeQAABQAJdXNlZAAABgAPAAEBAAAAAGaR7UEABQANYnVmZmVyZWQAAAYADwABAQAAAABgfcBBAAgADBiqh0gIgR9KAAIACGNwdQAAAwAGMAAABAAIY3B1AAAFAA5pbnRlcnJ1cHQAAAYADwABAgAAAAAAAQ\/5AAgADBiqh0gIg2eWAAIAC21lbW9yeQAAAwAFAAAEAAttZW1vcnkAAAUAC2NhY2hlZAAABgAPAAEBAAAAABRC50EACAAMGKqHSAiBMQAAAgAIY3B1AAADAAYyAAAEAAhjcHUAAAUADmludGVycnVwdAAABgAPAAECAAAAAAAA0OkACAAMGKqHSAiDZ5YAAgALbWVtb3J5AAADAAUAAAQAC21lbW9yeQAABQAQc2xhYl91bnJlY2wAAAYADwABAQAAAADA25dBAAgADBiqh0gIgb+WAAIACGNwdQAAAwAGMgAABAAIY3B1AAAFAApzdGVhbAAABgAPAAECAAAAAAAAAAAACAAMGKqHSAiDZ5YAAgALbWVtb3J5AAADAAUAAAQAC21lbW9yeQAABQAOYXZhaWxhYmxlAAAGAA8AAQEAAAAA6E7rQQAFAAlmcmVlAAAGAA8AAQEAAAAAwJ+1QQAFAA5zbGFiX3JlY2wAAAYADwABAQAAAAAgTKlBAAgADBiqh0qIftQ9AAIACGNwdQAAAwAGMAAABAAIY3B1AAAFAAl1c2VyAAAGAA8AAQIAAAAAABaxWwAIAAwYqodKiH8nRwADAAYxAAAGAA8AAQIAAAAAABX6SQAIAAwYqodKiH9osQADAAYyAAAGAA8AAQIAAAAAABQajAAIAAwYqodKiH+V7gADAAYzAAAGAA8AAQIAAAAAABX6jAAIAAwYqodKiH\/NZwADAAYwAAAFAAtzeXN0ZW0AAAYADwABAgAAAAAABKtmAAgADBiqh0qIgA6xAAMABjEAAAYADwABAgAAAAAABKpXAAgADBiqh0qIgBbKAAMABjIAAAYADwABAgAAAAAABKBGAAgADBiqh0qIgB0cAAMABjMAAAYADwABAgAAAAAABI2rAAgADBiqh0qIgCfPAAMABjAAAAUACXdhaXQAAAYADwABAgAAAAAAAEPsAAgADBiqh0qIgC9\/AAMABjEAAAYADwABAgAAAAAAAEPBAAgADBiqh0qIgDfpAAMABjIAAAYADwABAgAAAAAAAEdVAAgADBiqh0qIgD96AAMABjMAAAYADwABAgAAAAAAAD6AAAgADBiqh0qIgEcAAAMABjAAAAUACW5pY2UAAAYADwABAgAAAAAAAAAm"}
00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"collectd.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946742156132,"flow_last_seen":946742156132,"flow_idle_time":200000,"flow_min_l4_payload_len":1326,"flow_max_l4_payload_len":1326,"flow_tot_l4_payload_len":1326,"flow_avg_l4_payload_len":1326,"midstream":0,"thread_ts_msec":946742156132,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36064,"dst_port":25826,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"collectd","breed":"Acceptable","category":"System"}}
00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"collectd.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946742156132,"flow_last_seen":946742156132,"flow_idle_time":200000,"flow_min_l4_payload_len":1326,"flow_max_l4_payload_len":1326,"flow_tot_l4_payload_len":1326,"midstream":0,"thread_ts_msec":946742156132,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36064,"dst_port":25826,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"collectd","breed":"Acceptable","category":"System"}}
00551{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4,"source":"collectd.pcap","alias":"nDPId-test","packets-captured":4,"packets-processed":3,"total-skipped-flows":0,"total-l4-payload-len":3978,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":3,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_msec":946746151465}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"collectd.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946746151465,"flow_last_seen":946746151465,"flow_idle_time":200000,"flow_min_l4_payload_len":1366,"flow_max_l4_payload_len":1366,"flow_tot_l4_payload_len":1366,"flow_avg_l4_payload_len":1366,"midstream":0,"thread_ts_msec":946746151465,"l3_proto":"ip4","src_ip":"192.168.178.35","dst_ip":"239.192.74.66","src_port":39576,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"collectd.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946746151465,"flow_last_seen":946746151465,"flow_idle_time":200000,"flow_min_l4_payload_len":1366,"flow_max_l4_payload_len":1366,"flow_tot_l4_payload_len":1366,"midstream":0,"thread_ts_msec":946746151465,"l3_proto":"ip4","src_ip":"192.168.178.35","dst_ip":"239.192.74.66","src_port":39576,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02292{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"collectd.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":946746151465,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1408,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1408,"pkt_l4_len":1374,"thread_ts_msec":946746151465,"pkt":"AAAAAAAAAAAAAAAACABFAAVysRJAAAERFprAqLIj78BKQpqYZOIFXrI+AhAFVv\/\/dXNlcsEiWwf\/ecmHq20KMKY60TNgWTifxhUWZCzzOonut\/nBLF1H9\/qjrU5R7\/H5O\/9DCfuI7YKK9r+lg3rOUKcDtnx6k3gtNCOgHQsqM7rGW+eN33S1hv\/QWiqJh22vfUfr7Wz7pYGKApBiZvpQtTEhc5hAetf3FPDtHKTWmaIAv9tpMJ\/C1iMPcZFdIsr2dDPokYbKhkO7YK1VgRFBm2eTLctpolFTqtNDbNm7ZZj+J4aMD2mZJnGIwYcXGtrkRXSRyBums+W0\/jz8zVPv3F9mqHBPDINnDWvpLDLobIdObIJno8I9jJWIUvexsFajL\/Ozn6gm5h5Bbary3bFaI1eTK9\/2PtGLDA75C4TnHGlqTybsnLPrgfJgwREyLUHKyyjysSqq3nmcDjg2jxv7jB\/7C1x4ERVxqcLGWKVSyPtJGgd833gDOhBdG4xbUSAQLAZ93ZhNhqDYpSH1iLu4WeSFrvXELH+6cym0Y6TgPbHb995Xd4eeznstGpKVPXUMBMYKyolrAJf5IhADYmfwsVbHYwmMY4b+7dLe8Xm4J6pnNHkCQ8D8q\/xlIjpnUrS9OVed\/2DlDBS1QStbE\/5D9qtP1vKoQWi7aNQljNk4LIQq71gjvpOQoYs5A2fU7jqs5Cj7g1YVzvRN1szG+q0InctAJFWNqveI4E4VlH\/arcTeRtG6STEypPhnpvREi8Y1HMoKqCoQ2XNXh6LreKH8j13m7n5IUINrWLGczoOvwh46DPuvBo2KGeZrJslABigBIDcj82i9s8gLnjLw9\/JZ2x7gkouGNhGSwI6E+HHJlTbRNuUsv\/6rZpEcDEihG4n3z7Vt80LO+ANJQ1PEO96u3kHeqsvkky84XapbdS3hpG\/ZxbNSNY8nK4OCSOQQ8HmKfoJVs6uDOBd\/wp2958CwlilWA+S7vIiQ1XgDMWkpnLBj0SxBkzaVjTocJQTqqyWTwe3IhhIJv81ISkko8HlqeLw6ucXInaAjACXZe+tWeEVUOeFlwkGIIzC1N4S0VtZ61SexhHWzr\/i9+G9ZKKsehcu3XJBgh1f60wB6VdfrKhuC5O+DjSawaWC4SpBpu+HXc5ivM+uiz5tYgYFHvZZNAX520+pU7SYW1nlm8z8\/p7hrSy4or4XEkX6alUhb2dPGHzFD8JaAiNPkifbtDixhZdVcES3WwpR0Ee8a2+96wN6EZWNgwUs7rB2p7yVJHR76cDlQ4Kn2ZsRDtijNF38f24MQDLxP4V3sCe2kxcWUIAwjR6dboGGToHbd4gC7kvh\/FM9CeCXw8edRrjHiX4wnTLxVl9Tka0gXAevnElxIQ6DbX8f3r7039o6XRuqpxn0ACZ1UjAWdNP5AnrGPEDhQYcbCL1rrIoiDXNbcbYfPGBMR0rENIqKDB4er0OJ0AMEmws1dKMgg8kdYXjcu2lTLVY4\/4d9fGNXECu0E+IBVi1I\/a05N27robtMnHhQS3RLkMgdw2UHSJmRpgA2AeN7d5fzdRb1cndtHczkpZ4DqnETqYT245MmiMyzhppvI8TfDhCd1ynjvTf\/tCkooHN2LdiiRy3Nwel6jnMS4sDovy8cCEn9qicofWJUG7y5a\/VIh54v0RwEEnumWw\/ZdPXVhbMfahFcQa0uAqmRQ+1dUag87w7YOq0bDC6ojsLdQ0XEWCC562cwnsSkgbZ5fTl3ZKIGjfA5C2IbcoLoeLIRL87MyrjfoqdSbenCEN1JHvCKm8MwRfUxtBnRG6JvCJKg82EHDqygdxWBY5xyz+WlvhZcsZvu\/jKGESQRQiW2wuv9DlwnzHiLS\/qJ\/XT4Fpxe9+g=="}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"collectd.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946746151465,"flow_last_seen":946746151465,"flow_idle_time":200000,"flow_min_l4_payload_len":1366,"flow_max_l4_payload_len":1366,"flow_tot_l4_payload_len":1366,"flow_avg_l4_payload_len":1366,"midstream":0,"thread_ts_msec":946746151465,"l3_proto":"ip4","src_ip":"192.168.178.35","dst_ip":"239.192.74.66","src_port":39577,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"collectd.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946746151465,"flow_last_seen":946746151465,"flow_idle_time":200000,"flow_min_l4_payload_len":1366,"flow_max_l4_payload_len":1366,"flow_tot_l4_payload_len":1366,"midstream":0,"thread_ts_msec":946746151465,"l3_proto":"ip4","src_ip":"192.168.178.35","dst_ip":"239.192.74.66","src_port":39577,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02292{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"collectd.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":946746151465,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1408,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1408,"pkt_l4_len":1374,"thread_ts_msec":946746151465,"pkt":"AAAAAAAAAAAAAAAACABFAAVysRJAAAERFprAqLIj78BKQpqZZOIFXrI+AhD\/\/wAEdXNlcsEiWwf\/ecmHq20KMKY60TNgWTifxhUWZCzzOonut\/nBLF1H9\/qjrU5R7\/H5O\/9DCfuI7YKK9r+lg3rOUKcDtnx6k3gtNCOgHQsqM7rGW+eN33S1hv\/QWiqJh22vfUfr7Wz7pYGKApBiZvpQtTEhc5hAetf3FPDtHKTWmaIAv9tpMJ\/C1iMPcZFdIsr2dDPokYbKhkO7YK1VgRFBm2eTLctpolFTqtNDbNm7ZZj+J4aMD2mZJnGIwYcXGtrkRXSRyBums+W0\/jz8zVPv3F9mqHBPDINnDWvpLDLobIdObIJno8I9jJWIUvexsFajL\/Ozn6gm5h5Bbary3bFaI1eTK9\/2PtGLDA75C4TnHGlqTybsnLPrgfJgwREyLUHKyyjysSqq3nmcDjg2jxv7jB\/7C1x4ERVxqcLGWKVSyPtJGgd833gDOhBdG4xbUSAQLAZ93ZhNhqDYpSH1iLu4WeSFrvXELH+6cym0Y6TgPbHb995Xd4eeznstGpKVPXUMBMYKyolrAJf5IhADYmfwsVbHYwmMY4b+7dLe8Xm4J6pnNHkCQ8D8q\/xlIjpnUrS9OVed\/2DlDBS1QStbE\/5D9qtP1vKoQWi7aNQljNk4LIQq71gjvpOQoYs5A2fU7jqs5Cj7g1YVzvRN1szG+q0InctAJFWNqveI4E4VlH\/arcTeRtG6STEypPhnpvREi8Y1HMoKqCoQ2XNXh6LreKH8j13m7n5IUINrWLGczoOvwh46DPuvBo2KGeZrJslABigBIDcj82i9s8gLnjLw9\/JZ2x7gkouGNhGSwI6E+HHJlTbRNuUsv\/6rZpEcDEihG4n3z7Vt80LO+ANJQ1PEO96u3kHeqsvkky84XapbdS3hpG\/ZxbNSNY8nK4OCSOQQ8HmKfoJVs6uDOBd\/wp2958CwlilWA+S7vIiQ1XgDMWkpnLBj0SxBkzaVjTocJQTqqyWTwe3IhhIJv81ISkko8HlqeLw6ucXInaAjACXZe+tWeEVUOeFlwkGIIzC1N4S0VtZ61SexhHWzr\/i9+G9ZKKsehcu3XJBgh1f60wB6VdfrKhuC5O+DjSawaWC4SpBpu+HXc5ivM+uiz5tYgYFHvZZNAX520+pU7SYW1nlm8z8\/p7hrSy4or4XEkX6alUhb2dPGHzFD8JaAiNPkifbtDixhZdVcES3WwpR0Ee8a2+96wN6EZWNgwUs7rB2p7yVJHR76cDlQ4Kn2ZsRDtijNF38f24MQDLxP4V3sCe2kxcWUIAwjR6dboGGToHbd4gC7kvh\/FM9CeCXw8edRrjHiX4wnTLxVl9Tka0gXAevnElxIQ6DbX8f3r7039o6XRuqpxn0ACZ1UjAWdNP5AnrGPEDhQYcbCL1rrIoiDXNbcbYfPGBMR0rENIqKDB4er0OJ0AMEmws1dKMgg8kdYXjcu2lTLVY4\/4d9fGNXECu0E+IBVi1I\/a05N27robtMnHhQS3RLkMgdw2UHSJmRpgA2AeN7d5fzdRb1cndtHczkpZ4DqnETqYT245MmiMyzhppvI8TfDhCd1ynjvTf\/tCkooHN2LdiiRy3Nwel6jnMS4sDovy8cCEn9qicofWJUG7y5a\/VIh54v0RwEEnumWw\/ZdPXVhbMfahFcQa0uAqmRQ+1dUag87w7YOq0bDC6ojsLdQ0XEWCC562cwnsSkgbZ5fTl3ZKIGjfA5C2IbcoLoeLIRL87MyrjfoqdSbenCEN1JHvCKm8MwRfUxtBnRG6JvCJKg82EHDqygdxWBY5xyz+WlvhZcsZvu\/jKGESQRQiW2wuv9DlwnzHiLS\/qJ\/XT4Fpxe9+g=="}
00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"collectd.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946742156132,"flow_last_seen":946742156132,"flow_idle_time":200000,"flow_min_l4_payload_len":1326,"flow_max_l4_payload_len":1326,"flow_tot_l4_payload_len":1326,"flow_avg_l4_payload_len":1326,"midstream":0,"thread_ts_msec":946746151465,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36064,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"collectd","breed":"Acceptable","category":"System"}}
00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6,"source":"collectd.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946742155132,"flow_last_seen":946742155132,"flow_idle_time":200000,"flow_min_l4_payload_len":1326,"flow_max_l4_payload_len":1326,"flow_tot_l4_payload_len":1326,"flow_avg_l4_payload_len":1326,"midstream":0,"thread_ts_msec":946746151465,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36320,"dst_port":25826,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"collectd","breed":"Acceptable","category":"System"}}
00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"collectd.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946742155132,"flow_last_seen":946742155132,"flow_idle_time":200000,"flow_min_l4_payload_len":1326,"flow_max_l4_payload_len":1326,"flow_tot_l4_payload_len":1326,"flow_avg_l4_payload_len":1326,"midstream":0,"thread_ts_msec":946746151465,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36320,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"collectd.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946742154132,"flow_last_seen":946742154132,"flow_idle_time":200000,"flow_min_l4_payload_len":1326,"flow_max_l4_payload_len":1326,"flow_tot_l4_payload_len":1326,"flow_avg_l4_payload_len":1326,"midstream":0,"thread_ts_msec":946746151465,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36576,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"collectd","breed":"Acceptable","category":"System"}}
00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"collectd.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946742156132,"flow_last_seen":946742156132,"flow_idle_time":200000,"flow_min_l4_payload_len":1326,"flow_max_l4_payload_len":1326,"flow_tot_l4_payload_len":1326,"midstream":0,"thread_ts_msec":946746151465,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36064,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"collectd","breed":"Acceptable","category":"System"}}
00654{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6,"source":"collectd.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946742155132,"flow_last_seen":946742155132,"flow_idle_time":200000,"flow_min_l4_payload_len":1326,"flow_max_l4_payload_len":1326,"flow_tot_l4_payload_len":1326,"midstream":0,"thread_ts_msec":946746151465,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36320,"dst_port":25826,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"collectd","breed":"Acceptable","category":"System"}}
00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"collectd.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946742155132,"flow_last_seen":946742155132,"flow_idle_time":200000,"flow_min_l4_payload_len":1326,"flow_max_l4_payload_len":1326,"flow_tot_l4_payload_len":1326,"midstream":0,"thread_ts_msec":946746151465,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36320,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"collectd.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946742154132,"flow_last_seen":946742154132,"flow_idle_time":200000,"flow_min_l4_payload_len":1326,"flow_max_l4_payload_len":1326,"flow_tot_l4_payload_len":1326,"midstream":0,"thread_ts_msec":946746151465,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36576,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"collectd","breed":"Acceptable","category":"System"}}
00552{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":6,"source":"collectd.pcap","alias":"nDPId-test","packets-captured":6,"packets-processed":5,"total-skipped-flows":0,"total-l4-payload-len":6710,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":5,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_msec":1655315218479}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"collectd.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655315218479,"flow_last_seen":1655315218479,"flow_idle_time":200000,"flow_min_l4_payload_len":1344,"flow_max_l4_payload_len":1344,"flow_tot_l4_payload_len":1344,"flow_avg_l4_payload_len":1344,"midstream":0,"thread_ts_msec":1655315218479,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54138,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"collectd.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655315218479,"flow_last_seen":1655315218479,"flow_idle_time":200000,"flow_min_l4_payload_len":1344,"flow_max_l4_payload_len":1344,"flow_tot_l4_payload_len":1344,"midstream":0,"thread_ts_msec":1655315218479,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54138,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02235{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"collectd.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1655315218479,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1386,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1386,"pkt_l4_len":1352,"thread_ts_msec":1655315218479,"pkt":"AAAAAAAAAAAAAAAACABFAAVcLQ9AAEARCoB\/AAABfwAAAdN6ZOIFSANcAAAAFWRldmxhcC5mcml0ei5ib3gAAAgADBiqhsIetVOvAAkADAAAAAKAAAAAAAIACGNwdQAAAwAGMwAABAAIY3B1AAAFAAlpZGxlAAAGAA8AAQIAAAAAAEh8igAIAAwYqobCHrR67QADAAYxAAAFAAluaWNlAAAGAA8AAQIAAAAAAAAAMQAIAAwYqobCHrVLVQADAAYyAAAFAAlpZGxlAAAGAA8AAQIAAAAAAEm00wAIAAwYqobCHryG+AACAAttZW1vcnkAAAMABQAABAALbWVtb3J5AAAFAAl1c2VkAAAGAA8AAQEAAAAA2BLtQQAFAA1idWZmZXJlZAAABgAPAAEBAAAAANBcwEEABQALY2FjaGVkAAAGAA8AAQEAAAAAynjmQQAFAAlmcmVlAAAGAA8AAQEAAAAAkCfAQQAFAA5hdmFpbGFibGUAAAYADwABAQAAAAAE3+tBAAUAEHNsYWJfdW5yZWNsAAAGAA8AAQEAAAAAANaXQQAFAA5zbGFiX3JlY2wAAAYADwABAQAAAAAg7ahBAAgADBiqhsSesjKdAAIACGNwdQAAAwAGMAAABAAIY3B1AAAFAAl1c2VyAAAGAA8AAQIAAAAAABaX1gAIAAwYqobEnrJfCQADAAYyAAAGAA8AAQIAAAAAABQBWwAIAAwYqobEnrKDcQADAAYzAAAGAA8AAQIAAAAAABXhLQAIAAwYqobEnrLCpgADAAYxAAAFAAtzeXN0ZW0AAAYADwABAgAAAAAABKFFAAgADBiqhsSess\/yAAMABjAAAAUACXdhaXQAAAYADwABAgAAAAAAAENLAAgADBiqhsSesk3YAAMABjEAAAUACXVzZXIAAAYADwABAgAAAAAAFeA2AAgADBiqhsSestJFAAUACXdhaXQAAAYADwABAgAAAAAAAENGAAgADBiqhsSesqjuAAMABjAAAAUAC3N5c3RlbQAABgAPAAECAAAAAAAEokkACAAMGKqGxJ6yx68AAwAGMwAABgAPAAECAAAAAAAEhJAACAAMGKqGxJ6y1z0ABQAJd2FpdAAABgAPAAECAAAAAAAAPhAACAAMGKqGxJ6y2ckAAwAGMAAABQAJbmljZQAABgAPAAECAAAAAAAAACYACAAMGKqGxJ6y3FYAAwAGMQAABgAPAAECAAAAAAAAADEACAAMGKqGxJ6y4OIAAwAGMwAABgAPAAECAAAAAAAAADAACAAMGKqGxJ6yxTgAAwAGMgAABQALc3lzdGVtAAAGAA8AAQIAAAAAAASXNwAIAAwYqobEnrLUXAAFAAl3YWl0AAAGAA8AAQIAAAAAAABGMAAIAAwYqobEnrLuvwAFAA5pbnRlcnJ1cHQAAAYADwABAgAAAAAAAM\/mAAgADBiqhsSesvscAAMABjAAAAUADHNvZnRpcnEAAAYADwABAgAAAAAAAOnzAAgADBiqhsSesv0mAAMABjEAAAYADwABAgAAAAAAAHMKAAgADBiqhsSesuvPAAUADmludGVycnVwdAAABgAPAAECAAAAAAAAo1oACAAMGKqGxJ6y8H0AAwAGMwAABgAPAAECAAAAAAAAbUsACAAMGKqGxJ6y\/yAAAwAGMgAABQAMc29mdGlycQAABgAPAAECAAAAAAAAUq8ACAAMGKqGxJ6zBsgAAwAGMAAABQAKc3RlYWwAAAYADwABAgAAAAAAAAAAAAgADBiqhsSeswuRAAMABjIAAAYADwABAgAAAAAAAAAAAAgADBiqhsSest6\/AAUACW5pY2UAAAYADwABAgAAAAAAAAAr"}
00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"collectd.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655315218479,"flow_last_seen":1655315218479,"flow_idle_time":200000,"flow_min_l4_payload_len":1344,"flow_max_l4_payload_len":1344,"flow_tot_l4_payload_len":1344,"flow_avg_l4_payload_len":1344,"midstream":0,"thread_ts_msec":1655315218479,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54138,"dst_port":25826,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"collectd","breed":"Acceptable","category":"System"}}
00660{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7,"source":"collectd.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946746151465,"flow_last_seen":946746151465,"flow_idle_time":200000,"flow_min_l4_payload_len":1366,"flow_max_l4_payload_len":1366,"flow_tot_l4_payload_len":1366,"flow_avg_l4_payload_len":1366,"midstream":0,"thread_ts_msec":1655315218479,"l3_proto":"ip4","src_ip":"192.168.178.35","dst_ip":"239.192.74.66","src_port":39576,"dst_port":25826,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"collectd","breed":"Acceptable","category":"System"}}
00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"collectd.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946746151465,"flow_last_seen":946746151465,"flow_idle_time":200000,"flow_min_l4_payload_len":1366,"flow_max_l4_payload_len":1366,"flow_tot_l4_payload_len":1366,"flow_avg_l4_payload_len":1366,"midstream":0,"thread_ts_msec":1655315218479,"l3_proto":"ip4","src_ip":"192.168.178.35","dst_ip":"239.192.74.66","src_port":39576,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00660{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7,"source":"collectd.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946746151465,"flow_last_seen":946746151465,"flow_idle_time":200000,"flow_min_l4_payload_len":1366,"flow_max_l4_payload_len":1366,"flow_tot_l4_payload_len":1366,"flow_avg_l4_payload_len":1366,"midstream":0,"thread_ts_msec":1655315218479,"l3_proto":"ip4","src_ip":"192.168.178.35","dst_ip":"239.192.74.66","src_port":39577,"dst_port":25826,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"collectd","breed":"Acceptable","category":"System"}}
00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"collectd.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946746151465,"flow_last_seen":946746151465,"flow_idle_time":200000,"flow_min_l4_payload_len":1366,"flow_max_l4_payload_len":1366,"flow_tot_l4_payload_len":1366,"flow_avg_l4_payload_len":1366,"midstream":0,"thread_ts_msec":1655315218479,"l3_proto":"ip4","src_ip":"192.168.178.35","dst_ip":"239.192.74.66","src_port":39577,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"collectd.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655315218479,"flow_last_seen":1655315218479,"flow_idle_time":200000,"flow_min_l4_payload_len":1344,"flow_max_l4_payload_len":1344,"flow_tot_l4_payload_len":1344,"midstream":0,"thread_ts_msec":1655315218479,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54138,"dst_port":25826,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"collectd","breed":"Acceptable","category":"System"}}
00664{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7,"source":"collectd.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946746151465,"flow_last_seen":946746151465,"flow_idle_time":200000,"flow_min_l4_payload_len":1366,"flow_max_l4_payload_len":1366,"flow_tot_l4_payload_len":1366,"midstream":0,"thread_ts_msec":1655315218479,"l3_proto":"ip4","src_ip":"192.168.178.35","dst_ip":"239.192.74.66","src_port":39576,"dst_port":25826,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"collectd","breed":"Acceptable","category":"System"}}
00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"collectd.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946746151465,"flow_last_seen":946746151465,"flow_idle_time":200000,"flow_min_l4_payload_len":1366,"flow_max_l4_payload_len":1366,"flow_tot_l4_payload_len":1366,"midstream":0,"thread_ts_msec":1655315218479,"l3_proto":"ip4","src_ip":"192.168.178.35","dst_ip":"239.192.74.66","src_port":39576,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00664{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7,"source":"collectd.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946746151465,"flow_last_seen":946746151465,"flow_idle_time":200000,"flow_min_l4_payload_len":1366,"flow_max_l4_payload_len":1366,"flow_tot_l4_payload_len":1366,"midstream":0,"thread_ts_msec":1655315218479,"l3_proto":"ip4","src_ip":"192.168.178.35","dst_ip":"239.192.74.66","src_port":39577,"dst_port":25826,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"collectd","breed":"Acceptable","category":"System"}}
00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"collectd.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946746151465,"flow_last_seen":946746151465,"flow_idle_time":200000,"flow_min_l4_payload_len":1366,"flow_max_l4_payload_len":1366,"flow_tot_l4_payload_len":1366,"midstream":0,"thread_ts_msec":1655315218479,"l3_proto":"ip4","src_ip":"192.168.178.35","dst_ip":"239.192.74.66","src_port":39577,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02186{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"collectd.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1655315228479,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1350,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1350,"pkt_l4_len":1316,"thread_ts_msec":1655315228479,"pkt":"AAAAAAAAAAAAAAAACABFAAU4MI9AAEARByR\/AAABfwAAAdN6ZOIFJAM4AAAAFWRldmxhcC5mcml0ei5ib3gAAAgADBiqhsSesw2LAAkADAAAAAKAAAAAAAIACGNwdQAAAwAGMwAABAAIY3B1AAAFAApzdGVhbAAABgAPAAECAAAAAAAAAAAACAAMGKqGxJ6zFBoAAwAGMQAABQAJaWRsZQAABgAPAAECAAAAAABH5cwACAAMGKqGxJ6zCV4ABQAKc3RlYWwAAAYADwABAgAAAAAAAAAAAAgADBiqhsSesxcVAAMABjIAAAUACWlkbGUAAAYADwABAgAAAAAASbf6AAgADBiqhsSesz\/FAAMABjMAAAYADwABAgAAAAAASH+uAAgADBiqhsSeswMiAAUADHNvZnRpcnEAAAYADwABAgAAAAAAADpnAAgADBiqhsSesumvAAMABjAAAAUADmludGVycnVwdAAABgAPAAECAAAAAAABDmMACAAMGKqGxJ6zEJkABQAJaWRsZQAABgAPAAECAAAAAABGPJwACAAMGKqGxJ68MtkAAgALbWVtb3J5AAADAAUAAAQAC21lbW9yeQAABQAJdXNlZAAABgAPAAEBAAAAACgm7UEABQAQc2xhYl91bnJlY2wAAAYADwABAQAAAADA1JdBAAUACWZyZWUAAAYADwABAQAAAACQh79BAAUADnNsYWJfcmVjbAAABgAPAAEBAAAAAODuqEEABQALY2FjaGVkAAAGAA8AAQEAAAAAJH7mQQAFAA5hdmFpbGFibGUAAAYADwABAQAAAACyyetBAAUADWJ1ZmZlcmVkAAAGAA8AAQEAAAAAgF3AQQAIAAwYqobHHrIAtAACAAhjcHUAAAMABjAAAAQACGNwdQAABQAJdXNlcgAABgAPAAECAAAAAAAWmGUACAAMGKqGxx6yc88AAwAGMgAABgAPAAECAAAAAAAUAeoACAAMGKqGxx6y30YAAwAGMwAABgAPAAECAAAAAAAV4bkACAAMGKqGxx6zAhoAAwAGMAAABQALc3lzdGVtAAAGAA8AAQIAAAAAAASihAAIAAwYqobHHrJGeQADAAYxAAAFAAl1c2VyAAAGAA8AAQIAAAAAABXguwAIAAwYqobHHrN9FwADAAYyAAAFAAtzeXN0ZW0AAAYADwABAgAAAAAABJdqAAgADBiqhsces3G\/AAMABjEAAAYADwABAgAAAAAABKF6AAgADBiqhsces5viAAUACXdhaXQAAAYADwABAgAAAAAAAENHAAgADBiqhsces6+dAAMABjMAAAYADwABAgAAAAAAAD4RAAgADBiqhsces6bAAAMABjIAAAYADwABAgAAAAAAAEYxAAgADBiqhsces4cUAAMABjMAAAUAC3N5c3RlbQAABgAPAAECAAAAAAAEhMoACAAMGKqGxx6zvbEAAwAGMQAABQAJbmljZQAABgAPAAECAAAAAAAAADEACAAMGKqGxx6zxf4AAwAGMgAABgAPAAECAAAAAAAAACsACAAMGKqGxx6ztqkAAwAGMAAABgAPAAECAAAAAAAAACYACAAMGKqGxx60DwgABQAOaW50ZXJydXB0AAAGAA8AAQIAAAAAAAEOaQAIAAwYqobHHrOS2gAFAAl3YWl0AAAGAA8AAQIAAAAAAABDTgAIAAwYqobHHrQljAADAAYyAAAFAA5pbnRlcnJ1cHQAAAYADwABAgAAAAAAAM\/sAAgADBiqhscetDpkAAMABjAAAAUADHNvZnRpcnEAAAYADwABAgAAAAAAAOn9"}
02214{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"collectd.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1655315238479,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1370,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1370,"pkt_l4_len":1336,"thread_ts_msec":1655315238479,"pkt":"AAAAAAAAAAAAAAAACABFAAVMObJAAEAR\/ex\/AAABfwAAAdN6ZOIFOANMAAAAFWRldmxhcC5mcml0ei5ib3gAAAgADBiqhscetBqdAAkADAAAAAKAAAAAAAIACGNwdQAAAwAGMQAABAAIY3B1AAAFAA5pbnRlcnJ1cHQAAAYADwABAgAAAAAAAKNkAAgADBiqhscetF03AAMABjMAAAUADHNvZnRpcnEAAAYADwABAgAAAAAAADppAAgADBiqhscetFN7AAMABjIAAAYADwABAgAAAAAAAFKyAAgADBiqhsces99LAAMABjMAAAUACW5pY2UAAAYADwABAgAAAAAAAAAwAAgADBiqhscetHcUAAMABjIAAAUACnN0ZWFsAAAGAA8AAQIAAAAAAAAAAAAIAAwYqobHHrSGmwADAAYzAAAGAA8AAQIAAAAAAAAAAAAIAAwYqobHHrSVUgADAAYwAAAFAAlpZGxlAAAGAA8AAQIAAAAAAEY\/oQAIAAwYqobHHrSeKQADAAYxAAAGAA8AAQIAAAAAAEfo0wAIAAwYqobHHrSp9QADAAYyAAAGAA8AAQIAAAAAAEm7CwAIAAwYqobHHrSzJwADAAYzAAAGAA8AAQIAAAAAAEiCvgAIAAwYqobHHrz4NAACAAttZW1vcnkAAAMABQAABAALbWVtb3J5AAAFAAl1c2VkAAAGAA8AAQEAAAAAnhPtQQAFAA1idWZmZXJlZAAABgAPAAEBAAAAAPBdwEEABQALY2FjaGVkAAAGAA8AAQEAAAAAgoHmQQAFAAlmcmVlAAAGAA8AAQEAAAAAQP+\/QQAFAA5hdmFpbGFibGUAAAYADwABAQAAAAA83OtBAAUAEHNsYWJfdW5yZWNsAAAGAA8AAQEAAAAAgM6XQQAFAA5zbGFiX3JlY2wAAAYADwABAQAAAACA8KhBAAgADBiqhscetEZwAAIACGNwdQAAAwAGMQAABAAIY3B1AAAFAAxzb2Z0aXJxAAAGAA8AAQIAAAAAAABzFgAIAAwYqobHHrQwpgADAAYzAAAFAA5pbnRlcnJ1cHQAAAYADwABAgAAAAAAAG1PAAgADBiqhscetGYpAAMABjAAAAUACnN0ZWFsAAAGAA8AAQIAAAAAAAAAAAAIAAwYqobHHrRulgADAAYxAAAGAA8AAQIAAAAAAAAAAAAIAAwYqobJnrHCtwADAAYwAAAFAAl1c2VyAAAGAA8AAQIAAAAAABaZBAAIAAwYqobJnrInDwADAAYyAAAGAA8AAQIAAAAAABQCXAAIAAwYqobJnrIEPAADAAYxAAAGAA8AAQIAAAAAABXhOQAIAAwYqobJnrJKgAADAAYzAAAGAA8AAQIAAAAAABXiOQAIAAwYqobJnrLEAgADAAYyAAAFAAtzeXN0ZW0AAAYADwABAgAAAAAABJeYAAgADBiqhsmessoeAAMABjMAAAYADwABAgAAAAAABIT4AAgADBiqhsmestlJAAMABjAAAAUACXdhaXQAAAYADwABAgAAAAAAAENRAAgADBiqhsmesunZAAMABjMAAAYADwABAgAAAAAAAD4SAAgADBiqhsmest6UAAMABjEAAAYADwABAgAAAAAAAENMAAgADBiqhsmesvFnAAMABjAAAAUACW5pY2UAAAYADwABAgAAAAAAAAAmAAgADBiqhsmesvgHAAMABjEAAAYADwABAgAAAAAAAAAxAAgADBiqhsmesxIGAAMABjIAAAYADwABAgAAAAAAAAArAAgADBiqhsmeszJGAAMABjAAAAUADmludGVycnVwdAAABgAPAAECAAAAAAABDpI="}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"collectd.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655315313991,"flow_last_seen":1655315313991,"flow_idle_time":200000,"flow_min_l4_payload_len":1343,"flow_max_l4_payload_len":1343,"flow_tot_l4_payload_len":1343,"flow_avg_l4_payload_len":1343,"midstream":0,"thread_ts_msec":1655315313991,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":35988,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"collectd.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655315313991,"flow_last_seen":1655315313991,"flow_idle_time":200000,"flow_min_l4_payload_len":1343,"flow_max_l4_payload_len":1343,"flow_tot_l4_payload_len":1343,"midstream":0,"thread_ts_msec":1655315313991,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":35988,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02247{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"collectd.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1655315313991,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1385,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1385,"pkt_l4_len":1351,"thread_ts_msec":1655315313991,"pkt":"AAAAAAAAAAAAAAAACABFAAVbgM9AAEARtsB\/AAABfwAAAYyUZOIFRwNbAAAAFWRldmxhcC5mcml0ei5ib3gAAAgADBiqhtn\/u8qjAAkADAAAAAKAAAAAAAIAC21lbW9yeQAABAALbWVtb3J5AAAFAAl1c2VkAAAGAA8AAQEAAAAAlh\/tQQAFAA1idWZmZXJlZAAABgAPAAEBAAAAAKhiwEEABQALY2FjaGVkAAAGAA8AAQEAAAAAFLfmQQAFAAlmcmVlAAAGAA8AAQEAAAAAQOK9QQAFABBzbGFiX3VucmVjbAAABgAPAAEBAAAAAIDOl0EABQAOYXZhaWxhYmxlAAAGAA8AAQEAAAAASLbrQQAFAA5zbGFiX3JlY2wAAAYADwABAQAAAAAA\/6hBAAgADBiqhtx\/ZhRUAAIACGNwdQAAAwAGMAAABAAIY3B1AAAFAAl1c2VyAAAGAA8AAQIAAAAAABac6gAIAAwYqobcf2a6WwADAAYyAAAGAA8AAQIAAAAAABQGUgAIAAwYqobcf2Z5QgADAAYxAAAGAA8AAQIAAAAAABXlMgAIAAwYqobcf2fq4wADAAYzAAAGAA8AAQIAAAAAABXmCQAIAAwYqobcf2ls0AADAAYwAAAFAAtzeXN0ZW0AAAYADwABAgAAAAAABKQvAAgADBiqhtx\/ak1hAAMABjEAAAYADwABAgAAAAAABKMvAAgADBiqhtx\/auPbAAMABjIAAAYADwABAgAAAAAABJkFAAgADBiqhtx\/auwdAAMABjMAAAYADwABAgAAAAAABIaAAAgADBiqhtx\/avZhAAMABjAAAAUACXdhaXQAAAYADwABAgAAAAAAAENoAAgADBiqhtx\/ayYTAAMABjEAAAYADwABAgAAAAAAAENqAAgADBiqhtx\/ay+GAAMABjIAAAYADwABAgAAAAAAAEY5AAgADBiqhtx\/azbWAAMABjMAAAYADwABAgAAAAAAAD4lAAgADBiqhtx\/az+lAAMABjAAAAUACW5pY2UAAAYADwABAgAAAAAAAAAmAAgADBiqhtx\/a0duAAMABjEAAAYADwABAgAAAAAAAAAxAAgADBiqhtx\/a1DeAAMABjIAAAYADwABAgAAAAAAAAArAAgADBiqhtx\/a4HiAAMABjAAAAUADmludGVycnVwdAAABgAPAAECAAAAAAABDtoACAAMGKqG3H9rm7MAAwAGMwAABgAPAAECAAAAAAAAbXsACAAMGKqG3H9rwnYAAwAGMAAABQAMc29mdGlycQAABgAPAAECAAAAAAAA6lEACAAMGKqG3H9ryqYAAwAGMQAABgAPAAECAAAAAAAAc00ACAAMGKqG3H9r0hQAAwAGMgAABgAPAAECAAAAAAAAUtAACAAMGKqG3H9rdmgAAwAGMwAABQAJbmljZQAABgAPAAECAAAAAAAAADAACAAMGKqG3H9r2UUABQAMc29mdGlycQAABgAPAAECAAAAAAAAOoIACAAMGKqG3H9rkwMAAwAGMgAABQAOaW50ZXJydXB0AAAGAA8AAQIAAAAAAADQJQAIAAwYqobcf2vh9wADAAYwAAAFAApzdGVhbAAABgAPAAECAAAAAAAAAAAACAAMGKqG3H9sELgAAwAGMgAABgAPAAECAAAAAAAAAAAACAAMGKqG3H9sBvkAAwAGMQAABgAPAAECAAAAAAAAAAAACAAMGKqG3H9sIysAAwAGMAAABQAJaWRsZQAABgAPAAECAAAAAABGWboACAAMGKqG3H9sa1QAAwAGMgAABgAPAAECAAAAAABJ1ecACAAMGKqG3H9sLP4AAwAGMQAABgAPAAECAAAAAABIA0o="}
00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"collectd.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655315313991,"flow_last_seen":1655315313991,"flow_idle_time":200000,"flow_min_l4_payload_len":1343,"flow_max_l4_payload_len":1343,"flow_tot_l4_payload_len":1343,"flow_avg_l4_payload_len":1343,"midstream":0,"thread_ts_msec":1655315313991,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":35988,"dst_port":25826,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"collectd","breed":"Acceptable","category":"System"}}
00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"collectd.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655315313991,"flow_last_seen":1655315313991,"flow_idle_time":200000,"flow_min_l4_payload_len":1343,"flow_max_l4_payload_len":1343,"flow_tot_l4_payload_len":1343,"midstream":0,"thread_ts_msec":1655315313991,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":35988,"dst_port":25826,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"collectd","breed":"Acceptable","category":"System"}}
02219{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"collectd.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1655315323990,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1365,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1365,"pkt_l4_len":1331,"thread_ts_msec":1655315323990,"pkt":"AAAAAAAAAAAAAAAACABFAAVHirVAAEARrO5\/AAABfwAAAYyUZOIFMwNHAAAAFWRldmxhcC5mcml0ei5ib3gAAAgADBiqhtx\/bHQGAAkADAAAAAKAAAAAAAIACGNwdQAAAwAGMwAABAAIY3B1AAAFAAlpZGxlAAAGAA8AAQIAAAAAAEidkAAIAAwYqobcf2pzkAACAAttZW1vcnkAAAMABQAABAALbWVtb3J5AAAFAAtjYWNoZWQAAAYADwABAQAAAADquuZBAAUACWZyZWUAAAYADwABAQAAAABg9LtBAAUADmF2YWlsYWJsZQAABgAPAAEBAAAAAGx860EABQAQc2xhYl91bnJlY2wAAAYADwABAQAAAADAzpdBAAUADnNsYWJfcmVjbAAABgAPAAEBAAAAACACqUEACAAMGKqG3H9rit0AAgAIY3B1AAADAAYxAAAEAAhjcHUAAAUADmludGVycnVwdAAABgAPAAECAAAAAAAAo6sACAAMGKqG3H9qc5AAAgALbWVtb3J5AAADAAUAAAQAC21lbW9yeQAABQANYnVmZmVyZWQAAAYADwABAQAAAACIY8BBAAUACXVzZWQAAAYADwABAQAAAAASWe1BAAgADBiqhtx\/bBifAAIACGNwdQAAAwAGMwAABAAIY3B1AAAFAApzdGVhbAAABgAPAAECAAAAAAAAAAAACAAMGKqG3v9j7tsAAwAGMAAABQAJdXNlcgAABgAPAAECAAAAAAAWnWUACAAMGKqG3v9kGvkAAwAGMwAABgAPAAECAAAAAAAV5owACAAMGKqG3v9kAsUAAwAGMQAABgAPAAECAAAAAAAV5a4ACAAMGKqG3v9kKaIAAwAGMAAABQALc3lzdGVtAAAGAA8AAQIAAAAAAASkXAAIAAwYqobe\/2Q\/lAADAAYyAAAGAA8AAQIAAAAAAASZMwAIAAwYqobe\/2QPLwAFAAl1c2VyAAAGAA8AAQIAAAAAABQGygAIAAwYqobe\/2RCiwADAAYzAAAFAAtzeXN0ZW0AAAYADwABAgAAAAAABIaoAAgADBiqht7\/ZEc5AAMABjEAAAUACXdhaXQAAAYADwABAgAAAAAAAENuAAgADBiqht7\/ZDoJAAUAC3N5c3RlbQAABgAPAAECAAAAAAAEo1oACAAMGKqG3v9kRJUAAwAGMAAABQAJd2FpdAAABgAPAAECAAAAAAAAQ2sACAAMGKqG3v9kdBkAAwAGMQAABQAJbmljZQAABgAPAAECAAAAAAAAADEACAAMGKqG3v9kTQoAAwAGMAAABgAPAAECAAAAAAAAACYACAAMGKqG3v9kd7IAAwAGMgAABgAPAAECAAAAAAAAACsACAAMGKqG3v9kegkAAwAGMwAABgAPAAECAAAAAAAAADAACAAMGKqG3v9kSxUABQAJd2FpdAAABgAPAAECAAAAAAAAPicACAAMGKqG3v9kjPIAAwAGMgAABQAOaW50ZXJydXB0AAAGAA8AAQIAAAAAAADQKgAIAAwYqobe\/2SPNAADAAYzAAAGAA8AAQIAAAAAAABtfwAIAAwYqobe\/2R86AADAAYwAAAGAA8AAQIAAAAAAAEO8QAIAAwYqobe\/2SRKwAFAAxzb2Z0aXJxAAAGAA8AAQIAAAAAAADqWgAIAAwYqobe\/2R\/CgADAAYxAAAFAA5pbnRlcnJ1cHQAAAYADwABAgAAAAAAAKOyAAgADBiqht7\/ZJVyAAMABjIAAAUADHNvZnRpcnEAAAYADwABAgAAAAAAAFLTAAgADBiqht7\/ZJMuAAMABjEAAAYADwABAgAAAAAAAHNS"}
02227{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"collectd.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1655315333991,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1371,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1371,"pkt_l4_len":1337,"thread_ts_msec":1655315333991,"pkt":"AAAAAAAAAAAAAAAACABFAAVNjPBAAEARqq1\/AAABfwAAAYyUZOIFOQNNAAAAFWRldmxhcC5mcml0ei5ib3gAAAgADBiqht7\/ZJeFAAkADAAAAAKAAAAAAAIACGNwdQAAAwAGMwAABAAIY3B1AAAFAAxzb2Z0aXJxAAAGAA8AAQIAAAAAAAA6hAAIAAwYqobe\/2SylwAFAApzdGVhbAAABgAPAAECAAAAAAAAAAAACAAMGKqG3v9kSVQAAwAGMgAABQAJd2FpdAAABgAPAAECAAAAAAAARkgACAAMGKqG3v9ksAAABQAKc3RlYWwAAAYADwABAgAAAAAAAAAAAAgADBiqht7\/ZMKYAAMABjEAAAUACWlkbGUAAAYADwABAgAAAAAASAZ5AAgADBiqht7\/ZMWkAAMABjIAAAYADwABAgAAAAAASdkKAAgADBiqht7\/ZMhRAAMABjMAAAYADwABAgAAAAAASKDCAAgADBiqht7\/ZKNFAAMABjEAAAUACnN0ZWFsAAAGAA8AAQIAAAAAAAAAAAAIAAwYqobe\/2SguQADAAYwAAAGAA8AAQIAAAAAAAAAAAAIAAwYqobe\/2S1gAAFAAlpZGxlAAAGAA8AAQIAAAAAAEZc0AAIAAwYqobe\/2oc5AACAAttZW1vcnkAAAMABQAABAALbWVtb3J5AAAFAAl1c2VkAAAGAA8AAQEAAAAAtontQQAFAA1idWZmZXJlZAAABgAPAAEBAAAAADhkwEEABQAJZnJlZQAABgAPAAEBAAAAAHDUukEABQALY2FjaGVkAAAGAA8AAQEAAAAABq7mQQAFABBzbGFiX3VucmVjbAAABgAPAAEBAAAAAEDQl0EABQAOc2xhYl9yZWNsAAAGAA8AAQEAAAAAQAOpQQAFAA5hdmFpbGFibGUAAAYADwABAQAAAAAUXOtBAAgADBiqhuF\/ZJVYAAIACGNwdQAAAwAGMAAABAAIY3B1AAAFAAl1c2VyAAAGAA8AAQIAAAAAABad0gAIAAwYqobhf2TUUQADAAYxAAAGAA8AAQIAAAAAABXmKwAIAAwYqobhf2W8mgADAAYzAAAGAA8AAQIAAAAAABXnBwAIAAwYqobhf2X1\/wADAAYwAAAFAAtzeXN0ZW0AAAYADwABAgAAAAAABKSOAAgADBiqhuF\/ZQ4SAAMABjIAAAUACXVzZXIAAAYADwABAgAAAAAAFAdJAAgADBiqhuF\/Z6HGAAMABjEAAAUAC3N5c3RlbQAABgAPAAECAAAAAAAEo4cACAAMGKqG4X9n2XUAAwAGMgAABgAPAAECAAAAAAAEmWAACAAMGKqG4X9ojcQAAwAGMAAABQAJd2FpdAAABgAPAAECAAAAAAAAQ20ACAAMGKqG4X9oFFcAAwAGMwAABQALc3lzdGVtAAAGAA8AAQIAAAAAAASGyQAIAAwYqobhf2k\/YgADAAYxAAAFAAl3YWl0AAAGAA8AAQIAAAAAAABDbwAIAAwYqobhf2nIHgADAAYyAAAGAA8AAQIAAAAAAABGSgAIAAwYqobhf2p39QADAAYwAAAFAAluaWNlAAAGAA8AAQIAAAAAAAAAJgAIAAwYqobhf2qAfQADAAYxAAAGAA8AAQIAAAAAAAAAMQAIAAwYqobhf2qRzgADAAYzAAAGAA8AAQIAAAAAAAAAMAAIAAwYqobhf2qMEQADAAYyAAAGAA8AAQIAAAAAAAAAKwAIAAwYqobhf2rtCAADAAYxAAAFAA5pbnRlcnJ1cHQAAAYADwABAgAAAAAAAKO5AAgADBiqhuF\/axE6AAMABjIAAAYADwABAgAAAAAAANAv"}
00686{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":22,"source":"collectd.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1655315218479,"flow_last_seen":1655315251746,"flow_idle_time":200000,"flow_min_l4_payload_len":1231,"flow_max_l4_payload_len":1344,"flow_tot_l4_payload_len":6534,"flow_avg_l4_payload_len":1306,"midstream":0,"thread_ts_msec":1655315403990,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54138,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"collectd","breed":"Acceptable","category":"System"}}
00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":26,"source":"collectd.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1655315218479,"flow_last_seen":1655315251746,"flow_idle_time":200000,"flow_min_l4_payload_len":1231,"flow_max_l4_payload_len":1344,"flow_tot_l4_payload_len":6534,"flow_avg_l4_payload_len":1306,"midstream":0,"thread_ts_msec":1655315433990,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54138,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"collectd","breed":"Acceptable","category":"System"}}
00688{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":34,"source":"collectd.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1655315313991,"flow_last_seen":1655315503990,"flow_idle_time":200000,"flow_min_l4_payload_len":1311,"flow_max_l4_payload_len":1346,"flow_tot_l4_payload_len":30569,"flow_avg_l4_payload_len":1329,"midstream":0,"thread_ts_msec":1655315503990,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":35988,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"collectd","breed":"Acceptable","category":"System"}}
00688{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":55,"source":"collectd.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":44,"flow_first_seen":1655315313991,"flow_last_seen":1655315683990,"flow_idle_time":200000,"flow_min_l4_payload_len":1311,"flow_max_l4_payload_len":1346,"flow_tot_l4_payload_len":58483,"flow_avg_l4_payload_len":1329,"midstream":0,"thread_ts_msec":1655315683990,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":35988,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"collectd","breed":"Acceptable","category":"System"}}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":60,"source":"collectd.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655315734133,"flow_last_seen":1655315734133,"flow_idle_time":200000,"flow_min_l4_payload_len":1334,"flow_max_l4_payload_len":1334,"flow_tot_l4_payload_len":1334,"flow_avg_l4_payload_len":1334,"midstream":0,"thread_ts_msec":1655315734133,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36832,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00690{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":22,"source":"collectd.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1655315218479,"flow_last_seen":1655315251746,"flow_idle_time":200000,"flow_min_l4_payload_len":1231,"flow_max_l4_payload_len":1344,"flow_tot_l4_payload_len":6534,"midstream":0,"thread_ts_msec":1655315403990,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54138,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"collectd","breed":"Acceptable","category":"System"}}
00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":26,"source":"collectd.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1655315218479,"flow_last_seen":1655315251746,"flow_idle_time":200000,"flow_min_l4_payload_len":1231,"flow_max_l4_payload_len":1344,"flow_tot_l4_payload_len":6534,"midstream":0,"thread_ts_msec":1655315433990,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54138,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"collectd","breed":"Acceptable","category":"System"}}
00692{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":34,"source":"collectd.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":23,"flow_dst_packets_processed":0,"flow_first_seen":1655315313991,"flow_last_seen":1655315503990,"flow_idle_time":200000,"flow_min_l4_payload_len":1311,"flow_max_l4_payload_len":1346,"flow_tot_l4_payload_len":30569,"midstream":0,"thread_ts_msec":1655315503990,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":35988,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"collectd","breed":"Acceptable","category":"System"}}
00692{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":55,"source":"collectd.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":44,"flow_dst_packets_processed":0,"flow_first_seen":1655315313991,"flow_last_seen":1655315683990,"flow_idle_time":200000,"flow_min_l4_payload_len":1311,"flow_max_l4_payload_len":1346,"flow_tot_l4_payload_len":58483,"midstream":0,"thread_ts_msec":1655315683990,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":35988,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"collectd","breed":"Acceptable","category":"System"}}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":60,"source":"collectd.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655315734133,"flow_last_seen":1655315734133,"flow_idle_time":200000,"flow_min_l4_payload_len":1334,"flow_max_l4_payload_len":1334,"flow_tot_l4_payload_len":1334,"midstream":0,"thread_ts_msec":1655315734133,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36832,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02226{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"collectd.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1655315734133,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1376,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1376,"pkt_l4_len":1342,"thread_ts_msec":1655315734133,"pkt":"AAAAAAAAAAAAAAAACABFAAVSgypAAEARtG5\/AAABfwAAAY\/gZOIFPgNSAAAAFWRldmxhcC5mcml0ei5ib3gAAAgADBiqh0MI68hQAAkADAAAAAKAAAAAAAIAC21lbW9yeQAABAALbWVtb3J5AAAFAAtjYWNoZWQAAAYADwABAQAAAADeOudBAAUACWZyZWUAAAYADwABAQAAAAAAgbhBAAUADWJ1ZmZlcmVkAAAGAA8AAQEAAAAAKHzAQQAFAA5hdmFpbGFibGUAAAYADwABAQAAAADEo+tBAAUADnNsYWJfcmVjbAAABgAPAAEBAAAAAEBJqUEABQAJdXNlZAAABgAPAAEBAAAAAPA87UEABQAQc2xhYl91bnJlY2wAAAYADwABAQAAAACA4ZdBAAgADBiqh0WIfqylAAIACGNwdQAAAwAGMAAABAAIY3B1AAAFAAl1c2VyAAAGAA8AAQIAAAAAABawWQAIAAwYqodFiH7fdQADAAYxAAAGAA8AAQIAAAAAABX5TAAIAAwYqodFiH8ZSwADAAYyAAAGAA8AAQIAAAAAABQZhwAIAAwYqodFiH+y0wADAAYxAAAFAAtzeXN0ZW0AAAYADwABAgAAAAAABKntAAgADBiqh0WIf7qeAAMABjIAAAYADwABAgAAAAAABJ\/lAAgADBiqh0WIf9wOAAMABjMAAAYADwABAgAAAAAABI1BAAgADBiqh0WIgAgcAAMABjEAAAUACXdhaXQAAAYADwABAgAAAAAAAEPAAAgADBiqh0WIgBAPAAMABjIAAAYADwABAgAAAAAAAEdRAAgADBiqh0WIf+U8AAMABjAAAAYADwABAgAAAAAAAEPlAAgADBiqh0WIf0BEAAMABjMAAAUACXVzZXIAAAYADwABAgAAAAAAFfl+AAgADBiqh0WIgBZ8AAUACXdhaXQAAAYADwABAgAAAAAAAD55AAgADBiqh0WIgBzpAAMABjAAAAUACW5pY2UAAAYADwABAgAAAAAAAAAmAAgADBiqh0WIgEZ6AAMABjIAAAYADwABAgAAAAAAAAArAAgADBiqh0WIgFc\/AAMABjAAAAUADmludGVycnVwdAAABgAPAAECAAAAAAABD\/MACAAMGKqHRYiAgLMAAwAGMgAABgAPAAECAAAAAAAA0OMACAAMGKqHRYh\/gyQAAwAGMAAABQALc3lzdGVtAAAGAA8AAQIAAAAAAASq\/AAIAAwYqodFiICRmAAFAAxzb2Z0aXJxAAAGAA8AAQIAAAAAAADr3gAIAAwYqodFiIBNyQADAAYzAAAFAAluaWNlAAAGAA8AAQIAAAAAAAAAMAAIAAwYqodFiICZhwADAAYxAAAFAAxzb2Z0aXJxAAAGAA8AAQIAAAAAAAB0EgAIAAwYqodFiICIwAADAAYzAAAFAA5pbnRlcnJ1cHQAAAYADwABAgAAAAAAAG4vAAgADBiqh0WIgMnmAAMABjAAAAUACnN0ZWFsAAAGAA8AAQIAAAAAAAAAAAAIAAwYqodFiIA7sAADAAYxAAAFAAluaWNlAAAGAA8AAQIAAAAAAAAAMQAIAAwYqodFiIDvvAADAAYyAAAFAApzdGVhbAAABgAPAAECAAAAAAAAAAAACAAMGKqHRYiA9t4AAwAGMwAABgAPAAECAAAAAAAAAAAACAAMGKqHRYiAwRUABQAMc29mdGlycQAABgAPAAECAAAAAAAAOukACAAMGKqHRYiAYIQAAwAGMQAABQAOaW50ZXJydXB0AAAGAA8AAQIAAAAAAACk0AAIAAwYqodFiIDnzgAFAApzdGVhbAAABgAPAAECAAAAAAAAAAA="}
00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"collectd.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655315734133,"flow_last_seen":1655315734133,"flow_idle_time":200000,"flow_min_l4_payload_len":1334,"flow_max_l4_payload_len":1334,"flow_tot_l4_payload_len":1334,"flow_avg_l4_payload_len":1334,"midstream":0,"thread_ts_msec":1655315734133,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36832,"dst_port":25826,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"collectd","breed":"Acceptable","category":"System"}}
00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"collectd.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655315734133,"flow_last_seen":1655315734133,"flow_idle_time":200000,"flow_min_l4_payload_len":1334,"flow_max_l4_payload_len":1334,"flow_tot_l4_payload_len":1334,"midstream":0,"thread_ts_msec":1655315734133,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36832,"dst_port":25826,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"collectd","breed":"Acceptable","category":"System"}}
02203{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"collectd.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1655315744133,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1362,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1362,"pkt_l4_len":1328,"thread_ts_msec":1655315744133,"pkt":"AAAAAAAAAAAAAAAACABFAAVEhDdAAEARs29\/AAABfwAAAY\/gZOIFMANEAAAAFWRldmxhcC5mcml0ei5ib3gAAAgADBiqh0WIgKHRAAkADAAAAAKAAAAAAAIACGNwdQAAAwAGMgAABAAIY3B1AAAFAAxzb2Z0aXJxAAAGAA8AAQIAAAAAAABTPAAIAAwYqodFiIOdBwACAAttZW1vcnkAAAMABQAABAALbWVtb3J5AAAFAAl1c2VkAAAGAA8AAQEAAAAAoGDtQQAFAA1idWZmZXJlZAAABgAPAAEBAAAAANB8wEEABQALY2FjaGVkAAAGAA8AAQEAAAAAaj7nQQAFAAlmcmVlAAAGAA8AAQEAAAAAQEW3QQAFAA5hdmFpbGFibGUAAAYADwABAQAAAAAUgOtBAAUAEHNsYWJfdW5yZWNsAAAGAA8AAQEAAAAAQNqXQQAFAA5zbGFiX3JlY2wAAAYADwABAQAAAABgSqlBAAgADBiqh0WIgTDLAAIACGNwdQAAAwAGMwAABAAIY3B1AAAFAAlpZGxlAAAGAA8AAQIAAAAAAEklFQAIAAwYqodFiIEhWgADAAYxAAAGAA8AAQIAAAAAAEiJggAIAAwYqodFiIEpPwADAAYyAAAGAA8AAQIAAAAAAEpc4AAIAAwYqodFiIEZKAADAAYwAAAGAA8AAQIAAAAAAEbfpQAIAAwYqodICH80ewAFAAl1c2VyAAAGAA8AAQIAAAAAABaw1AAIAAwYqodICH91uQADAAYxAAAGAA8AAQIAAAAAABX5xwAIAAwYqodICIAQ0QADAAYwAAAFAAtzeXN0ZW0AAAYADwABAgAAAAAABKsuAAgADBiqh0gIgFQ+AAMABjIAAAYADwABAgAAAAAABKAUAAgADBiqh0gIgEmkAAMABjEAAAYADwABAgAAAAAABKofAAgADBiqh0gIgF6NAAMABjMAAAYADwABAgAAAAAABI1xAAgADBiqh0gIf+ECAAUACXVzZXIAAAYADwABAgAAAAAAFfn5AAgADBiqh0gIgGnkAAMABjAAAAUACXdhaXQAAAYADwABAgAAAAAAAEPnAAgADBiqh0gIgMRWAAMABjEAAAYADwABAgAAAAAAAEPBAAgADBiqh0gIgNdDAAMABjMAAAYADwABAgAAAAAAAD58AAgADBiqh0gIgO5RAAMABjIAAAUACW5pY2UAAAYADwABAgAAAAAAAAArAAgADBiqh0gIgOBWAAMABjAAAAYADwABAgAAAAAAAAAmAAgADBiqh0gIgOc0AAMABjEAAAYADwABAgAAAAAAAAAxAAgADBiqh0gIgRLpAAMABjMAAAYADwABAgAAAAAAAAAwAAgADBiqh0gIgSllAAMABjEAAAUADmludGVycnVwdAAABgAPAAECAAAAAAAApNkACAAMGKqHSAiBOJYAAwAGMwAABgAPAAECAAAAAAAAbjQACAAMGKqHSAiBYGMAAwAGMAAABQAMc29mdGlycQAABgAPAAECAAAAAAAA6+YACAAMGKqHSAh\/nGIAAwAGMgAABQAJdXNlcgAABgAPAAECAAAAAAAUGgQACAAMGKqHSAiBZ\/8AAwAGMQAABQAMc29mdGlycQAABgAPAAECAAAAAAAAdBwACAAMGKqHSAiAzz8AAwAGMgAABQAJd2FpdAAABgAPAAECAAAAAAAAR1UACAAMGKqHSAiBe7cAAwAGMwAABQAMc29mdGlycQAABgAPAAECAAAAAAAAOuwACAAMGKqHSAiBhSgAAwAGMAAABQAKc3RlYWwAAAYADwABAgAAAAAAAAAA"}
02212{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"collectd.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1655315754132,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1368,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1368,"pkt_l4_len":1334,"thread_ts_msec":1655315754132,"pkt":"AAAAAAAAAAAAAAAACABFAAVKil5AAEARrUJ\/AAABfwAAAY\/gZOIFNgNKAAAAFWRldmxhcC5mcml0ei5ib3gAAAgADBiqh0gIgY30AAkADAAAAAKAAAAAAAIACGNwdQAAAwAGMQAABAAIY3B1AAAFAApzdGVhbAAABgAPAAECAAAAAAAAAAAACAAMGKqHSAiByMEAAwAGMwAABgAPAAECAAAAAAAAAAAACAAMGKqHSAiBcUEAAwAGMgAABQAMc29mdGlycQAABgAPAAECAAAAAAAAUz8ACAAMGKqHSAiB0JMAAwAGMAAABQAJaWRsZQAABgAPAAECAAAAAABG4skACAAMGKqHSAiB3pAAAwAGMgAABgAPAAECAAAAAABKYAwACAAMGKqHSAiB1uQAAwAGMQAABgAPAAECAAAAAABIjKAACAAMGKqHSAiB5qEAAwAGMwAABgAPAAECAAAAAABJKEEACAAMGKqHSAiDZ5YAAgALbWVtb3J5AAADAAUAAAQAC21lbW9yeQAABQAJdXNlZAAABgAPAAEBAAAAAGaR7UEABQANYnVmZmVyZWQAAAYADwABAQAAAABgfcBBAAgADBiqh0gIgR9KAAIACGNwdQAAAwAGMAAABAAIY3B1AAAFAA5pbnRlcnJ1cHQAAAYADwABAgAAAAAAAQ\/5AAgADBiqh0gIg2eWAAIAC21lbW9yeQAAAwAFAAAEAAttZW1vcnkAAAUAC2NhY2hlZAAABgAPAAEBAAAAABRC50EACAAMGKqHSAiBMQAAAgAIY3B1AAADAAYyAAAEAAhjcHUAAAUADmludGVycnVwdAAABgAPAAECAAAAAAAA0OkACAAMGKqHSAiDZ5YAAgALbWVtb3J5AAADAAUAAAQAC21lbW9yeQAABQAQc2xhYl91bnJlY2wAAAYADwABAQAAAADA25dBAAgADBiqh0gIgb+WAAIACGNwdQAAAwAGMgAABAAIY3B1AAAFAApzdGVhbAAABgAPAAECAAAAAAAAAAAACAAMGKqHSAiDZ5YAAgALbWVtb3J5AAADAAUAAAQAC21lbW9yeQAABQAOYXZhaWxhYmxlAAAGAA8AAQEAAAAA6E7rQQAFAAlmcmVlAAAGAA8AAQEAAAAAwJ+1QQAFAA5zbGFiX3JlY2wAAAYADwABAQAAAAAgTKlBAAgADBiqh0qIftQ9AAIACGNwdQAAAwAGMAAABAAIY3B1AAAFAAl1c2VyAAAGAA8AAQIAAAAAABaxWwAIAAwYqodKiH8nRwADAAYxAAAGAA8AAQIAAAAAABX6SQAIAAwYqodKiH9osQADAAYyAAAGAA8AAQIAAAAAABQajAAIAAwYqodKiH+V7gADAAYzAAAGAA8AAQIAAAAAABX6jAAIAAwYqodKiH\/NZwADAAYwAAAFAAtzeXN0ZW0AAAYADwABAgAAAAAABKtmAAgADBiqh0qIgA6xAAMABjEAAAYADwABAgAAAAAABKpXAAgADBiqh0qIgBbKAAMABjIAAAYADwABAgAAAAAABKBGAAgADBiqh0qIgB0cAAMABjMAAAYADwABAgAAAAAABI2rAAgADBiqh0qIgCfPAAMABjAAAAUACXdhaXQAAAYADwABAgAAAAAAAEPsAAgADBiqh0qIgC9\/AAMABjEAAAYADwABAgAAAAAAAEPBAAgADBiqh0qIgDfpAAMABjIAAAYADwABAgAAAAAAAEdVAAgADBiqh0qIgD96AAMABjMAAAYADwABAgAAAAAAAD6AAAgADBiqh0qIgEcAAAMABjAAAAUACW5pY2UAAAYADwABAgAAAAAAAAAm"}
00556{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":70,"source":"collectd.pcap","alias":"nDPId-test","packets-captured":70,"packets-processed":69,"total-skipped-flows":0,"total-l4-payload-len":90410,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":5,"total-detection-updates":0,"total-updates":3,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":44,"global_ts_msec":1655315824133}
00687{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":76,"source":"collectd.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":49,"flow_first_seen":1655315313991,"flow_last_seen":1655315720484,"flow_idle_time":200000,"flow_min_l4_payload_len":151,"flow_max_l4_payload_len":1346,"flow_tot_l4_payload_len":63954,"flow_avg_l4_payload_len":1305,"midstream":0,"thread_ts_msec":1655315864132,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":35988,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"collectd","breed":"Acceptable","category":"System"}}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"collectd.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655316151465,"flow_last_seen":1655316151465,"flow_idle_time":200000,"flow_min_l4_payload_len":1366,"flow_max_l4_payload_len":1366,"flow_tot_l4_payload_len":1366,"flow_avg_l4_payload_len":1366,"midstream":0,"thread_ts_msec":1655316151465,"l3_proto":"ip4","src_ip":"192.168.178.35","dst_ip":"239.192.74.66","src_port":39576,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00691{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":76,"source":"collectd.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":49,"flow_dst_packets_processed":0,"flow_first_seen":1655315313991,"flow_last_seen":1655315720484,"flow_idle_time":200000,"flow_min_l4_payload_len":151,"flow_max_l4_payload_len":1346,"flow_tot_l4_payload_len":63954,"midstream":0,"thread_ts_msec":1655315864132,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":35988,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"collectd","breed":"Acceptable","category":"System"}}
00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"collectd.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655316151465,"flow_last_seen":1655316151465,"flow_idle_time":200000,"flow_min_l4_payload_len":1366,"flow_max_l4_payload_len":1366,"flow_tot_l4_payload_len":1366,"midstream":0,"thread_ts_msec":1655316151465,"l3_proto":"ip4","src_ip":"192.168.178.35","dst_ip":"239.192.74.66","src_port":39576,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02293{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"collectd.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1655316151465,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1408,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1408,"pkt_l4_len":1374,"thread_ts_msec":1655316151465,"pkt":"AAAAAAAAAAAAAAAACABFAAVysRJAAAERFprAqLIj78BKQpqYZOIFXrI+AhAFVgAEdXNlcsEiWwf\/ecmHq20KMKY60TNgWTifxhUWZCzzOonut\/nBLF1H9\/qjrU5R7\/H5O\/9DCfuI7YKK9r+lg3rOUKcDtnx6k3gtNCOgHQsqM7rGW+eN33S1hv\/QWiqJh22vfUfr7Wz7pYGKApBiZvpQtTEhc5hAetf3FPDtHKTWmaIAv9tpMJ\/C1iMPcZFdIsr2dDPokYbKhkO7YK1VgRFBm2eTLctpolFTqtNDbNm7ZZj+J4aMD2mZJnGIwYcXGtrkRXSRyBums+W0\/jz8zVPv3F9mqHBPDINnDWvpLDLobIdObIJno8I9jJWIUvexsFajL\/Ozn6gm5h5Bbary3bFaI1eTK9\/2PtGLDA75C4TnHGlqTybsnLPrgfJgwREyLUHKyyjysSqq3nmcDjg2jxv7jB\/7C1x4ERVxqcLGWKVSyPtJGgd833gDOhBdG4xbUSAQLAZ93ZhNhqDYpSH1iLu4WeSFrvXELH+6cym0Y6TgPbHb995Xd4eeznstGpKVPXUMBMYKyolrAJf5IhADYmfwsVbHYwmMY4b+7dLe8Xm4J6pnNHkCQ8D8q\/xlIjpnUrS9OVed\/2DlDBS1QStbE\/5D9qtP1vKoQWi7aNQljNk4LIQq71gjvpOQoYs5A2fU7jqs5Cj7g1YVzvRN1szG+q0InctAJFWNqveI4E4VlH\/arcTeRtG6STEypPhnpvREi8Y1HMoKqCoQ2XNXh6LreKH8j13m7n5IUINrWLGczoOvwh46DPuvBo2KGeZrJslABigBIDcj82i9s8gLnjLw9\/JZ2x7gkouGNhGSwI6E+HHJlTbRNuUsv\/6rZpEcDEihG4n3z7Vt80LO+ANJQ1PEO96u3kHeqsvkky84XapbdS3hpG\/ZxbNSNY8nK4OCSOQQ8HmKfoJVs6uDOBd\/wp2958CwlilWA+S7vIiQ1XgDMWkpnLBj0SxBkzaVjTocJQTqqyWTwe3IhhIJv81ISkko8HlqeLw6ucXInaAjACXZe+tWeEVUOeFlwkGIIzC1N4S0VtZ61SexhHWzr\/i9+G9ZKKsehcu3XJBgh1f60wB6VdfrKhuC5O+DjSawaWC4SpBpu+HXc5ivM+uiz5tYgYFHvZZNAX520+pU7SYW1nlm8z8\/p7hrSy4or4XEkX6alUhb2dPGHzFD8JaAiNPkifbtDixhZdVcES3WwpR0Ee8a2+96wN6EZWNgwUs7rB2p7yVJHR76cDlQ4Kn2ZsRDtijNF38f24MQDLxP4V3sCe2kxcWUIAwjR6dboGGToHbd4gC7kvh\/FM9CeCXw8edRrjHiX4wnTLxVl9Tka0gXAevnElxIQ6DbX8f3r7039o6XRuqpxn0ACZ1UjAWdNP5AnrGPEDhQYcbCL1rrIoiDXNbcbYfPGBMR0rENIqKDB4er0OJ0AMEmws1dKMgg8kdYXjcu2lTLVY4\/4d9fGNXECu0E+IBVi1I\/a05N27robtMnHhQS3RLkMgdw2UHSJmRpgA2AeN7d5fzdRb1cndtHczkpZ4DqnETqYT245MmiMyzhppvI8TfDhCd1ynjvTf\/tCkooHN2LdiiRy3Nwel6jnMS4sDovy8cCEn9qicofWJUG7y5a\/VIh54v0RwEEnumWw\/ZdPXVhbMfahFcQa0uAqmRQ+1dUag87w7YOq0bDC6ojsLdQ0XEWCC562cwnsSkgbZ5fTl3ZKIGjfA5C2IbcoLoeLIRL87MyrjfoqdSbenCEN1JHvCKm8MwRfUxtBnRG6JvCJKg82EHDqygdxWBY5xyz+WlvhZcsZvu\/jKGESQRQiW2wuv9DlwnzHiLS\/qJ\/XT4Fpxe9+g=="}
00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":77,"source":"collectd.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655316151465,"flow_last_seen":1655316151465,"flow_idle_time":200000,"flow_min_l4_payload_len":1366,"flow_max_l4_payload_len":1366,"flow_tot_l4_payload_len":1366,"flow_avg_l4_payload_len":1366,"midstream":0,"thread_ts_msec":1655316151465,"l3_proto":"ip4","src_ip":"192.168.178.35","dst_ip":"239.192.74.66","src_port":39576,"dst_port":25826,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"collectd","breed":"Acceptable","category":"System"}}
00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":77,"source":"collectd.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655316151465,"flow_last_seen":1655316151465,"flow_idle_time":200000,"flow_min_l4_payload_len":1366,"flow_max_l4_payload_len":1366,"flow_tot_l4_payload_len":1366,"midstream":0,"thread_ts_msec":1655316151465,"l3_proto":"ip4","src_ip":"192.168.178.35","dst_ip":"239.192.74.66","src_port":39576,"dst_port":25826,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"collectd","breed":"Acceptable","category":"System"}}
02311{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"collectd.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1655316161464,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1421,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1421,"pkt_l4_len":1387,"thread_ts_msec":1655316161464,"pkt":"AAAAAAAAAAAAAAAACABFAAV\/vHhAAAERCyfAqLIj78BKQpqYZOIFa7JLAhAFYwAEdXNlcoHTTu4jDT4spb1CiaNx+5RTDn8Im\/b94mza+2Tq7cMtskMUVXsMv7dZrJRMmMzbyIK4\/km4yyqNNo6Poo9ByCjRVFMTyyPT\/UT2wKYuzh4+P0AJOUuUlATRprrQzSelw1AlOIvvmScBLdJq7WdxmPSnFa+zKFXMmGiPwTbEIhRIPKuq6S\/J\/VyKO3TxoPwnfcaDGc1KsY1GQLAh8sJqmpR0mYJfLV75vjpe4BcGt05Cnd+IWZgAztagytrBIM67+fRSi+NiaoAAQpWqyiuvWgY+CLskTaKtEF8h9wSZvnYkCvPPKR0QSE7G+pK5ES0eFNWa+1eDOmZkEDc1i9Wj7VXdjo5fJEx2\/3IiiB5UNUGTEeK4mBP6SjM7aEQIBDgv6yGncYgbJv8lkxADwb4mixhSUEWeYIubY\/sjGLQuw+fno\/2V+FW3Or9qBqHt+jO2vbYAxL9De0l+X3mnWnnx9LA9D+EoBhRdQDAU8SwAPcO1nZKxtFVQEmYy4Ev5LD0cRTFUaFM\/TT1FIeO5lYZFNMEjbS0KR0At8kgASX4oE7iy0XJ62uujxcsFMzYaO+OeOclbqIYffC2RUQoXHJqger6nAAImbXnsl0Yu4PPBMgM1eSPtDbfOvyzkhWVDpQqFL0LaOIEfpgSggVDv\/dRk429TrRIFmsQNebxtKbgHn4Xilk2CHRzWTnQD8KPkFiM7RqUaeUcryC+E6juG7jhKTS2dMrdCP03tVnzDWmFRMXGxeDwPJof0pZKwYTbHyjtsI3L9tcxhKGsoD783Ic7IKBLSuy7jdJS1fuIal+iS4AA86NKOIbIz0ec024giNvfBZ575HrChKJmkSP9+nn1UgAEiXNDvy+17p0soQ2LGYrQl0sDFFpGPCX2EXfF25UFPEuMufWJFRn3lIoFaiX7jBeJ5U56cCUIYcD694Kx8BdhTqml2kv7AfwspY+rpzfse8SABjZl8CmbZDe5pG\/2\/G4uMvHE6tBlZKUmIs8c79lUh\/pCUYntjfiF+pjszE+pUzy7FY4DPb+vEcK0xgXO5+0tqMWWVfPzZY8scxbejQR\/4RTVAAwFe3Ax5LD\/us75Xy9NPkHrAZmiG8gUerFYEHE\/M9i5uXtZyc2a08fzqQI\/Eao\/ha4UWXeCRPgKFAupttiZJlo5JGqa8vqGgJPEfEyyylaxzkrdOaUFGxae\/cVO6WvuneM3yJBdYJ8msDBdSJFHRYHjw2OQiK9UbaMSIfdvz7Awe7E2DL\/XyeMKXUeNTlmmM5gyC+pdg1dgvm84WqRyGkpSOQCYFN65RDtXyAefYnqxgbi0O6SqvI17JBkSRrDCeLoSL3NEDK3WWVZ2PcO7jpMhUMF56E\/+HC8STbZE7RMrn2q1cgV+GXyL4ibIgw52TOUUs7qd05Gz\/mi9lHH\/cjJwlNio31+o7dkfGyGyrqz7wUjQZLJq3XWe8CW7UizPU3BncynHVyPZq3+200q8BC+YvCmkLGpGrzc0\/+RWrT+5baFlh\/eIx8nfYhIaDYZFesVK5X4LKsKg6crpIT1EXpf4GdAV277Djc7GYAc9NdQYCDpZfWmEPzTeHXX4IaFXJkBSvrKgylFjgJ\/YrCXjYVM\/7o19QhFgWiV+dbHO8pjEOtvj8B1GsTi\/BKa2wXNb+8mOW9Dh\/9YmdegyUenEoJ4bzIVQ\/5DFAjYNOMTX7CIWFcQV32FgTHjBJ2gFgj22S7oAUJPSo7Vz\/NPjvKSTYKGiPpAiOVtKpLbeA60g7lfqjHStCz9vEIFJC15nxTsveOnho3UiCyRNSbUJKU1ATcf3IBYMl9FCC1+2GCqtOZW0NY1ovxgU="}
00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":79,"source":"collectd.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":49,"flow_first_seen":1655315313991,"flow_last_seen":1655315720484,"flow_idle_time":200000,"flow_min_l4_payload_len":151,"flow_max_l4_payload_len":1346,"flow_tot_l4_payload_len":63954,"flow_avg_l4_payload_len":1305,"midstream":0,"thread_ts_msec":1655316161464,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":35988,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"collectd","breed":"Acceptable","category":"System"}}
00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":79,"source":"collectd.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1655315734133,"flow_last_seen":1655315868800,"flow_idle_time":200000,"flow_min_l4_payload_len":882,"flow_max_l4_payload_len":1342,"flow_tot_l4_payload_len":22041,"flow_avg_l4_payload_len":1296,"midstream":0,"thread_ts_msec":1655316161464,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36832,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"collectd","breed":"Acceptable","category":"System"}}
00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":79,"source":"collectd.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":49,"flow_dst_packets_processed":0,"flow_first_seen":1655315313991,"flow_last_seen":1655315720484,"flow_idle_time":200000,"flow_min_l4_payload_len":151,"flow_max_l4_payload_len":1346,"flow_tot_l4_payload_len":63954,"midstream":0,"thread_ts_msec":1655316161464,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":35988,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"collectd","breed":"Acceptable","category":"System"}}
00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":79,"source":"collectd.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":0,"flow_first_seen":1655315734133,"flow_last_seen":1655315868800,"flow_idle_time":200000,"flow_min_l4_payload_len":882,"flow_max_l4_payload_len":1342,"flow_tot_l4_payload_len":22041,"midstream":0,"thread_ts_msec":1655316161464,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36832,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"collectd","breed":"Acceptable","category":"System"}}
02320{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"collectd.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1655316171464,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1434,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1434,"pkt_l4_len":1400,"thread_ts_msec":1655316171464,"pkt":"AAAAAAAAAAAAAAAACABFAAWMwzhAAAERBFrAqLIj78BKQpqYZOIFeLJYAhAFcAAEdXNlcid4w6halbvXS613MX5H51i+nDzaEWkA1VmugP8ABM5xryT\/nH\/vwU2Taojp1kKL2hrGHv0CQBfbLyDZQIw25R5Y7WOAHgQ6IMdV2Q15UvYZZHiZdFDb7AXtZjCHYww\/pZtLpAofcLVJnk+RyLZSqcqADyQ2f46Ho0jVLCz8ioU9SFecatQnEdr43X\/5Al5RG9CIVCm7hvP2jE7HDrP8HsnKwC7MkWWO+h8NZIHYs88z00xAsYnVZJ6iUya5W4VoShVoESpu9tOpgEENAy0y1\/T2ebTBJ8GVq\/9m8TbLNKq9enpKxMosHCvUiEUcsdJF9\/NgXCv425Qb9McHLBVRtkvQ5K5ZuFFub2yn+Muu7vyFIbrl8KnCKB0O0BcJI0E4Ml8gSEuYZi4lHgF64H2JqiFhuQlqEjOR7vcXoE9fITH7IeQHixZ6ByxHOc9cMOLUC1JQmVQqJaSOGLnKxLq9tvIl16Rl\/4TFskTLim1On\/MQ0m0CnBfUvs54FBGtig6jvjePsw5LH5BsN3aQN0ydNYkSxm1BPTHyMbQtIJWT6jw+L0uz1DvQpjzc4RcX7o12T9yXPGTmO7W6BnWLgiIHFmK8TkO5nxY8G89PFe9hR9WrmdFFiLtVQPVJf7ENe6zHG\/2H33iJTJ4WLBh6gAGpUQbmckVksY2eXX7NHoIQFh96dAEzI5Uq7lAAysra8IeGHGeVTOuX0qXUANkBV9MvnXi2Sv1xFNTDS+l+qYURumUgEy9IWQnpwd0YDFPMVMaNE6a4WWC+WR25LgETzjPKh2N4X2C4vH+Sj81sRqfQW4fEJz2SbwyiM4LNTvfzllFIOcETpkT0PNrUJhZ9RkbZcrFuhK5GPnAOOlI93\/6Dy6gL6LHfz0ha2rGej\/yfvsGmiVdtT48gm+maRs\/4BmXetTEhuj1sevyAPjnjkpKPJKIUT26r7UHHLP4ueFCDDP421Dntl\/szsHpYKetXMWMWV6wcodHYjVNSZUoWGtdu7pg06SV69wiC2hi9IfHv8aS2ycQ1KaD3OGcp0uUksh8BkimCFB1hYWbRTUEqzpum0AmXV7qAZtZwDPK+fg8FmayZWTSqSORiCbSXPn3datjeA\/S8P0qOYJvvSK\/Jqnh5OXXe7UJ4+ReS\/Tp5APmi3t2Gf31eqGua0fKEuDgc44bhVUUUGFdftYdcyXnQ0YzAlbdvM3u5hNkJ3Ch+CQaEndN47jNTzhOTvEga6AZ2zgQ4Dyf4GFQPNAw4JGDbYs308hjGafMwkPR8Z9FKuhJ6GoJLzKZV8ys+pcCFLPJbEJHig27gbbKD7ZFre\/nk6mMszf98vHdBDrzqHFjjeEPXz3ejznu8ifYD42gc1YANDtPsgnGU3hA+MSbcLdHUiCGAPF33svO+jzSd6GTY9ejDa2G1BXZw9nTi35b3aYqiH19hqz8yJ7WMPfCBkW4bv9XCKQagsLDMEva9cko3kdccurIqJCjTRDc6SjjtO+4iqLDhC3EKdFmxHpDCfelDkdDcNb1knb4u0aodpInw+qBRqH6L+FOsszUtJ16pCENKJDAG5yRgdTAF\/YSkTW82VRXU8\/985HVLLLM4Zaq1NMYpaN8OogkG7TxqnhPgIY57Fi9+jhIxuy1V1kkomKSycuZXc9ZEAuNCSDWdCaoLSkFZOVx6OEaSJvmSK02QT9RA8ytnVXVgmOqcsgeg9tJprKYtXmF3nYrOqgdi8PX\/bMaAdxzzgX410QIdeFWu\/81QoVE7NTemALBRfg0W0\/HHCndMie3SK3O5RE5HSjup\/JzXQWL5spu8mQXoIPO\/+8d0nrCpsULdDch57rECCbIrYvNQvEneLQwoMVDV"}
00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":81,"source":"collectd.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1655316151465,"flow_last_seen":1655316182371,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1392,"flow_tot_l4_payload_len":6745,"flow_avg_l4_payload_len":1349,"midstream":0,"thread_ts_msec":1655316182371,"l3_proto":"ip4","src_ip":"192.168.178.35","dst_ip":"239.192.74.66","src_port":39576,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"collectd","breed":"Acceptable","category":"System"}}
00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":81,"source":"collectd.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1655316151465,"flow_last_seen":1655316182371,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1392,"flow_tot_l4_payload_len":6745,"midstream":0,"thread_ts_msec":1655316182371,"l3_proto":"ip4","src_ip":"192.168.178.35","dst_ip":"239.192.74.66","src_port":39576,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"collectd","breed":"Acceptable","category":"System"}}
00559{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":81,"source":"collectd.pcap","alias":"nDPId-test","packets-captured":81,"packets-processed":81,"total-skipped-flows":0,"total-l4-payload-len":105984,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":6,"total-detection-updates":0,"total-updates":4,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":54,"global_ts_msec":1655316182371}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 81/81
@@ -60,8 +60,8 @@
~~ total active/idle flows...: 9/9
~~ total timeout flows.......: 3
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6013822 bytes
~~ total memory freed........: 6013822 bytes
~~ total memory allocated....: 6013894 bytes
~~ total memory freed........: 6013894 bytes
~~ total allocations/frees...: 120986/120986
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 464 chars

26
test/results/corba.pcap.out
View File

@@ -1,23 +1,23 @@
00456{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"corba.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00545{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"corba.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1614768020788}
00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"corba.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614768020789,"flow_last_seen":1614768020789,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614768020789,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":8726,"dst_port":900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"corba.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614768020789,"flow_last_seen":1614768020789,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614768020789,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":8726,"dst_port":900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"corba.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1614768020789,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614768020789,"pkt":"5kBKB+riApXG95NLCABFAAAwnOsAAIAGAAAKZQACCmYAAiIWA4SwjQfnAAAAAHACgAEU8QAAAgQFtAMDAQA="}
00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"corba.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1614768020790,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614768020790,"pkt":"ApXG95NL5kBKB+riCABFAAAwnN4AAH8GihsKZgACCmUAAgOEIhawjRxgsI0H6HASgAFEQgAAAgQFtAMDAQA="}
00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"corba.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1614768020790,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1614768020790,"pkt":"5kBKB+riApXG95NLCABFAAAonOwAAIAGAAAKZQACCmYAAiIWA4SwjQfosI0cYVAQgAEU6QAAAAAAAAAA"}
00628{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"corba.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614768020789,"flow_last_seen":1614768020790,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":268,"flow_tot_l4_payload_len":268,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1614768020790,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":8726,"dst_port":900,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Corba","breed":"Acceptable","category":"RPC"}}
00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"corba.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614768020792,"flow_last_seen":1614768020792,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614768020792,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":8727,"dst_port":1049,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"corba.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1614768020789,"flow_last_seen":1614768020790,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":268,"flow_tot_l4_payload_len":268,"midstream":0,"thread_ts_msec":1614768020790,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":8726,"dst_port":900,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Corba","breed":"Acceptable","category":"RPC"}}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"corba.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614768020792,"flow_last_seen":1614768020792,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614768020792,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":8727,"dst_port":1049,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"corba.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1614768020792,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614768020792,"pkt":"5kBKB+riApXG95NLCABFAAAwnO8AAIAGAAAKZQACCmYAAiIXBBmwjThoAAAAAHACgAEU8QAAAgQFtAMDAQA="}
00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"corba.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1614768020793,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614768020793,"pkt":"ApXG95NL5kBKB+riCABFAAAwnOEAAH8GihgKZgACCmUAAgQZIhewjUFJsI04aXASgAHuQQAAAgQFtAMDAQA="}
00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"corba.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1614768020793,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1614768020793,"pkt":"5kBKB+riApXG95NLCABFAAAonPAAAIAGAAAKZQACCmYAAiIXBBmwjThpsI1BSlAQgAEU6QAAAAAAAAAA"}
00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"corba.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614768020792,"flow_last_seen":1614768020793,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":383,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1614768020793,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":8727,"dst_port":1049,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Corba","breed":"Acceptable","category":"RPC"}}
00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"corba.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614768020794,"flow_last_seen":1614768020794,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614768020794,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":8728,"dst_port":61191,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"corba.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1614768020792,"flow_last_seen":1614768020793,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":383,"midstream":0,"thread_ts_msec":1614768020793,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":8727,"dst_port":1049,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Corba","breed":"Acceptable","category":"RPC"}}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"corba.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614768020794,"flow_last_seen":1614768020794,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614768020794,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":8728,"dst_port":61191,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"corba.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1614768020794,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614768020794,"pkt":"5kBKB+riApXG95NLCABFAAAwnPQAAIAGAAAKZQACCmYAAiIY7wewjV4NAAAAAHACgAEU8QAAAgQFtAMDAQA="}
00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"corba.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1614768020795,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614768020795,"pkt":"ApXG95NL5kBKB+riCABFAAAwnOUAAH8GihQKZgACCmUAAu8HIhiwjWV0sI1eDnASgAG5gQAAAgQFtAMDAQA="}
00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"corba.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1614768020795,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1614768020795,"pkt":"5kBKB+riApXG95NLCABFAAAonPUAAIAGAAAKZQACCmYAAiIY7wewjV4OsI1ldVAQgAEU6QAAAAAAAAAA"}
00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"corba.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614768020794,"flow_last_seen":1614768020795,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":322,"flow_tot_l4_payload_len":322,"flow_avg_l4_payload_len":80,"midstream":0,"thread_ts_msec":1614768020795,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":8728,"dst_port":61191,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Corba","breed":"Acceptable","category":"RPC"}}
00668{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":25,"source":"corba.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1614768020789,"flow_last_seen":1614768020792,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":494,"flow_tot_l4_payload_len":762,"flow_avg_l4_payload_len":108,"midstream":0,"thread_ts_msec":1614768020795,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":8726,"dst_port":900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Corba","breed":"Acceptable","category":"RPC"}}
00670{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":25,"source":"corba.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1614768020792,"flow_last_seen":1614768020794,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":1047,"flow_avg_l4_payload_len":116,"midstream":0,"thread_ts_msec":1614768020795,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":8727,"dst_port":1049,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Corba","breed":"Acceptable","category":"RPC"}}
00669{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":25,"source":"corba.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1614768020794,"flow_last_seen":1614768020795,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":322,"flow_tot_l4_payload_len":588,"flow_avg_l4_payload_len":98,"midstream":0,"thread_ts_msec":1614768020795,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":8728,"dst_port":61191,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Corba","breed":"Acceptable","category":"RPC"}}
00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"corba.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1614768020794,"flow_last_seen":1614768020795,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":322,"flow_tot_l4_payload_len":322,"midstream":0,"thread_ts_msec":1614768020795,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":8728,"dst_port":61191,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Corba","breed":"Acceptable","category":"RPC"}}
00673{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":25,"source":"corba.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1614768020789,"flow_last_seen":1614768020792,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":494,"flow_tot_l4_payload_len":762,"midstream":0,"thread_ts_msec":1614768020795,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":8726,"dst_port":900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Corba","breed":"Acceptable","category":"RPC"}}
00675{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":25,"source":"corba.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1614768020792,"flow_last_seen":1614768020794,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":1047,"midstream":0,"thread_ts_msec":1614768020795,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":8727,"dst_port":1049,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Corba","breed":"Acceptable","category":"RPC"}}
00675{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":25,"source":"corba.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1614768020794,"flow_last_seen":1614768020795,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":322,"flow_tot_l4_payload_len":588,"midstream":0,"thread_ts_msec":1614768020795,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":8728,"dst_port":61191,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Corba","breed":"Acceptable","category":"RPC"}}
00554{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":25,"source":"corba.pcap","alias":"nDPId-test","packets-captured":25,"packets-processed":22,"total-skipped-flows":0,"total-l4-payload-len":2397,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_msec":1614768020795}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 25/22
@@ -27,10 +27,10 @@
~~ total active/idle flows...: 3/3
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6011979 bytes
~~ total memory freed........: 6011979 bytes
~~ total memory allocated....: 6012003 bytes
~~ total memory freed........: 6012003 bytes
~~ total allocations/frees...: 120909/120909
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 459 chars
~~ json string max len.......: 675 chars
~~ json string avg len.......: 565 chars
~~ json string max len.......: 680 chars
~~ json string avg len.......: 567 chars

14
test/results/cpha.pcap.out
View File

@@ -1,9 +1,9 @@
00455{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cpha.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00544{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cpha.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1603354463286}
00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cpha.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603354463286,"flow_last_seen":1603354463286,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1603354463286,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"172.21.3.0","src_port":8116,"dst_port":8116,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cpha.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603354463286,"flow_last_seen":1603354463286,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"midstream":0,"thread_ts_msec":1603354463286,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"172.21.3.0","src_port":8116,"dst_port":8116,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cpha.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1603354463286,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":96,"pkt_l4_len":58,"thread_ts_msec":1603354463286,"pkt":"AQBeFQMBAAAAAAEBgQAAFQgARQAATgAAAAD\/EQyKAAAAAKwVAwAftB+0ADpJ\/BqQDDEnhQABABZ5PgAB\/\/7gSgEAAAIAAQAACAoAAgADAAQAAAIECQAAAAkAAAAAAAIA"}
00619{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cpha.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603354463286,"flow_last_seen":1603354463286,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1603354463286,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"172.21.3.0","src_port":8116,"dst_port":8116,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"CPHA","breed":"Fun","category":"Network"}}
00658{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cpha.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1603354463286,"flow_last_seen":1603354463286,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1603354463286,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"172.21.3.0","src_port":8116,"dst_port":8116,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"CPHA","breed":"Fun","category":"Network"}}
00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cpha.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603354463286,"flow_last_seen":1603354463286,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"midstream":0,"thread_ts_msec":1603354463286,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"172.21.3.0","src_port":8116,"dst_port":8116,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"CPHA","breed":"Fun","category":"Network"}}
00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cpha.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603354463286,"flow_last_seen":1603354463286,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"midstream":0,"thread_ts_msec":1603354463286,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"172.21.3.0","src_port":8116,"dst_port":8116,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"CPHA","breed":"Fun","category":"Network"}}
00547{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cpha.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":50,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_msec":1603354463286}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 1/1
@@ -13,10 +13,10 @@
~~ total active/idle flows...: 1/1
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6003078 bytes
~~ total memory freed........: 6003078 bytes
~~ total memory allocated....: 6003086 bytes
~~ total memory freed........: 6003086 bytes
~~ total allocations/frees...: 120876/120876
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 460 chars
~~ json string max len.......: 663 chars
~~ json string avg len.......: 548 chars
~~ json string max len.......: 669 chars
~~ json string avg len.......: 551 chars

28
test/results/dazn.pcapng.out
View File

@@ -1,26 +1,26 @@
00457{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dazn.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00546{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dazn.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1653830614885}
00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dazn.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1653830614885,"flow_last_seen":1653830614885,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1653830614885,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.84.223.58","src_port":54020,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dazn.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1653830614885,"flow_last_seen":1653830614885,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1653830614885,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.84.223.58","src_port":54020,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dazn.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1653830614885,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1653830614885,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8nR9AAEAGx+XAqAGANFTfOtMEAbuvwsZTAAAAAKAC+vBmfAAAAgQFtAQCCAqWAjADAAAAAAEDAwc="}
00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dazn.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1653830614902,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1653830614902,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8gywAAPQGbdg0VN86wKgBgAG70wTy6KcPr8LGVKAS\/\/+ceQAAAgQFoAQCCAqKcaCKlgIwAwEDAwk="}
01162{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dazn.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1653830614904,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1653830614904,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5nSFAAEAGxebAqAGANFTfOtMEAbuvwsZU8uinEIAYAfZtkgAAAQEICpYCMBWKcaCKFgMBAgABAAH8AwPGAVMbGSAdqErCRl+JXjKyqMchnfEu2B1zRzOaxV8o1iAgIXSPqMjljdeZ3z7HJVcJsXiZNidVLUq9BDfRlvUd8wAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAARAA8AAAx3d3cuZGF6bi5jb20AFwAA\/wEAAQAACgAOAAwAHQAXABgAGQEAAQEACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAACIACgAIBAMFAwYDAgMAMwBrAGkAHQAgb4BCLF1x\/xJ6a5y\/t336Oc1aPROIMgrb5TqghyKk8UgAFwBBBJ9JHh6PsEBzfFNPwetkTywSgp2rvZxjUd7cfOXHBFgNjkLd+otPjvJdROVP19OEA+JHkFvE7miAvh9c39D0acUAKwAFBAMEAwMADQAYABYEAwUDBgMIBAgFCAYEAQUBBgECAwIBAC0AAgEBABwAAkABABUAigAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00882{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"dazn.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1653830614885,"flow_last_seen":1653830614904,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1653830614904,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.84.223.58","src_port":54020,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dazn","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.dazn.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00923{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"dazn.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1653830614885,"flow_last_seen":1653830614920,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1945,"flow_avg_l4_payload_len":486,"midstream":0,"thread_ts_msec":1653830614920,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.84.223.58","src_port":54020,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dazn","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.dazn.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"dazn.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1653830640613,"flow_last_seen":1653830640613,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1653830640613,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.226.244.27","src_port":46036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00887{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"dazn.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1653830614885,"flow_last_seen":1653830614904,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"midstream":0,"thread_ts_msec":1653830614904,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.84.223.58","src_port":54020,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dazn","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.dazn.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00928{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"dazn.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1653830614885,"flow_last_seen":1653830614920,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1945,"midstream":0,"thread_ts_msec":1653830614920,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.84.223.58","src_port":54020,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dazn","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.dazn.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"dazn.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1653830640613,"flow_last_seen":1653830640613,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1653830640613,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.226.244.27","src_port":46036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"dazn.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1653830640613,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1653830640613,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA81ThAAEAGoV3AqAGADeL0G7PUAbsidLdlAAAAAKAC+vBeiAAAAgQFtAQCCArtba2JAAAAAAEDAwc="}
00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"dazn.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1653830640629,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1653830640629,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8HAYAAPQG5o8N4vQbwKgBgAG7s9RejoeqInS3ZqAS\/\/\/XoAAAAgQFoAQCCApxJyp57W2tiQEDAwk="}
01161{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"dazn.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1653830640634,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1653830640634,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI51TpAAEAGn17AqAGADeL0G7PUAbsidLdmXo6Hq4AYAfYzVAAAAQEICu1trZ1xJyp5FgMBAgABAAH8AwNgo6eggHfe+PBZNxxz2f+Nts8It8o3t3RyfFY+U+8s3iC6XQSkJJt5cWG68Q2AWVjlm2pyKfMq4VXHQ5nXKhlFIwAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAfAB0AABp1c2VyLXByb2ZpbGUuYXIuaW5kYXpuLmNvbQAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACDBldI46Te7dQq3VD7W+6azi6DI\/x3CzXEMlx+YJs8PCwAXAEEEQNzV3U7NxlwdMnUehbZejtqtCZtaP2SJSRszCqNnAwH+g3rcgl4s+kaLRhv1lRSxAtta1rthAruCkIpXtKVXxQArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAFQB8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00897{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"dazn.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1653830640613,"flow_last_seen":1653830640634,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1653830640634,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.226.244.27","src_port":46036,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dazn","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"user-profile.ar.indazn.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00938{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"dazn.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1653830640613,"flow_last_seen":1653830640651,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1945,"flow_avg_l4_payload_len":486,"midstream":0,"thread_ts_msec":1653830640651,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.226.244.27","src_port":46036,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dazn","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.3","client_requested_server_name":"user-profile.ar.indazn.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"dazn.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1653830641480,"flow_last_seen":1653830641480,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1653830641480,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.226.244.30","src_port":40882,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00902{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"dazn.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1653830640613,"flow_last_seen":1653830640634,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"midstream":0,"thread_ts_msec":1653830640634,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.226.244.27","src_port":46036,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dazn","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"user-profile.ar.indazn.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00943{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"dazn.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1653830640613,"flow_last_seen":1653830640651,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1945,"midstream":0,"thread_ts_msec":1653830640651,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.226.244.27","src_port":46036,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dazn","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.3","client_requested_server_name":"user-profile.ar.indazn.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"dazn.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1653830641480,"flow_last_seen":1653830641480,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1653830641480,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.226.244.30","src_port":40882,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"dazn.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1653830641480,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1653830641480,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA85BtAAEAGknfAqAGADeL0Hp+yAbsjfBE0AAAAAKAC+vA8bQAAAgQFtAQCCAp3jv7MAAAAAAEDAwc="}
00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"dazn.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1653830641499,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1653830641499,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8XjkAAPQGpFkN4vQewKgBgAG7n7LhtoguI3wRNaAS\/\/8VuQAAAgQFoAQCCArbVdxqd47+zAEDAwk="}
01162{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"dazn.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1653830641501,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1653830641501,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI55B1AAEAGkHjAqAGADeL0Hp+yAbsjfBE14baIL4AYAfZN2QAAAQEICneO\/uHbVdxqFgMBAgABAAH8AwP2xFVrrUUvT7baclvRUkGIqabLtROHVCH1j8n+tyIQOSBQFGnUgcb1RPrURqFyxAWNNtynXG\/2Smtg77i2bY+f2AAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAnACUAACJzdWJzY3JpcHRpb25zLXNlcnZpY2UuZGF6bi1hcGkuY29tABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAiAAoACAQDBQMGAwIDADMAawBpAB0AIFI+QFCwyxDx8rtg+zcI4aDG3vLdEXhdv9WlGPEzxkNWABcAQQRZp49grcHpoqyt72TjbH7tj6VIJDIKkQJbqcOiWq2yF5dYzF0IxbGxZvKD0AgVDvU5GFpnRplE+UiURWgGlLRaACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQAVAHQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00906{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"dazn.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1653830641480,"flow_last_seen":1653830641501,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1653830641501,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.226.244.30","src_port":40882,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dazn","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"subscriptions-service.dazn-api.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00947{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"dazn.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1653830641480,"flow_last_seen":1653830641520,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1945,"flow_avg_l4_payload_len":486,"midstream":0,"thread_ts_msec":1653830641520,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.226.244.30","src_port":40882,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dazn","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.3","client_requested_server_name":"subscriptions-service.dazn-api.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"dazn.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1653830640613,"flow_last_seen":1653830640651,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1945,"flow_avg_l4_payload_len":486,"midstream":0,"thread_ts_msec":1653830641520,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.226.244.27","src_port":46036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dazn","breed":"Fun","category":"Streaming"}}
00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"dazn.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1653830614885,"flow_last_seen":1653830614920,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1945,"flow_avg_l4_payload_len":486,"midstream":0,"thread_ts_msec":1653830641520,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.84.223.58","src_port":54020,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dazn","breed":"Fun","category":"Streaming"}}
00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"dazn.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1653830641480,"flow_last_seen":1653830641520,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1945,"flow_avg_l4_payload_len":486,"midstream":0,"thread_ts_msec":1653830641520,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.226.244.30","src_port":40882,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dazn","breed":"Fun","category":"Streaming"}}
00911{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"dazn.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1653830641480,"flow_last_seen":1653830641501,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"midstream":0,"thread_ts_msec":1653830641501,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.226.244.30","src_port":40882,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dazn","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"subscriptions-service.dazn-api.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00952{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"dazn.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1653830641480,"flow_last_seen":1653830641520,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1945,"midstream":0,"thread_ts_msec":1653830641520,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.226.244.30","src_port":40882,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dazn","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.3","client_requested_server_name":"subscriptions-service.dazn-api.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"dazn.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1653830640613,"flow_last_seen":1653830640651,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1945,"midstream":0,"thread_ts_msec":1653830641520,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.226.244.27","src_port":46036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dazn","breed":"Fun","category":"Streaming"}}
00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"dazn.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1653830614885,"flow_last_seen":1653830614920,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1945,"midstream":0,"thread_ts_msec":1653830641520,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.84.223.58","src_port":54020,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dazn","breed":"Fun","category":"Streaming"}}
00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"dazn.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1653830641480,"flow_last_seen":1653830641520,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1945,"midstream":0,"thread_ts_msec":1653830641520,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.226.244.30","src_port":40882,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dazn","breed":"Fun","category":"Streaming"}}
00555{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"dazn.pcapng","alias":"nDPId-test","packets-captured":12,"packets-processed":12,"total-skipped-flows":0,"total-l4-payload-len":5835,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":24,"global_ts_msec":1653830641520}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 12/12
@@ -30,8 +30,8 @@
~~ total active/idle flows...: 3/3
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6011773 bytes
~~ total memory freed........: 6011773 bytes
~~ total memory allocated....: 6011797 bytes
~~ total memory freed........: 6011797 bytes
~~ total allocations/frees...: 120905/120905
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 462 chars

28
test/results/dcerpc.pcap.out
View File

@@ -1,27 +1,27 @@
00457{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dcerpc.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00546{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dcerpc.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1602860709979}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1602860709979,"flow_last_seen":1602860709979,"flow_idle_time":200000,"flow_min_l4_payload_len":642,"flow_max_l4_payload_len":642,"flow_tot_l4_payload_len":642,"flow_avg_l4_payload_len":642,"midstream":0,"thread_ts_msec":1602860709979,"l3_proto":"ip4","src_ip":"192.168.1.11","dst_ip":"192.168.1.20","src_port":49155,"dst_port":34964,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1602860709979,"flow_last_seen":1602860709979,"flow_idle_time":200000,"flow_min_l4_payload_len":642,"flow_max_l4_payload_len":642,"flow_tot_l4_payload_len":642,"midstream":0,"thread_ts_msec":1602860709979,"l3_proto":"ip4","src_ip":"192.168.1.11","dst_ip":"192.168.1.20","src_port":49155,"dst_port":34964,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01303{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1602860709979,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":684,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":684,"pkt_l4_len":650,"thread_ts_msec":1602860709979,"pkt":"AA7wSJ4FABwGCybtCABFAAKeAX4AAB4RFWLAqAELwKgBFMADiJQCip8cBAAgAAAAAADeoAAAbJcR0YJxAAEBAQFN3qAAAWyXEdGCcQCgJELffTX9qQA1ihISgAQAHAYLJu0AAAAAAAAAAQAAAAAAAP\/\/\/\/8CMgAAAAAAAAMtAAACHgAAAy0AAAAAAAACHgEBAEQBAAABCfGlMMdfbUe2f4BzQ53qrQACABwGCybt3qAAAGyXEdGCcQBkAQ0AKgAAABECWIiSAA5wbGN4YmtvbnRyNzRiNwECAGgBAAABAAGIkgAAAAIAKIAAACAAAgABAAD\/\/\/\/\/AAMAA8AAAAAAAAAAAAEAAAAAAAcAAAABAAAAAIAAAAEAAIABAAIAAIACAAMAAQABAAQAAgABAAYAAwABAAkAAgACAAEACAAEAAEACwECAGgBAAACAAKIkgAAAAIAKIAQACAAAgABAAD\/\/\/\/\/AAMAA8AAAAAAAAAAAAEAAAAAAAIAAgABAAYABAABAAkABwAAAAEAAAAAgAAAAQAAgAEAAgAAgAIAAwABAAEABAACAAEABQADAAEACAEEAEoBAAABAAAAAAAAAAAEBgAAAAQAAQAAAAEAAAABAAABAYAAAAAAAgAAAAEAAAEBgAEAAAADAAAAAQAAAQGAAgAAAAMAAAABAAABAQEEACABAAABAAAAAAABAQAA2AAAAAEAAQAAAAEAAQABAAEBAQEEACYBAAABAAAAAAACCAgABAAAAAEAAQAAAAEAAwABAAEBAQACAAEBAQEEACABAAABAAAAAAADCAAAAgAAAAEAAQAAAAEAAQABAAEBAQEEACABAAABAAAAAAAEAAgAUgAAAAEAAQAAAAEAAgACAAEBAQEDABYBAAABiJIAAAAAAAEAAwAAAQDAAKAA"}
00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1602860709979,"flow_last_seen":1602860709979,"flow_idle_time":200000,"flow_min_l4_payload_len":642,"flow_max_l4_payload_len":642,"flow_tot_l4_payload_len":642,"flow_avg_l4_payload_len":642,"midstream":0,"thread_ts_msec":1602860709979,"l3_proto":"ip4","src_ip":"192.168.1.11","dst_ip":"192.168.1.20","src_port":49155,"dst_port":34964,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RPC","breed":"Acceptable","category":"RPC"}}
00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1602860709979,"flow_last_seen":1602860709979,"flow_idle_time":200000,"flow_min_l4_payload_len":642,"flow_max_l4_payload_len":642,"flow_tot_l4_payload_len":642,"midstream":0,"thread_ts_msec":1602860709979,"l3_proto":"ip4","src_ip":"192.168.1.11","dst_ip":"192.168.1.20","src_port":49155,"dst_port":34964,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RPC","breed":"Acceptable","category":"RPC"}}
01303{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1602860709979,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":684,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":684,"pkt_l4_len":650,"thread_ts_msec":1602860709979,"pkt":"AA7wSJ4FABwGCybtCABFAAKeAX4AAB4RFWLAqAELwKgBFMADiJQCip8cBAAgAAAAAADeoAAAbJcR0YJxAAEBAQFN3qAAAWyXEdGCcQCgJELffTX9qQA1ihISgAQAHAYLJu0AAAAAAAAAAQAAAAAAAP\/\/\/\/8CMgAAAAAAAAMtAAACHgAAAy0AAAAAAAACHgEBAEQBAAABCfGlMMdfbUe2f4BzQ53qrQACABwGCybt3qAAAGyXEdGCcQBkAQ0AKgAAABECWIiSAA5wbGN4YmtvbnRyNzRiNwECAGgBAAABAAGIkgAAAAIAKIAAACAAAgABAAD\/\/\/\/\/AAMAA8AAAAAAAAAAAAEAAAAAAAcAAAABAAAAAIAAAAEAAIABAAIAAIACAAMAAQABAAQAAgABAAYAAwABAAkAAgACAAEACAAEAAEACwECAGgBAAACAAKIkgAAAAIAKIAQACAAAgABAAD\/\/\/\/\/AAMAA8AAAAAAAAAAAAEAAAAAAAIAAgABAAYABAABAAkABwAAAAEAAAAAgAAAAQAAgAEAAgAAgAIAAwABAAEABAACAAEABQADAAEACAEEAEoBAAABAAAAAAAAAAAEBgAAAAQAAQAAAAEAAAABAAABAYAAAAAAAgAAAAEAAAEBgAEAAAADAAAAAQAAAQGAAgAAAAMAAAABAAABAQEEACABAAABAAAAAAABAQAA2AAAAAEAAQAAAAEAAQABAAEBAQEEACYBAAABAAAAAAACCAgABAAAAAEAAQAAAAEAAwABAAEBAQACAAEBAQEEACABAAABAAAAAAADCAAAAgAAAAEAAQAAAAEAAQABAAEBAQEEACABAAABAAAAAAAEAAgAUgAAAAEAAQAAAAEAAgACAAEBAQEDABYBAAABiJIAAAAAAAEAAwAAAQDAAKAA"}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1602860709993,"flow_last_seen":1602860709993,"flow_idle_time":200000,"flow_min_l4_payload_len":170,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":170,"flow_avg_l4_payload_len":170,"midstream":0,"thread_ts_msec":1602860709993,"l3_proto":"ip4","src_ip":"192.168.1.20","dst_ip":"192.168.1.11","src_port":49161,"dst_port":49155,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1602860709993,"flow_last_seen":1602860709993,"flow_idle_time":200000,"flow_min_l4_payload_len":170,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":170,"midstream":0,"thread_ts_msec":1602860709993,"l3_proto":"ip4","src_ip":"192.168.1.20","dst_ip":"192.168.1.11","src_port":49161,"dst_port":49155,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1602860709993,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_msec":1602860709993,"pkt":"ABwGCybtAA7wSJ4FCABFAADGAAUAAB4RGLPAqAEUwKgBC8AJwAMAsvR9BAIKABAAAAAAAKDel2zREYJxAAEBAQFNAQCg3pds0RGCcQCgJELffQCp\/TWKNRISgAQAHAYLJu0AAAAAAQAAAAAAAAAAAP\/\/\/\/9aAAAAAAAAAAAARgAAAC0DAAAAAAAARgAAAIEBAB4BAAABCfGlMMdfbUe2f4BzQ53qrQACAA7wSJ4FiJKBAgAIAQAAAQABgACBAgAIAQAAAgACgBCBAwAIAQAAAQAUBZg="}
00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1602860709993,"flow_last_seen":1602860709993,"flow_idle_time":200000,"flow_min_l4_payload_len":170,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":170,"flow_avg_l4_payload_len":170,"midstream":0,"thread_ts_msec":1602860709993,"l3_proto":"ip4","src_ip":"192.168.1.20","dst_ip":"192.168.1.11","src_port":49161,"dst_port":49155,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RPC","breed":"Acceptable","category":"RPC"}}
00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1602860709993,"flow_last_seen":1602860709993,"flow_idle_time":200000,"flow_min_l4_payload_len":170,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":170,"midstream":0,"thread_ts_msec":1602860709993,"l3_proto":"ip4","src_ip":"192.168.1.20","dst_ip":"192.168.1.11","src_port":49161,"dst_port":49155,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RPC","breed":"Acceptable","category":"RPC"}}
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1602860709993,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_msec":1602860709993,"pkt":"ABwGCybtAA7wSJ4FCABFAADGAAUAAB4RGLPAqAEUwKgBC8AJwAMAsvR9BAIKABAAAAAAAKDel2zREYJxAAEBAQFNAQCg3pds0RGCcQCgJELffQCp\/TWKNRISgAQAHAYLJu0AAAAAAQAAAAAAAAAAAP\/\/\/\/9aAAAAAAAAAAAARgAAAC0DAAAAAAAARgAAAIEBAB4BAAABCfGlMMdfbUe2f4BzQ53qrQACAA7wSJ4FiJKBAgAIAQAAAQABgACBAgAIAQAAAgACgBCBAwAIAQAAAQAUBZg="}
01727{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1602860710012,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":995,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":995,"pkt_l4_len":961,"thread_ts_msec":1602860710012,"pkt":"AA7wSJ4FABwGCybtCABFAAPVAX8AAB4RFCrAqAELwKgBFMADiJQDwWYXBAAgAAAAAADeoAAAbJcR0YJxAAEBAQFN3qAAAWyXEdGCcQCgJELffTX9qQA1ihISgAQAHAYLJu0AAAAAAAAAAQAAAAEAA\/\/\/\/\/8DaQAAAAAAAANVAAADVQAAA1UAAAAAAAADVQAIADwBAAAACfGlMMdfbUe2f4BzQ53qrf\/\/\/\/\/\/\/\/\/\/AADgQAAAAxUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAA8AQAAAQnxpTDHX21Htn+Ac0Od6q0AAAAAAAAAAQAAAAEAAAAGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIQAfADEAAAAACAA8AQAAAgnxpTDHX21Htn+Ac0Od6q0AAAAAAACAAAAAgFEAAAAcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAhMAGAEAAADD1of+eJ4Doazb5b\/LvCe2AAAAAAAIADwBAAADCfGlMMdfbUe2f4BzQ53qrQAAAAAAAIAAAACAUgAAACgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEQAkAQAAAMPWh\/54ngOhrNvlv8u8J7YAAAAAC21ycGRvbWFpbi0xAAgAPAEAAAQJ8aUwx19tR7Z\/gHNDneqtAAAAAAACAAEAAAABAAAACgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEABwdRAAAAAAAAAAAIADwBAAAFCfGlMMdfbUe2f4BzQ53qrQAAAAAAAgABAAAAAgAAAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBgEA\/wAAAAAIADwBAAAGCfGlMMdfbUe2f4BzQ53qrQAAAAAAAgABAAAAAwAAAAkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAASAQEBAQEBAQEAAAAACAA8AQAABwnxpTDHX21Htn+Ac0Od6q0AAAAAAAMAAQAAAAEAAAAKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAHAVEAAAAAAAAAAAgAPAEAAAgJ8aUwx19tR7Z\/gHNDneqtAAAAAAADAAEAAAACAAAABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEGAQD\/AAAAAAgAPAEAAAkJ8aUwx19tR7Z\/gHNDneqtAAAAAAAEAAEAAAABAAAACgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEABgQAAAAAAP8AAAAIADwBAAAKCfGlMMdfbUe2f4BzQ53qrQAAAAAABAABAAAAAgAAAAkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAASAQEBAQEBAQE="}
01524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1602860710024,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":846,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":846,"pkt_l4_len":812,"thread_ts_msec":1602860710024,"pkt":"ABwGCybtAA7wSJ4FCABFAANAAAYAAB4RFjjAqAEUwKgBC8AJwAMDLC54BAIKABAAAAAAAKDel2zREYJxAAEBAQFNAQCg3pds0RGCcQCgJELffQCp\/TWKNRISgAQAHAYLJu0AAAAAAQAAAAEAAAADAP\/\/\/\/\/UAgAAAAAAAAAAwAIAAFUDAAAAAAAAwAIAAIAIADwBAAAACfGlMMdfbUe2f4BzQ53qrf\/\/\/\/\/\/\/\/\/\/AADgQAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACACAA8AQAAAQnxpTDHX21Htn+Ac0Od6q0AAAAAAAAAAQAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAgAPAEAAAIJ8aUwx19tR7Z\/gHNDneqtAAAAAAAAgAAAAIBRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAIADwBAAADCfGlMMdfbUe2f4BzQ53qrQAAAAAAAIAAAACAUgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACACAA8AQAABAnxpTDHX21Htn+Ac0Od6q0AAAAAAAIAAQAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAgAPAEAAAUJ8aUwx19tR7Z\/gHNDneqtAAAAAAACAAEAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAIADwBAAAGCfGlMMdfbUe2f4BzQ53qrQAAAAAAAgABAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACACAA8AQAABwnxpTDHX21Htn+Ac0Od6q0AAAAAAAMAAQAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAgAPAEAAAgJ8aUwx19tR7Z\/gHNDneqtAAAAAAADAAEAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAIADwBAAAJCfGlMMdfbUe2f4BzQ53qrQAAAAAABAABAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACACAA8AQAACgnxpTDHX21Htn+Ac0Od6q0AAAAAAAQAAQAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1602860710063,"flow_last_seen":1602860710063,"flow_idle_time":200000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1602860710063,"l3_proto":"ip4","src_ip":"192.168.1.20","dst_ip":"192.168.1.11","src_port":49162,"dst_port":34964,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1602860710063,"flow_last_seen":1602860710063,"flow_idle_time":200000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"midstream":0,"thread_ts_msec":1602860710063,"l3_proto":"ip4","src_ip":"192.168.1.20","dst_ip":"192.168.1.11","src_port":49162,"dst_port":34964,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1602860710063,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"thread_ts_msec":1602860710063,"pkt":"ABwGCybtAA7wSJ4FCABFAACgAAgAAB4RGNbAqAEUwKgBC8AKiJQAjEB6BAAgABAAAAAAAKDel2zREYJxAGQBDQAqAgCg3pds0RGCcQCgJELffYDI+0MAABAQgAAADvBIngUAAAAAAQAAAAAAAAAEAP\/\/\/\/80AAAAAACgAAAAIAAAAKAAAAAAAAAAIAAAAAESABwBAAAACfGlMMdfbUe2f4BzQ53qrQACAAAAAgAA"}
00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1602860710063,"flow_last_seen":1602860710063,"flow_idle_time":200000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1602860710063,"l3_proto":"ip4","src_ip":"192.168.1.20","dst_ip":"192.168.1.11","src_port":49162,"dst_port":34964,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RPC","breed":"Acceptable","category":"RPC"}}
00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1602860710063,"flow_last_seen":1602860710063,"flow_idle_time":200000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"midstream":0,"thread_ts_msec":1602860710063,"l3_proto":"ip4","src_ip":"192.168.1.20","dst_ip":"192.168.1.11","src_port":49162,"dst_port":34964,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RPC","breed":"Acceptable","category":"RPC"}}
00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1602860710063,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"thread_ts_msec":1602860710063,"pkt":"ABwGCybtAA7wSJ4FCABFAACgAAgAAB4RGNbAqAEUwKgBC8AKiJQAjEB6BAAgABAAAAAAAKDel2zREYJxAGQBDQAqAgCg3pds0RGCcQCgJELffYDI+0MAABAQgAAADvBIngUAAAAAAQAAAAAAAAAEAP\/\/\/\/80AAAAAACgAAAAIAAAAKAAAAAAAAAAIAAAAAESABwBAAAACfGlMMdfbUe2f4BzQ53qrQACAAAAAgAA"}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1602860710071,"flow_last_seen":1602860710071,"flow_idle_time":200000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1602860710071,"l3_proto":"ip4","src_ip":"192.168.1.11","dst_ip":"192.168.1.20","src_port":49154,"dst_port":49162,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1602860710071,"flow_last_seen":1602860710071,"flow_idle_time":200000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"midstream":0,"thread_ts_msec":1602860710071,"l3_proto":"ip4","src_ip":"192.168.1.11","dst_ip":"192.168.1.20","src_port":49154,"dst_port":49162,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1602860710071,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"thread_ts_msec":1602860710071,"pkt":"AA7wSJ4FABwGCybtCABFAACgAYEAAB4RF13AqAELwKgBFMACwAoAjHUlBAIKAAAAAADeoAAAbJcR0YJxAGQBDQAq3qAAAmyXEdGCcQCgJELffUP7yIAAABAQgAAADvBIngUAJ7vVAAAAAQAAAAAABP\/\/\/\/8ANAAAAAAAAAAAAAAAIAAAAKAAAAAAAAAAIIESABwBAAAACfGlMMdfbUe2f4BzQ53qrQACAAAACAAA"}
00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1602860710071,"flow_last_seen":1602860710071,"flow_idle_time":200000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1602860710071,"l3_proto":"ip4","src_ip":"192.168.1.11","dst_ip":"192.168.1.20","src_port":49154,"dst_port":49162,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RPC","breed":"Acceptable","category":"RPC"}}
00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1602860710071,"flow_last_seen":1602860710071,"flow_idle_time":200000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"midstream":0,"thread_ts_msec":1602860710071,"l3_proto":"ip4","src_ip":"192.168.1.11","dst_ip":"192.168.1.20","src_port":49154,"dst_port":49162,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RPC","breed":"Acceptable","category":"RPC"}}
00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1602860710071,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"thread_ts_msec":1602860710071,"pkt":"AA7wSJ4FABwGCybtCABFAACgAYEAAB4RF13AqAELwKgBFMACwAoAjHUlBAIKAAAAAADeoAAAbJcR0YJxAGQBDQAq3qAAAmyXEdGCcQCgJELffUP7yIAAABAQgAAADvBIngUAJ7vVAAAAAQAAAAAABP\/\/\/\/8ANAAAAAAAAAAAAAAAIAAAAKAAAAAAAAAAIIESABwBAAAACfGlMMdfbUe2f4BzQ53qrQACAAAACAAA"}
00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1602860710071,"flow_last_seen":1602860710071,"flow_idle_time":200000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":264,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1602860710071,"l3_proto":"ip4","src_ip":"192.168.1.11","dst_ip":"192.168.1.20","src_port":49154,"dst_port":49162,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"RPC","breed":"Acceptable","category":"RPC"}}
00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1602860709993,"flow_last_seen":1602860710062,"flow_idle_time":200000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":804,"flow_tot_l4_payload_len":2212,"flow_avg_l4_payload_len":368,"midstream":0,"thread_ts_msec":1602860710071,"l3_proto":"ip4","src_ip":"192.168.1.20","dst_ip":"192.168.1.11","src_port":49161,"dst_port":49155,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"RPC","breed":"Acceptable","category":"RPC"}}
00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1602860709979,"flow_last_seen":1602860710032,"flow_idle_time":200000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":953,"flow_tot_l4_payload_len":3454,"flow_avg_l4_payload_len":575,"midstream":0,"thread_ts_msec":1602860710071,"l3_proto":"ip4","src_ip":"192.168.1.11","dst_ip":"192.168.1.20","src_port":49155,"dst_port":34964,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"RPC","breed":"Acceptable","category":"RPC"}}
00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1602860710063,"flow_last_seen":1602860710063,"flow_idle_time":200000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":264,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1602860710071,"l3_proto":"ip4","src_ip":"192.168.1.20","dst_ip":"192.168.1.11","src_port":49162,"dst_port":34964,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"RPC","breed":"Acceptable","category":"RPC"}}
00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1602860710071,"flow_last_seen":1602860710071,"flow_idle_time":200000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":264,"midstream":0,"thread_ts_msec":1602860710071,"l3_proto":"ip4","src_ip":"192.168.1.11","dst_ip":"192.168.1.20","src_port":49154,"dst_port":49162,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"RPC","breed":"Acceptable","category":"RPC"}}
00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1602860709993,"flow_last_seen":1602860710062,"flow_idle_time":200000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":804,"flow_tot_l4_payload_len":2212,"midstream":0,"thread_ts_msec":1602860710071,"l3_proto":"ip4","src_ip":"192.168.1.20","dst_ip":"192.168.1.11","src_port":49161,"dst_port":49155,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"RPC","breed":"Acceptable","category":"RPC"}}
00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1602860709979,"flow_last_seen":1602860710032,"flow_idle_time":200000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":953,"flow_tot_l4_payload_len":3454,"midstream":0,"thread_ts_msec":1602860710071,"l3_proto":"ip4","src_ip":"192.168.1.11","dst_ip":"192.168.1.20","src_port":49155,"dst_port":34964,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"RPC","breed":"Acceptable","category":"RPC"}}
00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1602860710063,"flow_last_seen":1602860710063,"flow_idle_time":200000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":264,"midstream":0,"thread_ts_msec":1602860710071,"l3_proto":"ip4","src_ip":"192.168.1.20","dst_ip":"192.168.1.11","src_port":49162,"dst_port":34964,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"RPC","breed":"Acceptable","category":"RPC"}}
00555{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":16,"source":"dcerpc.pcap","alias":"nDPId-test","packets-captured":16,"packets-processed":16,"total-skipped-flows":0,"total-l4-payload-len":6194,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":25,"global_ts_msec":1602860710071}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 16/16
@@ -31,8 +31,8 @@
~~ total active/idle flows...: 4/4
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6006721 bytes
~~ total memory freed........: 6006721 bytes
~~ total memory allocated....: 6006753 bytes
~~ total memory freed........: 6006753 bytes
~~ total allocations/frees...: 120904/120904
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 462 chars

10
test/results/dhcp-fuzz.pcapng.out
View File

@@ -1,9 +1,9 @@
00462{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dhcp-fuzz.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00551{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dhcp-fuzz.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1268519154926}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dhcp-fuzz.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1268519154926,"flow_last_seen":1268519154926,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1268519154926,"l3_proto":"ip4","src_ip":"192.168.155.104","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dhcp-fuzz.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1268519154926,"flow_last_seen":1268519154926,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"midstream":0,"thread_ts_msec":1268519154926,"l3_proto":"ip4","src_ip":"192.168.155.104","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00852{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dhcp-fuzz.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1268519154926,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":1268519154926,"pkt":"\/\/\/\/\/\/\/\/AB8p2i15CABFAAFIfVQAAIAR+kDAqJto\/\/\/\/\/wBEAEMBNNQyAQEGAMl5uWAAAAAAwKgBaAAAAAAAAAAAAAAAAAAfKdoteQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1wAAAAAAAFMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZQAAAAAAAAAAAABjglNjNQFqPQcBAB8p2i15DAdNSzAzODYyPDFNU0ZUIDUuMDcMAQ8DBiwuLx8h+Sv8KwPcAQD\/AAAAACUAAAAA"}
00713{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1,"source":"dhcp-fuzz.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1268519154926,"flow_last_seen":1268519154926,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1268519154926,"l3_proto":"ip4","src_ip":"192.168.155.104","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"","fingerprint":"","class_ident":""}}
00588{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"dhcp-fuzz.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1268519154926,"flow_last_seen":1268519154926,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1268519154926,"l3_proto":"ip4","src_ip":"192.168.155.104","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00718{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1,"source":"dhcp-fuzz.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1268519154926,"flow_last_seen":1268519154926,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"midstream":0,"thread_ts_msec":1268519154926,"l3_proto":"ip4","src_ip":"192.168.155.104","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"","fingerprint":"","class_ident":""}}
00593{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"dhcp-fuzz.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1268519154926,"flow_last_seen":1268519154926,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"midstream":0,"thread_ts_msec":1268519154926,"l3_proto":"ip4","src_ip":"192.168.155.104","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00555{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"dhcp-fuzz.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":300,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_msec":1268519154926}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 1/1
@@ -13,8 +13,8 @@
~~ total active/idle flows...: 1/1
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6003078 bytes
~~ total memory freed........: 6003078 bytes
~~ total memory allocated....: 6003086 bytes
~~ total memory freed........: 6003086 bytes
~~ total allocations/frees...: 120876/120876
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 467 chars

10
test/results/diameter.pcap.out
View File

@@ -1,11 +1,11 @@
00459{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"diameter.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00548{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"diameter.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1263278878271}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1263278878271,"flow_last_seen":1263278878271,"flow_idle_time":7580000,"flow_min_l4_payload_len":344,"flow_max_l4_payload_len":344,"flow_tot_l4_payload_len":344,"flow_avg_l4_payload_len":344,"midstream":1,"thread_ts_msec":1263278878271,"l3_proto":"ip4","src_ip":"10.201.9.245","dst_ip":"10.201.9.11","src_port":50957,"dst_port":3868,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1263278878271,"flow_last_seen":1263278878271,"flow_idle_time":7580000,"flow_min_l4_payload_len":344,"flow_max_l4_payload_len":344,"flow_tot_l4_payload_len":344,"midstream":1,"thread_ts_msec":1263278878271,"l3_proto":"ip4","src_ip":"10.201.9.245","dst_ip":"10.201.9.11","src_port":50957,"dst_port":3868,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00912{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1263278878271,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":398,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":398,"pkt_l4_len":364,"thread_ts_msec":1263278878271,"pkt":"ABpk3ZWLACYYlIbACABFAAGABtlAAIAGAAAKyQn1CskJC8cNDxz34fq2+LwvkFAY+gQqBAAAAQABWIAAARAAAAAEAupJMCbwAAMAAAEHQAAAHW54bDthcGk7MTI2MzI3ODg3ODE0NwAAAAAAAc1AAAAUQ29tdmVyc2UuRENJAAABAkAAAAwAAAAEAAABCEAAABlueGwxLm5ldHhjZWxsLmNvbQAAAAAAAShAAAAUbmV0eGNlbGwuY29tAAABn0AAAAwAAAAAAAABJUAAABlkZ3UyLmNvbXZlcnNlLmNvbQAAAAAAARtAAAAUY29tdmVyc2UuY29tAAAAN0AAAAzO9pmeAAABu0AAACgAAAG8QAAAFDkxOTA4MDAwMDAxNgAAAcJAAAAMAAAAAAAAAbhAAAAkAAABuUAAAAwAAAACAAABukAAAA1kYmlsbAAAAAAAAaBAAAAMAAAAAQAAAbVAAAA0AAABnUAAACwAAAG9QAAAGAAAAb9AAAAQAAAAAAAAAAIAAAGpQAAADAAAAWQ="}
00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1263278878271,"flow_last_seen":1263278878271,"flow_idle_time":7580000,"flow_min_l4_payload_len":344,"flow_max_l4_payload_len":344,"flow_tot_l4_payload_len":344,"flow_avg_l4_payload_len":344,"midstream":1,"thread_ts_msec":1263278878271,"l3_proto":"ip4","src_ip":"10.201.9.245","dst_ip":"10.201.9.11","src_port":50957,"dst_port":3868,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Diameter","breed":"Acceptable","category":"Network"}}
00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1263278878271,"flow_last_seen":1263278878271,"flow_idle_time":7580000,"flow_min_l4_payload_len":344,"flow_max_l4_payload_len":344,"flow_tot_l4_payload_len":344,"midstream":1,"thread_ts_msec":1263278878271,"l3_proto":"ip4","src_ip":"10.201.9.245","dst_ip":"10.201.9.11","src_port":50957,"dst_port":3868,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Diameter","breed":"Acceptable","category":"Network"}}
00768{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1263278878292,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":290,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":290,"pkt_l4_len":256,"thread_ts_msec":1263278878292,"pkt":"ACYYlIbAABpk3ZWLCABFAAEUlYlAAEAGe8kKyQkLCskJ9Q8cxw34vC+Q9+H8DlAYGSCUIQAAAQAA7EAAARAAAAAEAupJMCbwAAMAAAEHQAAAHW54bDthcGk7MTI2MzI3ODg3ODE0NwAAAAAAAQxAAAAMAAAH0QAAAQhAAAAaZHNsdTEuY29tdmVyc2UuY29tAAAAAAEoQAAAFGNvbXZlcnNlLmNvbQAAAQJAAAAMAAAABAAAAaBAAAAMAAAAAQAAAZ9AAAAMAAAAAAAAARZAAAAMAABBbQAAADdAAAAMzvaZ5QAAAcBAAAAMAAAABQAAAa9AAAA0AAABnUAAACwAAAG9QAAAGAAAAb9AAAAQAAAAAAAAAAIAAAGpQAAADAAAAWQ="}
00933{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1263278878336,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":414,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":414,"pkt_l4_len":380,"thread_ts_msec":1263278878336,"pkt":"ABpk3ZWLACYYlIbACABFAAGQBtpAAIAGAAAKyQn1CskJC8cNDxz34fwO+LwwfFAY+RgqFAAAAQABaIAAARAAAAAEAupJMSbwAAUAAAEHQAAAHW54bDthcGk7MTI2MzI3ODg3ODE0NwAAAAAAAc1AAAAUQ29tdmVyc2UuRENJAAABAkAAAAwAAAAEAAABCEAAABlueGwxLm5ldHhjZWxsLmNvbQAAAAAAAShAAAAUbmV0eGNlbGwuY29tAAABn0AAAAwAAAABAAABJUAAABlkZ3UyLmNvbXZlcnNlLmNvbQAAAAAAARtAAAAUY29tdmVyc2UuY29tAAAAN0AAAAzO9pmeAAABu0AAACgAAAG8QAAAFDkxOTA4MDAwMDAxNgAAAcJAAAAMAAAAAAAAAaBAAAAMAAAAAgAAAbVAAAA0AAABnUAAACwAAAG9QAAAGAAAAb9AAAAQAAAAAAAAAAIAAAGpQAAADAAAAWQAAAG+QAAANAAAAZ1AAAAsAAABvUAAABgAAAG\/QAAAEAAAAAAAAAABAAABqUAAAAwAAAFk"}
00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1263278878271,"flow_last_seen":1263278878357,"flow_idle_time":7580000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":360,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":276,"midstream":1,"thread_ts_msec":1263278878357,"l3_proto":"ip4","src_ip":"10.201.9.245","dst_ip":"10.201.9.11","src_port":50957,"dst_port":3868,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Diameter","breed":"Acceptable","category":"Network"}}
00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1263278878271,"flow_last_seen":1263278878357,"flow_idle_time":7580000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":360,"flow_tot_l4_payload_len":1656,"midstream":1,"thread_ts_msec":1263278878357,"l3_proto":"ip4","src_ip":"10.201.9.245","dst_ip":"10.201.9.11","src_port":50957,"dst_port":3868,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Diameter","breed":"Acceptable","category":"Network"}}
00553{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"diameter.pcap","alias":"nDPId-test","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":1656,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1263278878357}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 6/6
@@ -15,8 +15,8 @@
~~ total active/idle flows...: 1/1
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6003251 bytes
~~ total memory freed........: 6003251 bytes
~~ total memory allocated....: 6003259 bytes
~~ total memory freed........: 6003259 bytes
~~ total allocations/frees...: 120882/120882
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 464 chars

18
test/results/discord.pcap.out
View File

@@ -1,12 +1,12 @@
00458{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"discord.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00550{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"discord.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":42193,"flow_last_seen":42193,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":42193,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"162.159.128.233","src_port":42834,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00557{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"discord.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":42193,"flow_last_seen":42193,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":42193,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"162.159.128.233","src_port":42834,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"discord.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":42193,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":42193,"pkt":"UlQAEjUCCAAnW\/mGCABFAAA8+ptAAEAGEIkKAAIPop+A6adSAbuGXfMIAAAAAKAC+vDjjQAAAgQFtAQCCAqmenD7AAAAAAEDAwc="}
00443{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"discord.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":42208,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":42208,"pkt":"CAAnW\/mGUlQAEjUCCABFAAAsAYYAAEAGSa+in4DpCgACDwG7p1IAKQQBhl3zCWAS\/\/9B4AAAAgQFtA=="}
00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"discord.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":42209,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"thread_ts_msec":42209,"pkt":"UlQAEjUCCAAnW\/mGCABFAADY+p1AAEAGD+sKAAIPop+A6adSAbuGXfMJACkEAlAY+vBAZwAAFgMBAKsBAACnAwPx8xjD5ySSyjBvN4nq\/yhxDwDcyJh8lqatQ2ebeRUbCgAAGMArwCzMqcAvwDDMqMATwBQAnACdAC8ANQEAAGb\/AQABAAAAABAADgAAC2Rpc2NvcmQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAIAAYAHQAXABg="}
00820{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"discord.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":42193,"flow_last_seen":42209,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":42209,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"162.159.128.233","src_port":42834,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Discord","breed":"Fun","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"discord.com","ja3":"6f5e62edfa5933b1332ddf8b9fb3ef9d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00879{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"discord.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":42193,"flow_last_seen":42225,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1628,"flow_avg_l4_payload_len":407,"midstream":0,"thread_ts_msec":42225,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"162.159.128.233","src_port":42834,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Discord","breed":"Fun","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"discord.com","ja3":"6f5e62edfa5933b1332ddf8b9fb3ef9d","ja3s":"9ebc57def2efb523f25c77af13aa6d48","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
01294{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"discord.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":42193,"flow_last_seen":42225,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":2886,"flow_avg_l4_payload_len":577,"midstream":0,"thread_ts_msec":42225,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"162.159.128.233","src_port":42834,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.Discord","breed":"Fun","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"discord.com","server_names":"discord.com,sni.cloudflaressl.com,*.discord.com","ja3":"6f5e62edfa5933b1332ddf8b9fb3ef9d","ja3s":"9ebc57def2efb523f25c77af13aa6d48","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3","subjectDN":"C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com","alpn":"h2,http\/1.1","fingerprint":"31:3B:70:94:D5:DF:90:78:9C:A0:74:26:20:24:E4:3D:92:A7:57:9D"}}
00781{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"discord.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":42193,"flow_last_seen":42247,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":3306,"flow_avg_l4_payload_len":472,"midstream":0,"thread_ts_msec":42247,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"162.159.128.233","src_port":42834,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.Discord","breed":"Fun","category":"Collaborative"}}
00826{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"discord.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":42193,"flow_last_seen":42209,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":176,"midstream":0,"thread_ts_msec":42209,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"162.159.128.233","src_port":42834,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Discord","breed":"Fun","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"discord.com","ja3":"6f5e62edfa5933b1332ddf8b9fb3ef9d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00884{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"discord.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":42193,"flow_last_seen":42225,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1628,"midstream":0,"thread_ts_msec":42225,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"162.159.128.233","src_port":42834,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Discord","breed":"Fun","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"discord.com","ja3":"6f5e62edfa5933b1332ddf8b9fb3ef9d","ja3s":"9ebc57def2efb523f25c77af13aa6d48","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
01299{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"discord.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":3,"flow_first_seen":42193,"flow_last_seen":42225,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":2886,"midstream":0,"thread_ts_msec":42225,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"162.159.128.233","src_port":42834,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.Discord","breed":"Fun","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"discord.com","server_names":"discord.com,sni.cloudflaressl.com,*.discord.com","ja3":"6f5e62edfa5933b1332ddf8b9fb3ef9d","ja3s":"9ebc57def2efb523f25c77af13aa6d48","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3","subjectDN":"C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com","alpn":"h2,http\/1.1","fingerprint":"31:3B:70:94:D5:DF:90:78:9C:A0:74:26:20:24:E4:3D:92:A7:57:9D"}}
00786{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"discord.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":42193,"flow_last_seen":42247,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":3306,"midstream":0,"thread_ts_msec":42247,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"162.159.128.233","src_port":42834,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.Discord","breed":"Fun","category":"Collaborative"}}
00545{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"discord.pcap","alias":"nDPId-test","packets-captured":7,"packets-processed":7,"total-skipped-flows":0,"total-l4-payload-len":3306,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_msec":42247}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 7/7
@@ -16,10 +16,10 @@
~~ total active/idle flows...: 1/1
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6008232 bytes
~~ total memory freed........: 6008232 bytes
~~ total memory allocated....: 6008240 bytes
~~ total memory freed........: 6008240 bytes
~~ total allocations/frees...: 120892/120892
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 448 chars
~~ json string max len.......: 1299 chars
~~ json string avg len.......: 841 chars
~~ json string max len.......: 1304 chars
~~ json string avg len.......: 844 chars

56
test/results/dnp3.pcap.out
View File

@@ -1,60 +1,60 @@
00455{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dnp3.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00544{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dnp3.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1097501938503}
00564{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1097501938503,"flow_last_seen":1097501938503,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1097501938503,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2789,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1097501938503,"flow_last_seen":1097501938503,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1097501938503,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2789,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1097501938503,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097501938503,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTFlAAIAGmmQKAAAICgAAAwrlTiBVHBrSAAAAAHAC\/\/+mIQAAAgQFtAEBBAI="}
00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1097501938503,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097501938503,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTFlAAIAGmmQKAAAICgAAAwrlTiBVHBrSAAAAAHAC\/\/+mIQAAAgQFtAEBBAI="}
00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1097501938503,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097501938503,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTFlAAIAGmmQKAAAICgAAAwrlTiBVHBrSAAAAAHAC\/\/+mIQAAAgQFtAEBBAI="}
00629{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1097501938503,"flow_last_seen":1097501938504,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1097501938504,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2789,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1097501938503,"flow_last_seen":1097501938504,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"midstream":0,"thread_ts_msec":1097501938504,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2789,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00549{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":40,"source":"dnp3.pcap","alias":"nDPId-test","packets-captured":40,"packets-processed":39,"total-skipped-flows":0,"total-l4-payload-len":345,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_msec":1097502623045}
00565{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1097502623045,"flow_last_seen":1097502623045,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1097502623045,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2803,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1097502623045,"flow_last_seen":1097502623045,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1097502623045,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2803,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1097502623045,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097502623045,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTRVAAIAGmagKAAAICgAAAwrzTiBm5W0JAAAAAHAC\/\/9CEwAAAgQFtAEBBAI="}
00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1097502623045,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097502623045,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTRVAAIAGmagKAAAICgAAAwrzTiBm5W0JAAAAAHAC\/\/9CEwAAAgQFtAEBBAI="}
00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1097502623045,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097502623045,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTRVAAIAGmagKAAAICgAAAwrzTiBm5W0JAAAAAHAC\/\/9CEwAAAgQFtAEBBAI="}
00629{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1097502623045,"flow_last_seen":1097502623047,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1097502623047,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2803,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1097502623045,"flow_last_seen":1097502623047,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"midstream":0,"thread_ts_msec":1097502623047,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2803,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00550{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":79,"source":"dnp3.pcap","alias":"nDPId-test","packets-captured":79,"packets-processed":78,"total-skipped-flows":0,"total-l4-payload-len":540,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_msec":1097504102255}
00565{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1097504102255,"flow_last_seen":1097504102255,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1097504102255,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2828,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1097504102255,"flow_last_seen":1097504102255,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1097504102255,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2828,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1097504102255,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097504102255,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTjtAAIAGmIIKAAAICgAAAwsMTiCPBdusAAAAAHAC\/\/+rNgAAAgQFtAEBBAI="}
00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1097504102255,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097504102255,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTjtAAIAGmIIKAAAICgAAAwsMTiCPBdusAAAAAHAC\/\/+rNgAAAgQFtAEBBAI="}
00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1097504102255,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097504102255,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTjtAAIAGmIIKAAAICgAAAwsMTiCPBdusAAAAAHAC\/\/+rNgAAAgQFtAEBBAI="}
00629{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1097504102255,"flow_last_seen":1097504102257,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1097504102257,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2828,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00669{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":109,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":39,"flow_first_seen":1097502623045,"flow_last_seen":1097502648678,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":5,"midstream":0,"thread_ts_msec":1097504103602,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2803,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1097504102255,"flow_last_seen":1097504102257,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"midstream":0,"thread_ts_msec":1097504102257,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2828,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00677{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":109,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":18,"flow_first_seen":1097502623045,"flow_last_seen":1097502648678,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":195,"midstream":0,"thread_ts_msec":1097504103602,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2803,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00554{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":217,"source":"dnp3.pcap","alias":"nDPId-test","packets-captured":217,"packets-processed":216,"total-skipped-flows":0,"total-l4-payload-len":3957,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_msec":1097505644006}
00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":217,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1097505644006,"flow_last_seen":1097505644006,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1097505644006,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1080,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":217,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1097505644006,"flow_last_seen":1097505644006,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1097505644006,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1080,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1097505644006,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097505644006,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAVNAAIAG5WkKAAAJCgAAAwQ4TiAZahgcAAAAAHAC\/\/\/rNQAAAgQFtAEBBAI="}
00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1097505644006,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097505644006,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAVNAAIAG5WkKAAAJCgAAAwQ4TiAZahgcAAAAAHAC\/\/\/rNQAAAgQFtAEBBAI="}
00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1097505644006,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097505644006,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAVNAAIAG5WkKAAAJCgAAAwQ4TiAZahgcAAAAAHAC\/\/\/rNQAAAgQFtAEBBAI="}
00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":226,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1097505644006,"flow_last_seen":1097505719035,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":15,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1097505719035,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1080,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":226,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":3,"flow_first_seen":1097505644006,"flow_last_seen":1097505719035,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":15,"flow_tot_l4_payload_len":15,"midstream":0,"thread_ts_msec":1097505719035,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1080,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00554{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":352,"source":"dnp3.pcap","alias":"nDPId-test","packets-captured":352,"packets-processed":351,"total-skipped-flows":0,"total-l4-payload-len":5682,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":4,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":27,"global_ts_msec":1097507785883}
00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":352,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1097507785883,"flow_last_seen":1097507785883,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1097507785883,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1086,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":352,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1097507785883,"flow_last_seen":1097507785883,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1097507785883,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1086,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":352,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1097507785883,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097507785883,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAaRAAIAG5RkKAAAICgAAAwQ+TiAMLRLKAAAAAHAC\/\/\/9vwAAAgQFtAEBBAI="}
00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":353,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1097507785883,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097507785883,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAaRAAIAG5RkKAAAICgAAAwQ+TiAMLRLKAAAAAHAC\/\/\/9vwAAAgQFtAEBBAI="}
00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":354,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1097507785883,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097507785883,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAaRAAIAG5RkKAAAICgAAAwQ+TiAMLRLKAAAAAHAC\/\/\/9vwAAAgQFtAEBBAI="}
00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":361,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1097507785883,"flow_last_seen":1097507785885,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1097507785885,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1086,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":361,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1097507785883,"flow_last_seen":1097507785885,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"midstream":0,"thread_ts_msec":1097507785885,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1086,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00554{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":445,"source":"dnp3.pcap","alias":"nDPId-test","packets-captured":445,"packets-processed":444,"total-skipped-flows":0,"total-l4-payload-len":7101,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":5,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":33,"global_ts_msec":1097510947092}
00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":445,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1097510947092,"flow_last_seen":1097510947092,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1097510947092,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1159,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":445,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1097510947092,"flow_last_seen":1097510947092,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1097510947092,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1159,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":445,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1097510947092,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097510947092,"pkt":"AAKzznBRAFAEk3BnCABFAAAwBZtAAIAG4SIKAAAICgAAAwSHTiCYpsdTAAAAAHAC\/\/+8cwAAAgQFtAEBBAI="}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":446,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1097510947092,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097510947092,"pkt":"AAKzznBRAFAEk3BnCABFAAAwBZtAAIAG4SIKAAAICgAAAwSHTiCYpsdTAAAAAHAC\/\/+8cwAAAgQFtAEBBAI="}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":447,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1097510947092,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097510947092,"pkt":"AAKzznBRAFAEk3BnCABFAAAwBZtAAIAG4SIKAAAICgAAAwSHTiCYpsdTAAAAAHAC\/\/+8cwAAAgQFtAEBBAI="}
00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":454,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1097510947092,"flow_last_seen":1097510947094,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1097510947094,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1159,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":466,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":39,"flow_first_seen":1097501938503,"flow_last_seen":1097502062040,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1097510950374,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2789,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":454,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1097510947092,"flow_last_seen":1097510947094,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"midstream":0,"thread_ts_msec":1097510947094,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1159,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":466,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":15,"flow_first_seen":1097501938503,"flow_last_seen":1097502062040,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":345,"midstream":0,"thread_ts_msec":1097510950374,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2789,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00554{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":472,"source":"dnp3.pcap","alias":"nDPId-test","packets-captured":472,"packets-processed":471,"total-skipped-flows":0,"total-l4-payload-len":7296,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":6,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":40,"global_ts_msec":1097512255234}
00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":472,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1097512255234,"flow_last_seen":1097512255234,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1097512255234,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1184,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":472,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1097512255234,"flow_last_seen":1097512255234,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1097512255234,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1184,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":472,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1097512255234,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097512255234,"pkt":"AAKzznBRAFAEk3BnCABFAAAwBpNAAIAG4CoKAAAICgAAAwSgTiANrtDCAAAAAHAC\/\/895AAAAgQFtAEBBAI="}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":473,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1097512255234,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097512255234,"pkt":"AAKzznBRAFAEk3BnCABFAAAwBpNAAIAG4CoKAAAICgAAAwSgTiANrtDCAAAAAHAC\/\/895AAAAgQFtAEBBAI="}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":474,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1097512255234,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097512255234,"pkt":"AAKzznBRAFAEk3BnCABFAAAwBpNAAIAG4CoKAAAICgAAAwSgTiANrtDCAAAAAHAC\/\/895AAAAgQFtAEBBAI="}
00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":481,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1097512255234,"flow_last_seen":1097512255236,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1097512255236,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1184,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":496,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":138,"flow_first_seen":1097504102255,"flow_last_seen":1097504224083,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":3417,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1097512264841,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2828,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":481,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1097512255234,"flow_last_seen":1097512255236,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"midstream":0,"thread_ts_msec":1097512255236,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1184,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":496,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":60,"flow_dst_packets_processed":78,"flow_first_seen":1097504102255,"flow_last_seen":1097504224083,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":3417,"midstream":0,"thread_ts_msec":1097512264841,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2828,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00554{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":505,"source":"dnp3.pcap","alias":"nDPId-test","packets-captured":505,"packets-processed":504,"total-skipped-flows":0,"total-l4-payload-len":7593,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":7,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":47,"global_ts_msec":1097513177295}
00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":505,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1097513177295,"flow_last_seen":1097513177295,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1097513177295,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1084,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":505,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1097513177295,"flow_last_seen":1097513177295,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1097513177295,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1084,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":505,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1097513177295,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097513177295,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAUpAAIAG5XIKAAAJCgAAAwQ8TiBc3qwfAAAAAHAC\/\/8TugAAAgQFtAEBBAI="}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":506,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1097513177295,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097513177295,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAUpAAIAG5XIKAAAJCgAAAwQ8TiBc3qwfAAAAAHAC\/\/8TugAAAgQFtAEBBAI="}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":507,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1097513177295,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097513177295,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAUpAAIAG5XIKAAAJCgAAAwQ8TiBc3qwfAAAAAHAC\/\/8TugAAAgQFtAEBBAI="}
00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":514,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1097513177295,"flow_last_seen":1097513177297,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1097513177297,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1084,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":543,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":135,"flow_first_seen":1097505644006,"flow_last_seen":1097506028601,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1097513185107,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1080,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00669{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":543,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":39,"flow_first_seen":1097513177295,"flow_last_seen":1097513185107,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":5,"midstream":0,"thread_ts_msec":1097513185107,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1084,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":543,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":93,"flow_first_seen":1097507785883,"flow_last_seen":1097507856257,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":1419,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1097513185107,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1086,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":543,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1097510947092,"flow_last_seen":1097510959487,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":7,"midstream":0,"thread_ts_msec":1097513185107,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1159,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":543,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1097512255234,"flow_last_seen":1097512267645,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":9,"midstream":0,"thread_ts_msec":1097513185107,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1184,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":514,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1097513177295,"flow_last_seen":1097513177297,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"midstream":0,"thread_ts_msec":1097513177297,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1084,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":543,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":72,"flow_dst_packets_processed":63,"flow_first_seen":1097505644006,"flow_last_seen":1097506028601,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":1725,"midstream":0,"thread_ts_msec":1097513185107,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1080,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00677{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":543,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":18,"flow_first_seen":1097513177295,"flow_last_seen":1097513185107,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":195,"midstream":0,"thread_ts_msec":1097513185107,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1084,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":543,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":57,"flow_dst_packets_processed":36,"flow_first_seen":1097507785883,"flow_last_seen":1097507856257,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":1419,"midstream":0,"thread_ts_msec":1097513185107,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1086,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":543,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":12,"flow_first_seen":1097510947092,"flow_last_seen":1097510959487,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":195,"midstream":0,"thread_ts_msec":1097513185107,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1159,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":543,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":12,"flow_first_seen":1097512255234,"flow_last_seen":1097512267645,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":297,"midstream":0,"thread_ts_msec":1097513185107,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1184,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00556{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":543,"source":"dnp3.pcap","alias":"nDPId-test","packets-captured":543,"packets-processed":543,"total-skipped-flows":0,"total-l4-payload-len":7788,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":58,"global_ts_msec":1097513185107}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 543/543
@@ -64,10 +64,10 @@
~~ total active/idle flows...: 8/8
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6028740 bytes
~~ total memory freed........: 6028740 bytes
~~ total memory allocated....: 6028804 bytes
~~ total memory freed........: 6028804 bytes
~~ total allocations/frees...: 121464/121464
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 460 chars
~~ json string max len.......: 678 chars
~~ json string avg len.......: 568 chars
~~ json string max len.......: 684 chars
~~ json string avg len.......: 571 chars

16
test/results/dns-invalid-chars.pcap.out
View File

@@ -1,11 +1,11 @@
00468{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dns-invalid-chars.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00556{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dns-invalid-chars.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":946734886956}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns-invalid-chars.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946734886956,"flow_last_seen":946734886956,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":946734886956,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":35980,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns-invalid-chars.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946734886956,"flow_last_seen":946734886956,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"midstream":0,"thread_ts_msec":946734886956,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":35980,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dns-invalid-chars.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":946734886956,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":946734886956,"pkt":"AAAAAAAAAAAAAAAACABFAABMyRJAAEARc4x\/AAABfwAAAYyMADUAOP5Ln2wBAAABAAAAAAAAA3d3dxdhbGx5b3VyYmEEBQZhcmViZWxvbmd0bwJjbgAAAQAB"}
00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dns-invalid-chars.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946734886956,"flow_last_seen":946734886956,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":946734886956,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":35980,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"www.allyourba???arebelongto.cn","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dns-invalid-chars.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946734886956,"flow_last_seen":946734886956,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"midstream":0,"thread_ts_msec":946734886956,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":35980,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"www.allyourba???arebelongto.cn","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dns-invalid-chars.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":946734886957,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_msec":946734886957,"pkt":"AAAAAAAAAAAAAAAACABFAABcAABAAEARPI9\/AAABfwAAAQA1jIwASP5bn2yBgAABAAEAAAAAA3d3dxdhbGx5b3VyYmFzZXNhcmUBAgNvbmd0bwJjbgAAAQABwAwAAQABAAAAPAAEE7mN8Q=="}
00797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"dns-invalid-chars.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946734886956,"flow_last_seen":946734886957,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":946734886957,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":35980,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"www.allyourbasesare???ongto.cn","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"19.185.141.241"}}
00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"dns-invalid-chars.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946734886956,"flow_last_seen":946734886957,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":946734886957,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":35980,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00803{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"dns-invalid-chars.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946734886956,"flow_last_seen":946734886957,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":112,"midstream":0,"thread_ts_msec":946734886957,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":35980,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"www.allyourbasesare???ongto.cn","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"19.185.141.241"}}
00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"dns-invalid-chars.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946734886956,"flow_last_seen":946734886957,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":112,"midstream":0,"thread_ts_msec":946734886957,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":35980,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00560{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"dns-invalid-chars.pcap","alias":"nDPId-test","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":112,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":946734886957}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 2/2
@@ -15,10 +15,10 @@
~~ total active/idle flows...: 1/1
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6003135 bytes
~~ total memory freed........: 6003135 bytes
~~ total memory allocated....: 6003143 bytes
~~ total memory freed........: 6003143 bytes
~~ total allocations/frees...: 120878/120878
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 473 chars
~~ json string max len.......: 802 chars
~~ json string avg len.......: 631 chars
~~ json string max len.......: 808 chars
~~ json string avg len.......: 634 chars

16
test/results/dns-tunnel-iodine.pcap.out
View File

@@ -1,12 +1,12 @@
00468{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00557{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1282356640051}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1282356640051,"flow_last_seen":1282356640051,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1282356640051,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1282356640051,"flow_last_seen":1282356640051,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"midstream":0,"thread_ts_msec":1282356640051,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1282356640051,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1282356640051,"pkt":"CAAnx266CAAnnOC0CABFAABEAABAAEARIngKAAIeCgACFK5fADUAMAHkErABAAABAAAAAAAAC3ZhYWFha2FyZGxpBnBpcmF0ZQNzZWEAAAoAAQ=="}
00777{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1282356640051,"flow_last_seen":1282356640051,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1282356640051,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vaaaakardli.pirate.sea","num_queries":0,"num_answers":0,"reply_code":0,"query_type":10,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1282356640051,"flow_last_seen":1282356640051,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"midstream":0,"thread_ts_msec":1282356640051,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vaaaakardli.pirate.sea","num_queries":0,"num_answers":0,"reply_code":0,"query_type":10,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1282356640051,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_msec":1282356640051,"pkt":"CAAnnOC0CAAnx266CABFAABZAABAAEARImMKAAIUCgACHgA1rl8ARRoeErCEAAABAAEAAAAAC3ZhYWFha2FyZGxpBnBpcmF0ZQNzZWEAAAoAAcAMAAoAAQAAAAAACVZBQ0tEA8XpAQ=="}
00914{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1282356640051,"flow_last_seen":1282356640051,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":101,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1282356640051,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"23": {"risk":"Suspicious DNS Traffic","severity":"High","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vaaaakardli.pirate.sea","num_queries":1,"num_answers":1,"reply_code":0,"query_type":10,"rsp_type":10,"rsp_addr":"0.0.0.0"}}
00920{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1282356640051,"flow_last_seen":1282356640051,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":101,"midstream":0,"thread_ts_msec":1282356640051,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"23": {"risk":"Suspicious DNS Traffic","severity":"High","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vaaaakardli.pirate.sea","num_queries":1,"num_answers":1,"reply_code":0,"query_type":10,"rsp_type":10,"rsp_addr":"0.0.0.0"}}
00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1282356640051,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_msec":1282356640051,"pkt":"CAAnx266CAAnnOC0CABFAABZAABAAEARImMKAAIeCgACFK5fADUARcobMN8BAAABAAAAAAAAIGxhZWdwdW1pcGxoaHB6MTJ5bmQxZWZsandsa2pjZ3d5BnBpcmF0ZQNzZWEAAAoAAQ=="}
00814{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":438,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":434,"flow_first_seen":1282356640051,"flow_last_seen":1282356664538,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":1470,"flow_tot_l4_payload_len":52024,"flow_avg_l4_payload_len":119,"midstream":0,"thread_ts_msec":1282356664538,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"23": {"risk":"Suspicious DNS Traffic","severity":"High","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00821{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":438,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":222,"flow_dst_packets_processed":212,"flow_first_seen":1282356640051,"flow_last_seen":1282356664538,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":1470,"flow_tot_l4_payload_len":52024,"midstream":0,"thread_ts_msec":1282356664538,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"23": {"risk":"Suspicious DNS Traffic","severity":"High","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00570{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":438,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","packets-captured":438,"packets-processed":434,"total-skipped-flows":0,"total-l4-payload-len":52024,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_msec":1282356664538}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 438/434
@@ -16,10 +16,10 @@
~~ total active/idle flows...: 1/1
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6015688 bytes
~~ total memory freed........: 6015688 bytes
~~ total memory allocated....: 6015696 bytes
~~ total memory freed........: 6015696 bytes
~~ total allocations/frees...: 121311/121311
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 473 chars
~~ json string max len.......: 919 chars
~~ json string avg len.......: 689 chars
~~ json string max len.......: 925 chars
~~ json string avg len.......: 692 chars

84
test/results/dns_ambiguous_names.pcap.out
View File

@@ -1,65 +1,65 @@
00470{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00559{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1625744123717}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625744123717,"flow_last_seen":1625744123717,"flow_idle_time":200000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1625744123717,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":48375,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625744123717,"flow_last_seen":1625744123717,"flow_idle_time":200000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":54,"midstream":0,"thread_ts_msec":1625744123717,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":48375,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1625744123717,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_msec":1625744123717,"pkt":"ABshv2HAVASmitEsCABFAABS3sIAAEARfvYKyAILCAgICLz3ADUAPh0yZjEBIAABAAAAAAABCjQxLWNvdXJpZXIEcHVzaAVhcHBsZQNjb20AAAEAAQAAKRAAAAAAAAAA"}
00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625744123717,"flow_last_seen":1625744123717,"flow_idle_time":200000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1625744123717,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":48375,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"41-courier.push.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00795{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625744123717,"flow_last_seen":1625744123717,"flow_idle_time":200000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":54,"midstream":0,"thread_ts_msec":1625744123717,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":48375,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"41-courier.push.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00814{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1625744123759,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":318,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":318,"pkt_l4_len":284,"thread_ts_msec":1625744123759,"pkt":"VASmitEsEL9IThY0CABFAAEwD4cAADwRUVQICAgICsgCCwA1vPcBHJeKZjGBgAABAAoAAAABCjQxLWNvdXJpZXIEcHVzaAVhcHBsZQNjb20AAAEAAcAMAAUAAQAAJNcAJgI0MRJjb3VyaWVyLXB1c2gtYXBwbGUDY29tBmFrYWRucwNuZXQAwDcABQABAAAAOwAgEmV1LW5vcnRoLWNvdXJpZXItNApwdXNoLWFwcGxlwE3AaQABAAEAAAARAAQROZKLwGkAAQABAAAAEQAEETmSisBpAAEAAQAAABEABBE5kofAaQABAAEAAAARAAQROZKIwGkAAQABAAAAEQAEETmSicBpAAEAAQAAABEABBE5koTAaQABAAEAAAARAAQROZKGwGkAAQABAAAAEQAEETmShQAAKQIAAAAAAAAA"}
00807{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1625744123717,"flow_last_seen":1625744123759,"flow_idle_time":200000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":276,"flow_tot_l4_payload_len":330,"flow_avg_l4_payload_len":165,"midstream":0,"thread_ts_msec":1625744123759,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":48375,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"41-courier.push.apple.com","num_queries":1,"num_answers":11,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.57.146.139"}}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625744123764,"flow_last_seen":1625744123764,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1625744123764,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":57290,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00812{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625744123717,"flow_last_seen":1625744123759,"flow_idle_time":200000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":276,"flow_tot_l4_payload_len":330,"midstream":0,"thread_ts_msec":1625744123759,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":48375,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"41-courier.push.apple.com","num_queries":1,"num_answers":11,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.57.146.139"}}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625744123764,"flow_last_seen":1625744123764,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"midstream":0,"thread_ts_msec":1625744123764,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":57290,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1625744123764,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1625744123764,"pkt":"ABshv2HAVASmitEsCABFAABI3soAAEARfvgKyAILCAgICN\/KADUANB0owxkBIAABAAAAAAABBXRlYW1zBXNreXBlA2NvbQAAAQABAAApEAAAAAAAAAA="}
00777{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625744123764,"flow_last_seen":1625744123764,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1625744123764,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":57290,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"teams.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625744123764,"flow_last_seen":1625744123764,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"midstream":0,"thread_ts_msec":1625744123764,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":57290,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"teams.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1625744123792,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":135,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":135,"pkt_l4_len":101,"thread_ts_msec":1625744123792,"pkt":"VASmitEsEL9IThY0CABFAAB5Cy0AADwRVmUICAgICsgCCwA138oAZUD8wxmBgAABAAIAAAABBXRlYW1zBXNreXBlA2NvbQAAAQABwAwABQABAAAIAwAVBnMtMDAwMQhzLW1zZWRnZQNuZXQAwC0AAQABAAAAqAAEDWsDgAAAKQIAAAAAAAAA"}
00791{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1625744123764,"flow_last_seen":1625744123792,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1625744123792,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":57290,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"teams.skype.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"13.107.3.128"}}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625744123796,"flow_last_seen":1625744123796,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1625744123796,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":57051,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625744123764,"flow_last_seen":1625744123792,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":137,"midstream":0,"thread_ts_msec":1625744123792,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":57290,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"teams.skype.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"13.107.3.128"}}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625744123796,"flow_last_seen":1625744123796,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"midstream":0,"thread_ts_msec":1625744123796,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":57051,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1625744123796,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1625744123796,"pkt":"ABshv2HAVASmitEsCABFAABM3uAAAEARft4KyAILCAgICN7bADUAOB0s27sBIAABAAAAAAABA2FwaQV0ZWFtcwVza3lwZQNjb20AAAEAAQAAKRAAAAAAAAAA"}
00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625744123796,"flow_last_seen":1625744123796,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1625744123796,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":57051,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"api.teams.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625744123796,"flow_last_seen":1625744123796,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"midstream":0,"thread_ts_msec":1625744123796,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":57051,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"api.teams.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1625744123823,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"thread_ts_msec":1625744123823,"pkt":"VASmitEsEL9IThY0CABFAADPnR4AADwRxB0ICAgICsgCCwA13tsAu9ue27uBgAABAAQAAAABA2FwaQV0ZWFtcwVza3lwZQNjb20AAAEAAcAMAAUAAQAADJMAHgl0ZWFtcy1hZmQOdHJhZmZpY21hbmFnZXIDbmV0AMAxAAUAAQAAAOwALxx0ZWFtcy1hZmQtdHJhZmZpY21hbmFnZXItbmV0BnMtMDAwNAhzLW1zZWRnZcBKwFsABQABAAAAjQACwHjAeAABAAEAAACNAAQ0ccKDAAApAgAAAAAAAAA="}
00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1625744123796,"flow_last_seen":1625744123823,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":113,"midstream":0,"thread_ts_msec":1625744123823,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":57051,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"api.teams.skype.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.113.194.131"}}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625744123828,"flow_last_seen":1625744123828,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1625744123828,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":46134,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00804{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625744123796,"flow_last_seen":1625744123823,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":227,"midstream":0,"thread_ts_msec":1625744123823,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":57051,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"api.teams.skype.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.113.194.131"}}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625744123828,"flow_last_seen":1625744123828,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"midstream":0,"thread_ts_msec":1625744123828,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":46134,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1625744123828,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1625744123828,"pkt":"ABshv2HAVASmitEsCABFAABO3ucAAEARftUKyAILCAgICLQ2ADUAOh0u7g0BIAABAAAAAAABCmFsdDItbXRhbGsGZ29vZ2xlA2NvbQAAAQABAAApEAAAAAAAAAA="}
00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625744123828,"flow_last_seen":1625744123828,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1625744123828,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":46134,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"alt2-mtalk.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00794{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625744123828,"flow_last_seen":1625744123828,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"midstream":0,"thread_ts_msec":1625744123828,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":46134,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"alt2-mtalk.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1625744123853,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"thread_ts_msec":1625744123853,"pkt":"VASmitEsEL9IThY0CABFAACB5h8AADwRe2oICAgICsgCCwA1tDYAbSCd7g2BgAABAAIAAAABCmFsdDItbXRhbGsGZ29vZ2xlA2NvbQAAAQABwAwABQABAABUXwAXBGFsdDINbW9iaWxlLWd0YWxrNAFswBfAMwABAAEAAAErAAStwsq8AAApAgAAAAAAAAA="}
00806{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1625744123828,"flow_last_seen":1625744123853,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":151,"flow_avg_l4_payload_len":75,"midstream":0,"thread_ts_msec":1625744123853,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":46134,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"alt2-mtalk.google.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"173.194.202.188"}}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625744123858,"flow_last_seen":1625744123858,"flow_idle_time":200000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1625744123858,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":57632,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00812{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625744123828,"flow_last_seen":1625744123853,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":151,"midstream":0,"thread_ts_msec":1625744123853,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":46134,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"alt2-mtalk.google.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"173.194.202.188"}}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625744123858,"flow_last_seen":1625744123858,"flow_idle_time":200000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"midstream":0,"thread_ts_msec":1625744123858,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":57632,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1625744123858,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_msec":1625744123858,"pkt":"ABshv2HAVASmitEsCABFAABT3wQAAEARfrMKyAILCAgICOEgADUAPx0zyVMBIAABAAAAAAABB2FuZHJvaWQHY2xpZW50cwZnb29nbGUDY29tAAABAAEAACkQAAAAAAAAAA=="}
00793{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625744123858,"flow_last_seen":1625744123858,"flow_idle_time":200000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1625744123858,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":57632,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"dns": {"query":"android.clients.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00799{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625744123858,"flow_last_seen":1625744123858,"flow_idle_time":200000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"midstream":0,"thread_ts_msec":1625744123858,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":57632,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"dns": {"query":"android.clients.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00896{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1625744123885,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":377,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":377,"pkt_l4_len":343,"thread_ts_msec":1625744123885,"pkt":"VASmitEsEL9IThY0CABFAAFrZGIAADwR\/D0ICAgICsgCCwA14SABV21MyVOBgAABABEAAAABB2FuZHJvaWQHY2xpZW50cwZnb29nbGUDY29tAAABAAHADAAFAAEAAAECAAwHYW5kcm9pZAFswBzAOAABAAEAAAECAARssQ5lwDgAAQABAAABAgAEbLEOccA4AAEAAQAAAQIABEp9g2XAOAABAAEAAAECAARKfYNxwDgAAQABAAABAgAESn2DZsA4AAEAAQAAAQIABEp9g2TAOAABAAEAAAECAARKfYOKwDgAAQABAAABAgAESn2Di8A4AAEAAQAAAQIABEp9zWXAOAABAAEAAAECAARKfc2LwDgAAQABAAABAgAESn3NZMA4AAEAAQAAAQIABEDpoWbAOAABAAEAAAECAARA6aFlwDgAAQABAAABAgAEQOmhisA4AAEAAQAAAQIABEDppIrAOAABAAEAAAECAARA6aRkAAApAgAAAAAAAAA="}
00813{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1625744123858,"flow_last_seen":1625744123885,"flow_idle_time":200000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":335,"flow_tot_l4_payload_len":390,"flow_avg_l4_payload_len":195,"midstream":0,"thread_ts_msec":1625744123885,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":57632,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"dns": {"query":"android.clients.google.com","num_queries":1,"num_answers":18,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"108.177.14.101"}}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625744123890,"flow_last_seen":1625744123890,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1625744123890,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":42790,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00818{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625744123858,"flow_last_seen":1625744123885,"flow_idle_time":200000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":335,"flow_tot_l4_payload_len":390,"midstream":0,"thread_ts_msec":1625744123885,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":57632,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"dns": {"query":"android.clients.google.com","num_queries":1,"num_answers":18,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"108.177.14.101"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625744123890,"flow_last_seen":1625744123890,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"midstream":0,"thread_ts_msec":1625744123890,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":42790,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1625744123890,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1625744123890,"pkt":"ABshv2HAVASmitEsCABFAABO3wwAAEARfrAKyAILCAgICKcmADUAOh0utWIBIAABAAAAAAABASoFdGVhbXMJbWljcm9zb2Z0A2NvbQAAAQABAAApEAAAAAAAAAA="}
00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625744123890,"flow_last_seen":1625744123890,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1625744123890,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":42790,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"_.teams.microsoft.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625744123890,"flow_last_seen":1625744123890,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"midstream":0,"thread_ts_msec":1625744123890,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":42790,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"_.teams.microsoft.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00615{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1625744123973,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_msec":1625744123973,"pkt":"VASmitEsEL9IThY0CABFAACY7gkAADwRc2kICAgICsgCCwA1pyYAhI+OtWKBgwABAAAAAQABASoFdGVhbXMJbWljcm9zb2Z0A2NvbQAAAQABwBQABgABAAABKwA+B25zMS0yMDUJYXp1cmUtZG5zwB4TYXp1cmVkbnMtaG9zdG1hc3RlcsAUAAAAAQAADhAAAAEsACTqAAAAASwAACkCAAAAAAAAAA=="}
00794{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1625744123890,"flow_last_seen":1625744123973,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":87,"midstream":0,"thread_ts_msec":1625744123973,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":42790,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"_.teams.microsoft.com","num_queries":1,"num_answers":2,"reply_code":3,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625744123977,"flow_last_seen":1625744123977,"flow_idle_time":200000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1625744123977,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":44198,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00800{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625744123890,"flow_last_seen":1625744123973,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":174,"midstream":0,"thread_ts_msec":1625744123973,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":42790,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"_.teams.microsoft.com","num_queries":1,"num_answers":2,"reply_code":3,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625744123977,"flow_last_seen":1625744123977,"flow_idle_time":200000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":54,"midstream":0,"thread_ts_msec":1625744123977,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":44198,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1625744123977,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_msec":1625744123977,"pkt":"ABshv2HAVASmitEsCABFAABS3y4AAEARfooKyAILCAgICKymADUAPh0yDWEBIAABAAAAAAABDHdpZGUteW91dHViZQFsBmdvb2dsZQNjb20AAAEAAQAAKRAAAAAAAAAA"}
00785{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625744123977,"flow_last_seen":1625744123977,"flow_idle_time":200000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1625744123977,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":44198,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"wide-youtube.l.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625744123977,"flow_last_seen":1625744123977,"flow_idle_time":200000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":54,"midstream":0,"thread_ts_msec":1625744123977,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":44198,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"wide-youtube.l.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1625744124006,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"thread_ts_msec":1625744124006,"pkt":"VASmitEsEL9IThY0CABFAABiUocAADwRDyIICAgICsgCCwA1rKYATu57DWGBgAABAAEAAAABDHdpZGUteW91dHViZQFsBmdvb2dsZQNjb20AAAEAAcAMAAEAAQAAASsABEDppMYAACkCAAAAAAAAAA=="}
00801{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":14,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1625744123977,"flow_last_seen":1625744124006,"flow_idle_time":200000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":124,"flow_avg_l4_payload_len":62,"midstream":0,"thread_ts_msec":1625744124006,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":44198,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"wide-youtube.l.google.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"64.233.164.198"}}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625744124010,"flow_last_seen":1625744124010,"flow_idle_time":200000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1625744124010,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":52541,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00807{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":14,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625744123977,"flow_last_seen":1625744124006,"flow_idle_time":200000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":124,"midstream":0,"thread_ts_msec":1625744124006,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":44198,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"wide-youtube.l.google.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"64.233.164.198"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625744124010,"flow_last_seen":1625744124010,"flow_idle_time":200000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"midstream":0,"thread_ts_msec":1625744124010,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":52541,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1625744124010,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_msec":1625744124010,"pkt":"ABshv2HAVASmitEsCABFAABK30QAAEARfnwKyAILCAgICM09ADUANh0qX5cBIAABAAAAAAABB2d1enpvbmkFYXBwbGUDY29tAAABAAEAACkQAAAAAAAAAA=="}
00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625744124010,"flow_last_seen":1625744124010,"flow_idle_time":200000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1625744124010,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":52541,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AppleSiri","breed":"Acceptable","category":"VirtAssistant"},"dns": {"query":"guzzoni.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00796{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625744124010,"flow_last_seen":1625744124010,"flow_idle_time":200000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"midstream":0,"thread_ts_msec":1625744124010,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":52541,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AppleSiri","breed":"Acceptable","category":"VirtAssistant"},"dns": {"query":"guzzoni.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1625744124069,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_msec":1625744124069,"pkt":"VASmitEsEL9IThY0CABFAACEUooAADwRDv0ICAgICsgCCwA1zT0AcK3sX5eBgAABAAIAAAABB2d1enpvbmkFYXBwbGUDY29tAAABAAHADAAFAAEAAAK5AB4RZ3V6em9uaS1hcHBsZS1jb20BdgdhYXBsaW1nwBrALwABAAEAAAErAAQRghUFAAApAgAAAAAAAAA="}
00804{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1625744124010,"flow_last_seen":1625744124069,"flow_idle_time":200000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":75,"midstream":0,"thread_ts_msec":1625744124069,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":52541,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AppleSiri","breed":"Acceptable","category":"VirtAssistant"},"dns": {"query":"guzzoni.apple.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.130.21.5"}}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625744124073,"flow_last_seen":1625744124073,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1625744124073,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":53951,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00810{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625744124010,"flow_last_seen":1625744124069,"flow_idle_time":200000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":150,"midstream":0,"thread_ts_msec":1625744124069,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":52541,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AppleSiri","breed":"Acceptable","category":"VirtAssistant"},"dns": {"query":"guzzoni.apple.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.130.21.5"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625744124073,"flow_last_seen":1625744124073,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"midstream":0,"thread_ts_msec":1625744124073,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":53951,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1625744124073,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1625744124073,"pkt":"ABshv2HAVASmitEsCABFAABM31QAAEARfmoKyAILCAgICNK\/ADUAOB0sVeABIAABAAAAAAABBXNob3J0BndlaXhpbgJxcQNjb20AAAEAAQAAKRAAAAAAAAAA"}
00769{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625744124073,"flow_last_seen":1625744124073,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1625744124073,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":53951,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.QQ","breed":"Fun","category":"Chat"},"dns": {"query":"short.weixin.qq.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00775{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625744124073,"flow_last_seen":1625744124073,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"midstream":0,"thread_ts_msec":1625744124073,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":53951,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.QQ","breed":"Fun","category":"Chat"},"dns": {"query":"short.weixin.qq.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1625744124417,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":122,"pkt_l4_len":88,"thread_ts_msec":1625744124417,"pkt":"VASmitEsEL9IThY0CABFAABsvHUAADwRpSkICAgICsgCCwA10r8AWILaVeCBgAABAAIAAAABBXNob3J0BndlaXhpbgJxcQNjb20AAAEAAcAMAAEAAQAAAlcABMvN\/k3ADAABAAEAAAJXAATLzf7cAAApAgAAAAAAAAA="}
00785{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1625744124073,"flow_last_seen":1625744124417,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1625744124417,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":53951,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.QQ","breed":"Fun","category":"Chat"},"dns": {"query":"short.weixin.qq.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"203.205.254.77"}}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625744124422,"flow_last_seen":1625744124422,"flow_idle_time":200000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1625744124422,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":44883,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00791{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625744124073,"flow_last_seen":1625744124417,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":128,"midstream":0,"thread_ts_msec":1625744124417,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":53951,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.QQ","breed":"Fun","category":"Chat"},"dns": {"query":"short.weixin.qq.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"203.205.254.77"}}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625744124422,"flow_last_seen":1625744124422,"flow_idle_time":200000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":60,"midstream":0,"thread_ts_msec":1625744124422,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":44883,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1625744124422,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"thread_ts_msec":1625744124422,"pkt":"ABshv2HAVASmitEsCABFAABY4G8AAEARfUMKyAILCAgICK9TADUARB047MoBIAABAAAAAAABCWluc3RhZ3JhbQdmYWFlMS0xA2ZuYQVmYmNkbgNuZXQAAAEAAQAAKRAAAAAAAAAA"}
00798{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625744124422,"flow_last_seen":1625744124422,"flow_idle_time":200000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1625744124422,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":44883,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"instagram.faae1-1.fna.fbcdn.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00804{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625744124422,"flow_last_seen":1625744124422,"flow_idle_time":200000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":60,"midstream":0,"thread_ts_msec":1625744124422,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":44883,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"instagram.faae1-1.fna.fbcdn.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1625744124461,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_msec":1625744124461,"pkt":"VASmitEsEL9IThY0CABFAABo+pEAADwRZxEICAgICsgCCwA1r1MAVN6x7MqBgAABAAEAAAABCWluc3RhZ3JhbQdmYWFlMS0xA2ZuYQVmYmNkbgNuZXQAAAEAAcAMAAEAAQAAADsABCncnmAAACkCAAAAAAAAAA=="}
00813{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":20,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1625744124422,"flow_last_seen":1625744124461,"flow_idle_time":200000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1625744124461,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":44883,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"instagram.faae1-1.fna.fbcdn.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"41.220.158.96"}}
00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625744123764,"flow_last_seen":1625744123792,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1625744124461,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":57290,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"}}
00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625744123858,"flow_last_seen":1625744123885,"flow_idle_time":200000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":335,"flow_tot_l4_payload_len":390,"flow_avg_l4_payload_len":195,"midstream":0,"thread_ts_msec":1625744124461,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":57632,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.PlayStore","breed":"Safe","category":"SoftwareUpdate"}}
00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625744124073,"flow_last_seen":1625744124417,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1625744124461,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":53951,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.QQ","breed":"Fun","category":"Chat"}}
00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625744123828,"flow_last_seen":1625744123853,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":151,"flow_avg_l4_payload_len":75,"midstream":0,"thread_ts_msec":1625744124461,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":46134,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"}}
00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625744123977,"flow_last_seen":1625744124006,"flow_idle_time":200000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":124,"flow_avg_l4_payload_len":62,"midstream":0,"thread_ts_msec":1625744124461,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":44198,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}}
00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625744123717,"flow_last_seen":1625744123759,"flow_idle_time":200000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":276,"flow_tot_l4_payload_len":330,"flow_avg_l4_payload_len":165,"midstream":0,"thread_ts_msec":1625744124461,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":48375,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"}}
00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625744124010,"flow_last_seen":1625744124069,"flow_idle_time":200000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":75,"midstream":0,"thread_ts_msec":1625744124461,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":52541,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AppleSiri","breed":"Acceptable","category":"VirtAssistant"}}
00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625744123796,"flow_last_seen":1625744123823,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":113,"midstream":0,"thread_ts_msec":1625744124461,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":57051,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"}}
00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625744123890,"flow_last_seen":1625744123973,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":87,"midstream":0,"thread_ts_msec":1625744124461,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":42790,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"}}
00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625744124422,"flow_last_seen":1625744124461,"flow_idle_time":200000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1625744124461,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":44883,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"}}
00819{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":20,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625744124422,"flow_last_seen":1625744124461,"flow_idle_time":200000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":136,"midstream":0,"thread_ts_msec":1625744124461,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":44883,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"instagram.faae1-1.fna.fbcdn.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"41.220.158.96"}}
00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625744123764,"flow_last_seen":1625744123792,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":137,"midstream":0,"thread_ts_msec":1625744124461,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":57290,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"}}
00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625744123858,"flow_last_seen":1625744123885,"flow_idle_time":200000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":335,"flow_tot_l4_payload_len":390,"midstream":0,"thread_ts_msec":1625744124461,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":57632,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.PlayStore","breed":"Safe","category":"SoftwareUpdate"}}
00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625744124073,"flow_last_seen":1625744124417,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":128,"midstream":0,"thread_ts_msec":1625744124461,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":53951,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.QQ","breed":"Fun","category":"Chat"}}
00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625744123828,"flow_last_seen":1625744123853,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":151,"midstream":0,"thread_ts_msec":1625744124461,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":46134,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"}}
00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625744123977,"flow_last_seen":1625744124006,"flow_idle_time":200000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":124,"midstream":0,"thread_ts_msec":1625744124461,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":44198,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}}
00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625744123717,"flow_last_seen":1625744123759,"flow_idle_time":200000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":276,"flow_tot_l4_payload_len":330,"midstream":0,"thread_ts_msec":1625744124461,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":48375,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"}}
00704{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625744124010,"flow_last_seen":1625744124069,"flow_idle_time":200000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":150,"midstream":0,"thread_ts_msec":1625744124461,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":52541,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AppleSiri","breed":"Acceptable","category":"VirtAssistant"}}
00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625744123796,"flow_last_seen":1625744123823,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":227,"midstream":0,"thread_ts_msec":1625744124461,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":57051,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"}}
00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625744123890,"flow_last_seen":1625744123973,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":174,"midstream":0,"thread_ts_msec":1625744124461,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":42790,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"}}
00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625744124422,"flow_last_seen":1625744124461,"flow_idle_time":200000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":136,"midstream":0,"thread_ts_msec":1625744124461,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":44883,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"}}
00572{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":1947,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":10,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":63,"global_ts_msec":1625744124461}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 20/20
@@ -69,8 +69,8 @@
~~ total active/idle flows...: 10/10
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6013214 bytes
~~ total memory freed........: 6013214 bytes
~~ total memory allocated....: 6013294 bytes
~~ total memory freed........: 6013294 bytes
~~ total allocations/frees...: 120933/120933
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 475 chars

16
test/results/dns_doh.pcap.out
View File

@@ -1,12 +1,12 @@
00458{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dns_doh.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00547{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dns_doh.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1571089200789}
00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1571089200789,"flow_last_seen":1571089200789,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1571089200789,"l3_proto":"ip4","src_ip":"172.20.10.4","dst_ip":"104.16.248.249","src_port":49877,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1571089200789,"flow_last_seen":1571089200789,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1571089200789,"l3_proto":"ip4","src_ip":"172.20.10.4","dst_ip":"104.16.248.249","src_port":49877,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1571089200789,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1571089200789,"pkt":"WkBO7NFkeDHBvV4kCABFAABAAABAAEAGI5asFAoEaBD4+cLVAbuk7FgiAAAAALAC\/\/+OlwAAAgQFtAEDAwYBAQgKHZWyDQAAAAAEAgAA"}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1571089200876,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1571089200876,"pkt":"eDHBvV4kWkBO7NFkCABFAAA0AAAAADAGc6JoEPj5rBQKBAG7wtXKYdwupOxYI4ASchB+OgAAAgQFFAEBBAIBAwMK"}
00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1571089200876,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1571089200876,"pkt":"WkBO7NFkeDHBvV4kCABFAAAoAABAAEAGI66sFAoEaBD4+cLVAbuk7FgjymHcL1AQEAAggAAA"}
00912{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1571089200789,"flow_last_seen":1571089200878,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1571089200878,"l3_proto":"ip4","src_ip":"172.20.10.4","dst_ip":"104.16.248.249","src_port":49877,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mozilla.cloudflare-dns.com","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00953{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1571089200789,"flow_last_seen":1571089200968,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1300,"flow_tot_l4_payload_len":1817,"flow_avg_l4_payload_len":302,"midstream":0,"thread_ts_msec":1571089200968,"l3_proto":"ip4","src_ip":"172.20.10.4","dst_ip":"104.16.248.249","src_port":49877,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"mozilla.cloudflare-dns.com","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":142,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":142,"flow_first_seen":1571089200789,"flow_last_seen":1571089204031,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1300,"flow_tot_l4_payload_len":12658,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1571089204031,"l3_proto":"ip4","src_ip":"172.20.10.4","dst_ip":"104.16.248.249","src_port":49877,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00917{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1571089200789,"flow_last_seen":1571089200878,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"midstream":0,"thread_ts_msec":1571089200878,"l3_proto":"ip4","src_ip":"172.20.10.4","dst_ip":"104.16.248.249","src_port":49877,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mozilla.cloudflare-dns.com","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00958{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1571089200789,"flow_last_seen":1571089200968,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1300,"flow_tot_l4_payload_len":1817,"midstream":0,"thread_ts_msec":1571089200968,"l3_proto":"ip4","src_ip":"172.20.10.4","dst_ip":"104.16.248.249","src_port":49877,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"mozilla.cloudflare-dns.com","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":142,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":86,"flow_dst_packets_processed":56,"flow_first_seen":1571089200789,"flow_last_seen":1571089204031,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1300,"flow_tot_l4_payload_len":12658,"midstream":0,"thread_ts_msec":1571089204031,"l3_proto":"ip4","src_ip":"172.20.10.4","dst_ip":"104.16.248.249","src_port":49877,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00560{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":142,"source":"dns_doh.pcap","alias":"nDPId-test","packets-captured":142,"packets-processed":142,"total-skipped-flows":0,"total-l4-payload-len":12658,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_msec":1571089204031}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 142/142
@@ -16,10 +16,10 @@
~~ total active/idle flows...: 1/1
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6009285 bytes
~~ total memory freed........: 6009285 bytes
~~ total memory allocated....: 6009293 bytes
~~ total memory freed........: 6009293 bytes
~~ total allocations/frees...: 121021/121021
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 453 chars
~~ json string max len.......: 958 chars
~~ json string avg len.......: 691 chars
~~ json string max len.......: 963 chars
~~ json string avg len.......: 694 chars

16
test/results/dns_dot.pcap.out
View File

@@ -1,12 +1,12 @@
00458{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dns_dot.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00547{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dns_dot.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1572783663234}
00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1572783663234,"flow_last_seen":1572783663234,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1572783663234,"l3_proto":"ip4","src_ip":"192.168.1.185","dst_ip":"8.8.8.8","src_port":58290,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1572783663234,"flow_last_seen":1572783663234,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1572783663234,"l3_proto":"ip4","src_ip":"192.168.1.185","dst_ip":"8.8.8.8","src_port":58290,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1572783663234,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1572783663234,"pkt":"uCfrK5DxCAAnjau+CABFAAA8w6dAAEAGpKPAqAG5CAgICOOyA1VVRPv3AAAAAKAC+vDSnwAAAgQFtAQCCAoqL5UTAAAAAAEDAwc="}
00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1572783663269,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1572783663269,"pkt":"CAAnjau+uCfrK5DxCABFAAA8cqUAAHcG\/qUICAgIwKgBuQNV47LuO0vYVUT7+KAS6yDKxQAAAgQFZAQCCAqOOwAQKi+VEwEDAwg="}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1572783663269,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1572783663269,"pkt":"uCfrK5DxCAAnjau+CABFAAA0w6hAAEAGpKrAqAG5CAgICOOyA1VVRPv47jtL2YAQAfbSlwAAAQEICiovlTaOOwAQ"}
01168{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1572783663234,"flow_last_seen":1572783663269,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":198,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1572783663269,"l3_proto":"ip4","src_ip":"192.168.1.185","dst_ip":"8.8.8.8","src_port":58290,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"4fa5e77b91a47e7cdcf5a5e6d25f8449","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01630{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1572783663234,"flow_last_seen":1572783663319,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3069,"flow_tot_l4_payload_len":3267,"flow_avg_l4_payload_len":544,"midstream":0,"thread_ts_msec":1572783663319,"l3_proto":"ip4","src_ip":"192.168.1.185","dst_ip":"8.8.8.8","src_port":58290,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","server_names":"dns.google,*.dns.google.com,8888.google,dns.google.com,dns64.dns.google,2001:4860:4860::64,2001:4860:4860::6464,2001:4860:4860::8844,2001:4860:4860::8888,8.8.4.4,8.8.8.8","ja3":"4fa5e77b91a47e7cdcf5a5e6d25f8449","ja3s":"2b341b88c742e940cfb485ce7d93dde7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=dns.google","fingerprint":"BE:73:46:2A:2E:FB:A9:E9:42:D0:71:10:1B:8C:BF:44:6A:5D:AD:53"}}
01043{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1572783663234,"flow_last_seen":1572783666246,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3069,"flow_tot_l4_payload_len":4269,"flow_avg_l4_payload_len":177,"midstream":0,"thread_ts_msec":1572783666246,"l3_proto":"ip4","src_ip":"192.168.1.185","dst_ip":"8.8.8.8","src_port":58290,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
01174{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1572783663234,"flow_last_seen":1572783663269,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":198,"flow_tot_l4_payload_len":198,"midstream":0,"thread_ts_msec":1572783663269,"l3_proto":"ip4","src_ip":"192.168.1.185","dst_ip":"8.8.8.8","src_port":58290,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"4fa5e77b91a47e7cdcf5a5e6d25f8449","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01635{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1572783663234,"flow_last_seen":1572783663319,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3069,"flow_tot_l4_payload_len":3267,"midstream":0,"thread_ts_msec":1572783663319,"l3_proto":"ip4","src_ip":"192.168.1.185","dst_ip":"8.8.8.8","src_port":58290,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","server_names":"dns.google,*.dns.google.com,8888.google,dns.google.com,dns64.dns.google,2001:4860:4860::64,2001:4860:4860::6464,2001:4860:4860::8844,2001:4860:4860::8888,8.8.4.4,8.8.8.8","ja3":"4fa5e77b91a47e7cdcf5a5e6d25f8449","ja3s":"2b341b88c742e940cfb485ce7d93dde7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=dns.google","fingerprint":"BE:73:46:2A:2E:FB:A9:E9:42:D0:71:10:1B:8C:BF:44:6A:5D:AD:53"}}
01049{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":10,"flow_first_seen":1572783663234,"flow_last_seen":1572783666246,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3069,"flow_tot_l4_payload_len":4269,"midstream":0,"thread_ts_msec":1572783666246,"l3_proto":"ip4","src_ip":"192.168.1.185","dst_ip":"8.8.8.8","src_port":58290,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00556{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":24,"source":"dns_dot.pcap","alias":"nDPId-test","packets-captured":24,"packets-processed":24,"total-skipped-flows":0,"total-l4-payload-len":4269,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_msec":1572783666246}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 24/24
@@ -16,10 +16,10 @@
~~ total active/idle flows...: 1/1
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6010059 bytes
~~ total memory freed........: 6010059 bytes
~~ total memory allocated....: 6010067 bytes
~~ total memory freed........: 6010067 bytes
~~ total allocations/frees...: 120917/120917
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 463 chars
~~ json string max len.......: 1635 chars
~~ json string avg len.......: 1000 chars
~~ json string max len.......: 1640 chars
~~ json string avg len.......: 1002 chars

16
test/results/dns_exfiltration.pcap.out
View File

@@ -1,12 +1,12 @@
00467{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dns_exfiltration.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00556{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dns_exfiltration.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1580978146717}
00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1580978146717,"flow_last_seen":1580978146717,"flow_idle_time":200000,"flow_min_l4_payload_len":173,"flow_max_l4_payload_len":173,"flow_tot_l4_payload_len":173,"flow_avg_l4_payload_len":173,"midstream":0,"thread_ts_msec":1580978146717,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1580978146717,"flow_last_seen":1580978146717,"flow_idle_time":200000,"flow_min_l4_payload_len":173,"flow_max_l4_payload_len":173,"flow_tot_l4_payload_len":173,"midstream":0,"thread_ts_msec":1580978146717,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1580978146717,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"thread_ts_msec":1580978146717,"pkt":"qqru7hERjNzURr7ECABFAADJegRAAD8RAADAqNw4wKjLp9w1ADUAtSn4OR0BAAABAAAAAAAABmRuc2NhdDw1NDZiMDNmNTAwMDAwMDAwMDBhNjAyM2VkNGRmMTg0ZDZhYzVjMjYyOGI0NzcxNGZkZWU1ODRmZWQ3Mzk8NWEwM2I1YjFlMWFhOGY4ZmRiMWJiZThkNWUwNDk1MjE0MWY3ZDRmODJjN2UzYjA2ZGNjOGI4N2ZhZDdhGjE5ZTRkMDk4ZGM4YzYxOGY4ZDgxY2ZlYjAyAAAPAAE="}
00979{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1580978146717,"flow_last_seen":1580978146717,"flow_idle_time":200000,"flow_min_l4_payload_len":173,"flow_max_l4_payload_len":173,"flow_tot_l4_payload_len":173,"flow_avg_l4_payload_len":173,"midstream":0,"thread_ts_msec":1580978146717,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"e1aa8f8fdb1bbe8d5e04952141f7d4f82c7e3b06dcc8b87fad7a.19e4d098dc8c618f8d81cfeb02","num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00984{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1580978146717,"flow_last_seen":1580978146717,"flow_idle_time":200000,"flow_min_l4_payload_len":173,"flow_max_l4_payload_len":173,"flow_tot_l4_payload_len":173,"midstream":0,"thread_ts_msec":1580978146717,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"e1aa8f8fdb1bbe8d5e04952141f7d4f82c7e3b06dcc8b87fad7a.19e4d098dc8c618f8d81cfeb02","num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00904{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1580978146888,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":386,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":386,"pkt_l4_len":352,"thread_ts_msec":1580978146888,"pkt":"jNzURr7Eqqru7hERCABFAAF0PC1AAD8R1RrAqMunwKjcOAA13DUBYD3xOR2BgAABAAEAAAAABmRuc2NhdDw1NDZiMDNmNTAwMDAwMDAwMDBhNjAyM2VkNGRmMTg0ZDZhYzVjMjYyOGI0NzcxNGZkZWU1ODRmZWQ3Mzk8NWEwM2I1YjFlMWFhOGY4ZmRiMWJiZThkNWUwNDk1MjE0MWY3ZDRmODJjN2UzYjA2ZGNjOGI4N2ZhZDdhGjE5ZTRkMDk4ZGM4YzYxOGY4ZDgxY2ZlYjAyAAAPAAHADAAPAAEAAAA8AJ8ACgZkbnNjYXQ\/MjAxZjAzZjUwMDAwMDAwMDAwNzEzYjkyNzFmMDExZGM3NjQyM2RhYjM5MmMzMmMxOGJmYzk2YjZkMjY5NWEyPzZhOTExYzk0NDcyZjU5NDA5YTVmNTI2MDEzZTc2MDE5MzY2YTA3NzkyOWUzNDgwZmJlNmQ3YzRlZGE2ZjkwOBRmMmJjOTlhNjAxZTFhODIyMTMzNgA="}
01097{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1580978146717,"flow_last_seen":1580978146888,"flow_idle_time":200000,"flow_min_l4_payload_len":173,"flow_max_l4_payload_len":344,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":258,"midstream":0,"thread_ts_msec":1580978146888,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"e1aa8f8fdb1bbe8d5e04952141f7d4f82c7e3b06dcc8b87fad7a.19e4d098dc8c618f8d81cfeb02","num_queries":1,"num_answers":1,"reply_code":0,"query_type":15,"rsp_type":15,"rsp_addr":"0.0.0.0"}}
01102{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1580978146717,"flow_last_seen":1580978146888,"flow_idle_time":200000,"flow_min_l4_payload_len":173,"flow_max_l4_payload_len":344,"flow_tot_l4_payload_len":517,"midstream":0,"thread_ts_msec":1580978146888,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"e1aa8f8fdb1bbe8d5e04952141f7d4f82c7e3b06dcc8b87fad7a.19e4d098dc8c618f8d81cfeb02","num_queries":1,"num_answers":1,"reply_code":0,"query_type":15,"rsp_type":15,"rsp_addr":"0.0.0.0"}}
00611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1580978147753,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_msec":1580978147753,"pkt":"qqru7hERjNzURr7ECABFAACYekZAAD8RAADAqNw4wKjLp9w1ADUAhCnHfRoBAAABAAAAAAAABmRuc2NhdDw5MWYwMDNmNTAwZjYxMjIxODEwYWVhMDAwMDA0ODYzYzY5MTU4MGVjYWQ2NmY2NGFjN2RkYjg3Yjg5YzcmOTIwMDgyMWU1MjdkNGUxNzYzMjUzYzI1ZTI5N2UyYWE0MTEzZDAAAAUAAQ=="}
00936{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":300,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":300,"flow_first_seen":1580978146717,"flow_last_seen":1580978206707,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":344,"flow_tot_l4_payload_len":60945,"flow_avg_l4_payload_len":203,"midstream":0,"thread_ts_msec":1580978206707,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00943{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":300,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":150,"flow_dst_packets_processed":150,"flow_first_seen":1580978146717,"flow_last_seen":1580978206707,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":344,"flow_tot_l4_payload_len":60945,"midstream":0,"thread_ts_msec":1580978206707,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00569{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":300,"source":"dns_exfiltration.pcap","alias":"nDPId-test","packets-captured":300,"packets-processed":300,"total-skipped-flows":0,"total-l4-payload-len":60945,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_msec":1580978206707}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 300/300
@@ -16,10 +16,10 @@
~~ total active/idle flows...: 1/1
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6011891 bytes
~~ total memory freed........: 6011891 bytes
~~ total memory allocated....: 6011899 bytes
~~ total memory freed........: 6011899 bytes
~~ total allocations/frees...: 121178/121178
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 472 chars
~~ json string max len.......: 1102 chars
~~ json string avg len.......: 779 chars
~~ json string max len.......: 1107 chars
~~ json string avg len.......: 781 chars

172
test/results/dns_fragmented.pcap.out
View File

@@ -1,150 +1,150 @@
00465{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dns_fragmented.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00554{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dns_fragmented.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1558968008021}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968008021,"flow_last_seen":1558968008021,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1558968008021,"l3_proto":"ip4","src_ip":"172.217.40.76","dst_ip":"193.24.227.238","src_port":56680,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1558968008021,"flow_last_seen":1558968008021,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"midstream":0,"thread_ts_msec":1558968008021,"l3_proto":"ip4","src_ip":"172.217.40.76","dst_ip":"193.24.227.238","src_port":56680,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1558968008021,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1558968008021,"pkt":"AAwpil3XAIac51UUCABFAABE5WoAAG8R7BGs2ShMwRjj7t1oADUAMAwz1D8AEAABAAAAAAABCHdlYmVybGFiAmRlAAAwAAEAACkQAAAAgAAAAA=="}
00775{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968008021,"flow_last_seen":1558968008021,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1558968008021,"l3_proto":"ip4","src_ip":"172.217.40.76","dst_ip":"193.24.227.238","src_port":56680,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":48,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1558968008021,"flow_last_seen":1558968008021,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"midstream":0,"thread_ts_msec":1558968008021,"l3_proto":"ip4","src_ip":"172.217.40.76","dst_ip":"193.24.227.238","src_port":56680,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":48,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
02439{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1558968008021,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":1558968008021,"pkt":"AIac51UUAAwpil3XCABFAAXc0P4gAEARCebBGOPurNkoTAA13WgGrrRj1D+EEAABAAQAAAABCHdlYmVybGFiAmRlAAAwAAHADAAwAAEAAAA8AggBAQMKAwEAAd3v\/e0irXYKOwtYEB3VPe7z99qvi5le9\/y1XXyplp5y\/5xaqrm\/relG8pgx8GsNW2IgviJKAJ6UiU45ERKoH+fz2qf2SUFHFWwkweiWyLZ4EZHhowviCEx94P4OswNKXmdYHe38rlHPa+3OypW9gYfR9lhCKK3neCPq8\/aFFsTTI7dQ+Q2kERWiCMCybl4WOwsBo\/RlnPM4yufMKIlABiM5NWQPNmI6jYzAYpYoyUhd9HnnIIDlNQ89HpXQdFmysMraXYb7qDOoOEiOodttKH0y\/vtJ2SRU05RF4AEumacIUzAi5LL2cMQxC7t7rlDI4X42NRfOLAqGuOeclFjzqz3OdAJWeg\/AAnSbb02AGCkQ370TX1hWveAXt6xpPWOLgHXSLIF\/lz+wl+Dm8ZNWDnn5zEJuEj3xova1g8zmRXJOmqA6VhGqewxF8c+yKeNEOHz4X4\/RLmWHIuEbvboP00Dk5A9bhyZGVsytOJg+NwhFQtvBWLmD82FFtfSt2vmbFFNwAZOnRZWJOG9L7TFcGIm1OEULmohUyFLsBGMXDFOu1k0o6pqm495tsBuMyJNpfdQoPwOkUpsKi6jmNq6vRjvvNiJbcFylTQrqHGTGuOopuUsBbUXj\/nOr4I6j42k6GDIuTyLDkaVrdrxXmGnfNnStdqWmvHXo\/YFwdls9bcT7wAwAMAABAAAAPAEIAQADCgMBAAHQVNwo8VCsO0nmM2u3Mcqv14N851ULDM7hf1Hi2ooDrm7SR4cYS\/ptdvSMUJEyqPCUSF3Clw\/mlYs7YppfPvATwlxTT37RaXRQswUTRh4\/3GtYPxZXJOr+Wr2nwf4Rqm1imNixBim+ZLWFho\/CQdJqyhqg2VT8ongtHWFb9Nojmjr1IXZe0LYFcm0d1eoB5YaBtAcRvhm41KfjcjwpW7jDiMH5W1RgefeOj8kBkIJxjV9i9TB7pjmmAvw91J8s0GTTJqo\/ORsAzT8BHg3y6usJtQVH8ezMMHBFbjtgdGJlMoj4kn1KBk8Jtj9ZxjTIZWIo922PVb8sQqj0JytLOU69wAwALgABAAAAPAIfADAKAgAAADxdChURXOJ+MzN7CHdlYmVybGFiAmRlAB+yP4V\/njTX1ZrAUX52Q4ppNzTYQFwUb\/fZ7UyQYLNxrrstLuUEImGhNwZoGn47E0jCxJscYiApT\/lYiL2L1ySUl4RKqHIjPNuYuibs67t5ZabkYsahlYEA\/lOcM3eIQx9pu5Og7p1d2yBSUETOBiGw2mFf2+ESni6Ue4XPXEEYzAhiMRhuYOJAy8gBqoPjkRBcJfWJSQLCsK1uYySkTZfbAzgJeVM0nXd6azgG0BhRE+LeaO6rN3QVHDtfgnwRdZ0mqwEcP9Ixz7o9MUVSKZ24Kp1QfS5nvEHn5PilNALbZYZOO0cQAeV8BhlxVuALLDecEOLC8sY1mx6ozY5\/aRypyHA9HCrJT0qIHJwgtxE7ldoWyzsz32MKgZvCYMZSPOXK\/W3p61FPtD4iT4Id6xXDvyRuALL3waMUMwy3mSjXDHAdpXWaCOMfYx2IzRk4rN5TDQtUohYwaoSbystwDYKnhZGi9jS0G8FObyWhTrKCl7aTkMBaFEejCh0dfD5WJP+MDS\/TR32BG0S+GtGTl4n1Y8wgyP7nkz3\/REcevkIvpJRUImVc8A\/VPTI+9KvBSkoLPA9Za\/IpqUpgDVsKWU5bp0V0TdEryxvtwOnVXXdH0\/hJMgIgWhmZzY2\/UVoRBVGptWsAIhn5sO+UhcjvZ41p3t\/1mWp23BdUACblNtHcw2MALgABAAAAPAEfADAKAgAAADxdChURXOJ+M5BHCHdlYmVybGFiAmRlAHoYKuiyNMNSWsfXwtRR8n\/pKy73at02yEwt1EoWyfptV8sUoxs="}
00789{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1558968008021,"flow_last_seen":1558968008021,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1512,"flow_avg_l4_payload_len":756,"midstream":0,"thread_ts_msec":1558968008021,"l3_proto":"ip4","src_ip":"172.217.40.76","dst_ip":"193.24.227.238","src_port":56680,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"weberlab.de","num_queries":1,"num_answers":5,"reply_code":0,"query_type":48,"rsp_type":48,"rsp_addr":"0.0.0.0"}}
00794{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1558968008021,"flow_last_seen":1558968008021,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1512,"midstream":0,"thread_ts_msec":1558968008021,"l3_proto":"ip4","src_ip":"172.217.40.76","dst_ip":"193.24.227.238","src_port":56680,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"weberlab.de","num_queries":1,"num_answers":5,"reply_code":0,"query_type":48,"rsp_type":48,"rsp_addr":"0.0.0.0"}}
00209{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":3,"source":"dns_fragmented.pcap","alias":"nDPId-test","l4_data_len":230,"global_ts_msec":1558968008021}
00631{"packet_event_id":1,"packet_event_name":"packet","packet_id":3,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":264,"pkt_l4_len":0,"thread_ts_msec":1558968008021,"pkt":"AIac51UUAAwpil3XCABFAAD60P4AuUARLg\/BGOPurNkoTJJWaQ8FS9tIHo+oVjY51cy6+fgiJNB2zCSb2h1J8D40RJyUZYc0lguNGrMzvogBYnbxInuDKD2B8SGaumxsynJulBSZTde74knucmk+7g4DbM0zyfRD0W3RhD3u0NFdji\/0zmiI817VkCE2GpVvuL3F8KDCC+EMYjJlOHqM+STJxPq9ZF8xJcVITkC6EY6CdRmYmQdqvRYWzDXPjGtyu5XT13H1VC8IJisNUehBDr2PeppANUdXFlyqVQ6mARL6UnTBT0xam7DpmuxycO7BOql2rC7KBJb4lykg9AAAKRAAAACAAAAA"}
00603{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968010233,"flow_last_seen":1558968010233,"flow_idle_time":200000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1558968010233,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c03::10a","dst_ip":"2001:470:765b::a25:53","src_port":46433,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00609{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1558968010233,"flow_last_seen":1558968010233,"flow_idle_time":200000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":58,"midstream":0,"thread_ts_msec":1558968010233,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c03::10a","dst_ip":"2001:470:765b::a25:53","src_port":46433,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1558968010233,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":120,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":120,"pkt_l4_len":66,"thread_ts_msec":1558968010233,"pkt":"AAwpil3XAIac51UUht1gArj8AEIRayoAFFBAEwwDAAAAAAAAAQogAQRwdlsAAAAAAAAKJQBTtWEANQBC7JLpxAAQAAEAAAAAAAECcGEId2ViZXJsYWICZGUAABwAAQAAKRAAAACAAAAPAAgACwACOAAgAQRwHwsW"}
00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968010233,"flow_last_seen":1558968010233,"flow_idle_time":200000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1558968010233,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c03::10a","dst_ip":"2001:470:765b::a25:53","src_port":46433,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"pa.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00798{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1558968010233,"flow_last_seen":1558968010233,"flow_idle_time":200000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":58,"midstream":0,"thread_ts_msec":1558968010233,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c03::10a","dst_ip":"2001:470:765b::a25:53","src_port":46433,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"pa.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
02420{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1558968010234,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1510,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":1510,"pkt_l4_len":1448,"thread_ts_msec":1558968010234,"pkt":"AIac51UUAAwpil3Xht1gB4f9BbAsQCABBHB2WwAAAAAAAAolAFMqABRQQBMMAwAAAAAAAAEKEQAAAShAPAsANbVhBeUUjunEhBAAAQACAAMACQJwYQh3ZWJlcmxhYgJkZQAAHAABwAwAHAABAAAAPAAQIAEEcB8LECQAAAAAAAAAAsAMAC4AAQAAADwBHwAcCgMAAAA8XQZZ\/FzevuyQRwh3ZWJlcmxhYgJkZQC1pnXN9aJB47xcEl0t+RyJPr\/p+1OSRyBEPleyPVcVG13SY1au\/jvJTdnRA4lySA7r3bi4LlJCEattffR4fjevK4f+NrGd0s5mJ+PRg85+C1QnHQmbvL9v+MI2zPL2z8n5PSX3Yf1y4VNvPCJ7YmzWzkyABQys7VcUh58r0Vf2MDfcX+p\/oqdfN5wH3piEMrifXVk3S1jvEgqm3k\/0jIc5bfsXYFPDiziLSsKruSCkr5Ydv6DPypeAQh8lSdezjVxYVAOnbrtC88Q7QQ04+1dWXmZGW9cG+PBKFrFDsPDKsCvsJ0ggc3+bJXpyZZ0SaqfH4Zgi8NjO\/iMCsrSxLkS9wFoAAgABAAAAPAAPA25zMgh3ZWJlcmRuc8BjwFoAAgABAAAAPAAGA25zMcF3wFoALgABAAAAPAEfAAIKAgAAADxdCgDsXOJvNZBHCHdlYmVybGFiAmRlAHSoxNqqAKym4hw9iI9\/cGB9AOyri1gZ9PRCVa3kokohNFwwgJZHh\/GYLEe5aVQ16NDPaZsaEDNFKVzAqyIPhTpD66im4JiAdIma3+zQ6MM9+50XgE4zD34pXPziEN3\/hpyx0OsRaMDdi+fLJ+VSFGsK+dEf7olAlTzREwS8gAhMxbir6bK5GyMP0HpB+N56qoJQqvHlvC11N4HQ1PiAfHGM\/e0cnoTP4HtNoJs4zlO01ipMUjuZ2yl3aHqydGgSm9jswrVneievkN6cP9\/osHneUEe3pq+Na767DBQ6GotyiL0ifYjqRt+tp11FZgz+RwhCI599k5mxFSecocr80szBjgAcAAEAAA4QABAgAQRwdlsAAAAAAAAKJQBTwXMAHAABAAAOEAAQIAEEcB8LFrAAAAAACiYAU8GOAAEAAQAADhAABMEY4+7BcwABAAEAAA4QAATC9wUOwY4ALgABAAAOEACfAAEIAwAADhBdCiqqXOKPrjDwCHdlYmVyZG5zAmRlALFKzqMjh9BzTzk7te1fsFGook8hWPtH0Dh2qeLmkPiC00JY45Dj2PARXv44katX35tAeXg4ix8QZs+c1GIcPatTaDXZe6J7CgZjoERP+ecNOmJ3vNLtj8s3UGq5X1b66ao4qdZN6E8DXjYpPWxeaD+6KZd7ytQjBmRNzONHV4CNwY4ALgABAAAOEACfABwIAwAADhBdCiqqXOKPrjDwCHdlYmVyZG5zAmRlAEEPt\/jvpNYZTaxUf\/hq3Z6tUps6XBA9Yu325Bwy3LukMjtOntkxZ48rvFNij79Ioq3EbGxCb4PD0EVLtA5lKR6U69jYrdbsh11ahmIq4c0voBJAKVJkpfioqYTXkZCppD5DWEnFc7+3dmCZtR6n7cdLRMGXeU0ee7boqf+ntG0ywXMALgABAAAOEACfAAEIAwAADhBdCiqqXOKPrjDwCHdlYmVyZG5zAmRlAAdbeEFbg2lg4i3rnV+6yQt2VeYizGmT\/rDt7rXbe9Gvg0bs7cCzKvh3nLNc7lfkw3Toxu3h2m\/NqvAJNkxLRmrtfxw68cyy4lkHhL2NLL3Y19jvp2qm25mZVgwcJylB9Dlvk0ReqgeiL8E1GyKZ+bYJb4PW+X45ewaJrdYFgGv4wXMALgABAAAOEACfABwIAwAADhBdCiqqXOKPrjDwCHdlYmVyZG5zAmRlALY71RRfBids18YMqfb3pDV95vjCv9gQTwdXg7KIz9hcjsWC4LdX4rCK4Rics7xQ5QaBNODVJNd5alz0R5hMDerxbEpzVvoggNs6EwCYRezdSpP5C3DJFx6i88C2SQ=="}
00810{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1558968010233,"flow_last_seen":1558968010234,"flow_idle_time":200000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1498,"flow_avg_l4_payload_len":749,"midstream":0,"thread_ts_msec":1558968010234,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c03::10a","dst_ip":"2001:470:765b::a25:53","src_port":46433,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"pa.weberlab.de","num_queries":1,"num_answers":14,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"32.1.4.112"}}
00815{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1558968010233,"flow_last_seen":1558968010234,"flow_idle_time":200000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1498,"midstream":0,"thread_ts_msec":1558968010234,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c03::10a","dst_ip":"2001:470:765b::a25:53","src_port":46433,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"pa.weberlab.de","num_queries":1,"num_answers":14,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"32.1.4.112"}}
00209{"error_event_id":12,"error_event_name":"nDPI IPv6\/L4 payload detection failed","datalink":1,"packet_id":6,"source":"dns_fragmented.pcap","alias":"nDPId-test","l4_data_len":89,"global_ts_msec":1558968010234}
00443{"packet_event_id":1,"packet_event_name":"packet","packet_id":6,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":123,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":123,"pkt_l4_len":0,"thread_ts_msec":1558968010234,"pkt":"AIac51UUAAwpil3Xht1gB4f9AEUsQCABBHB2WwAAAAAAAAolAFMqABRQQBMMAwAAAAAAAAEKEQAFqChAPAtderZqHOphjXllMk8sHswGkSaaDoR\/AL9bqSnISQXKcnns5gAAKRAAAACAAAAPAAgACwACOAAgAQRwHwsW"}
00603{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968018074,"flow_last_seen":1558968018074,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1558968018074,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c06::105","dst_ip":"2001:470:765b::a25:53","src_port":63369,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00609{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1558968018074,"flow_last_seen":1558968018074,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"midstream":0,"thread_ts_msec":1558968018074,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c06::105","dst_ip":"2001:470:765b::a25:53","src_port":63369,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1558968018074,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":121,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":121,"pkt_l4_len":67,"thread_ts_msec":1558968018074,"pkt":"AAwpil3XAIac51UUht1gCQGuAEMRayoAFFBAEwwGAAAAAAAAAQUgAQRwdlsAAAAAAAAKJQBT94kANQBDODsKMgAQAAEAAAAAAAEDZmcyCHdlYmVybGFiAmRlAAABAAEAACkQAAAAgAAADwAIAAsAAjgAIAEEcB8LFg=="}
00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968018074,"flow_last_seen":1558968018074,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1558968018074,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c06::105","dst_ip":"2001:470:765b::a25:53","src_port":63369,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00798{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1558968018074,"flow_last_seen":1558968018074,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"midstream":0,"thread_ts_msec":1558968018074,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c06::105","dst_ip":"2001:470:765b::a25:53","src_port":63369,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1558968018075,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1510,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":1510,"pkt_l4_len":1448,"thread_ts_msec":1558968018075,"pkt":"AIac51UUAAwpil3Xht1gAmIVBbAsQCABBHB2WwAAAAAAAAolAFMqABRQQBMMBgAAAAAAAAEFEQAAASR\/DLMANfeJBdraSAoyhBAAAQACAAMACQNmZzIId2ViZXJsYWICZGUAAAEAAcAMAAEAAQAAADwABML3BArADAAuAAEAAAA8AR8AAQoDAAAAPF0J+51c4m0NkEcId2ViZXJsYWICZGUATmqKLyXYlD7oC1wjnJdPzxr55pJoGn6h+biEYxUlvjgkAKYGVr2OkUzNi9dPZZCT1\/wXWro5BadVhTNlYhGA9J99DHUUB5NEITFfyeoCqRwORKOIN8F3N4260XT5uRwPgDtpnX9J6IRQN3Hg639ASVUfreGkxN2At0j1oxD21UcoFDfwz5Fn7owm5vE3RP6EyTqHCPkRSCJvvZO+Lb6nyRwRS\/BgbrTAjIDB9gxMtXs7GIKlm\/T21iqqa\/CM0K3y9nYSv2Mbgyh+nhDaTp4WmMKZfRzP6DKGL+Myx7893ekGgWnaQNeZGzB3BTQVSEJFLULyYavsqtvSpVIspLF1IcBPAAIAAQAAADwADwNuczIId2ViZXJkbnPAWMBPAAIAAQAAADwABgNuczHBbMBPAC4AAQAAADwBHwACCgIAAAA8XQoA7FzibzWQRwh3ZWJlcmxhYgJkZQB0qMTaqgCspuIcPYiPf3BgfQDsq4tYGfT0QlWt5KJKITRcMICWR4fxmCxHuWlUNejQz2mbGhAzRSlcwKsiD4U6Q+uopuCYgHSJmt\/s0OjDPfudF4BOMw9+KVz84hDd\/4acsdDrEWjA3YvnyyflUhRrCvnRH+6JQJU80RMEvIAITMW4q+myuRsjD9B6QfjeeqqCUKrx5bwtdTeB0NT4gHxxjP3tHJ6Ez+B7TaCbOM5TtNYqTFI7mdspd2h6snRoEpvY7MK1Z3onr5DenD\/f6LB53lBHt6avjWu+uwwUOhqLcoi9In2I6kbfraddRWYM\/kcIQiOffZOZsRUnnKHK\/NLMwYMAHAABAAAOEAAQIAEEcHZbAAAAAAAACiUAU8FoABwAAQAADhAAECABBHAfCxawAAAAAAomAFPBgwABAAEAAA4QAATBGOPuwWgAAQABAAAOEAAEwvcFDsGDAC4AAQAADhAAnwABCAMAAA4QXQoqqlzij64w8Ah3ZWJlcmRucwJkZQCxSs6jI4fQc085O7XtX7BRqKJPIVj7R9A4dqni5pD4gtNCWOOQ49jwEV7+OJGrV9+bQHl4OIsfEGbPnNRiHD2rU2g12XuiewoGY6BET\/nnDTpid7zS7Y\/LN1BquV9W+umqOKnWTehPA142KT1sXmg\/uimXe8rUIwZkTczjR1eAjcGDAC4AAQAADhAAnwAcCAMAAA4QXQoqqlzij64w8Ah3ZWJlcmRucwJkZQBBD7f476TWGU2sVH\/4at2erVKbOlwQPWLt9uQcMty7pDI7Tp7ZMWePK7xTYo+\/SKKtxGxsQm+Dw9BFS7QOZSkelOvY2K3W7IddWoZiKuHNL6ASQClSZKX4qKmE15GQqaQ+Q1hJxXO\/t3ZgmbUep+3HS0TBl3lNHnu26Kn\/p7RtMsFoAC4AAQAADhAAnwABCAMAAA4QXQoqqlzij64w8Ah3ZWJlcmRucwJkZQAHW3hBW4NpYOIt651fuskLdlXmIsxpk\/6w7e6123vRr4NG7O3Asyr4d5yzXO5X5MN06Mbt4dpvzarwCTZMS0Zq7X8cOvHMsuJZB4S9jSy92NfY76dqptuZmVYMHCcpQfQ5b5NEXqoHoi\/BNRsimfm2CW+D1vl+OXsGia3WBYBr+MFoAC4AAQAADhAAnwAcCAMAAA4QXQoqqlzij64w8Ah3ZWJlcmRucwJkZQC2O9UUXwYnbNfGDKn296Q1feb4wr\/YEE8HV4OyiM\/YXI7FguC3V+KwiuEYnLO8UOUGgTTg1STXeWpc9EeYTA3q8WxKc1b6IIDbOhMAmEXs3UqT+QtwyRceovPAtklderZqHOphjXllMg=="}
00811{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1558968018074,"flow_last_seen":1558968018075,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1499,"flow_avg_l4_payload_len":749,"midstream":0,"thread_ts_msec":1558968018075,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c06::105","dst_ip":"2001:470:765b::a25:53","src_port":63369,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2.weberlab.de","num_queries":1,"num_answers":14,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"194.247.4.10"}}
00816{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1558968018074,"flow_last_seen":1558968018075,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1499,"midstream":0,"thread_ts_msec":1558968018075,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c06::105","dst_ip":"2001:470:765b::a25:53","src_port":63369,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2.weberlab.de","num_queries":1,"num_answers":14,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"194.247.4.10"}}
00209{"error_event_id":12,"error_event_name":"nDPI IPv6\/L4 payload detection failed","datalink":1,"packet_id":9,"source":"dns_fragmented.pcap","alias":"nDPId-test","l4_data_len":78,"global_ts_msec":1558968018075}
00432{"packet_event_id":1,"packet_event_name":"packet","packet_id":9,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":112,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":112,"pkt_l4_len":0,"thread_ts_msec":1558968018075,"pkt":"AIac51UUAAwpil3Xht1gAmIVADosQCABBHB2WwAAAAAAAAolAFMqABRQQBMMBgAAAAAAAAEFEQAFqCR\/DLNPLB7MBpEmmg6EfwC\/W6kpyEkFynJ57OYAACkQAAAAgAAADwAIAAsAAjgAIAEEcB8LFg=="}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968019069,"flow_last_seen":1558968019069,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1558968019069,"l3_proto":"ip4","src_ip":"173.194.169.104","dst_ip":"193.24.227.238","src_port":59464,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1558968019069,"flow_last_seen":1558968019069,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"midstream":0,"thread_ts_msec":1558968019069,"l3_proto":"ip4","src_ip":"173.194.169.104","dst_ip":"193.24.227.238","src_port":59464,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1558968019069,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"thread_ts_msec":1558968019069,"pkt":"AAwpil3XAIac51UUCABFAABXnz0AAGwRsyatwqlowRjj7uhIADUAQ+SwoX0AEAABAAAAAAABA2ZnMgh3ZWJlcmxhYgJkZQAAAQABAAApEAAAAIAAAA8ACAALAAI4ACABBHAfCxY="}
00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968019069,"flow_last_seen":1558968019069,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1558968019069,"l3_proto":"ip4","src_ip":"173.194.169.104","dst_ip":"193.24.227.238","src_port":59464,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"fg2.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1558968019069,"flow_last_seen":1558968019069,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"midstream":0,"thread_ts_msec":1558968019069,"l3_proto":"ip4","src_ip":"173.194.169.104","dst_ip":"193.24.227.238","src_port":59464,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"fg2.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1558968019069,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":1558968019069,"pkt":"AIac51UUAAwpil3XCABFAAXc4hEgAEARds3BGOPurcKpaAA16EgF2oW\/oX2EEAABAAIAAwAJA2ZnMgh3ZWJlcmxhYgJkZQAAAQABwAwAAQABAAAAPAAEwvcECsAMAC4AAQAAADwBHwABCgMAAAA8XQn7nVzibQ2QRwh3ZWJlcmxhYgJkZQBOaoovJdiUPugLXCOcl0\/PGvnmkmgafqH5uIRjFSW+OCQApgZWvY6RTM2L109lkJPX\/BdaujkFp1WFM2ViEYD0n30MdRQHk0QhMV\/J6gKpHA5Eo4g3wXc3jbrRdPm5HA+AO2mdf0nohFA3ceDrf0BJVR+t4aTE3YC3SPWjEPbVRygUN\/DPkWfujCbm8TdE\/oTJOocI+RFIIm+9k74tvqfJHBFL8GButMCMgMH2DEy1ezsYgqWb9PbWKqpr8IzQrfL2dhK\/YxuDKH6eENpOnhaYwpl9HM\/oMoYv4zLHvz3d6QaBadpA15kbMHcFNBVIQkUtQvJhq+yq29KlUiyksXUhwE8AAgABAAAAPAAPA25zMQh3ZWJlcmRuc8BYwE8AAgABAAAAPAAGA25zMsFswE8ALgABAAAAPAEfAAIKAgAAADxdCgDsXOJvNZBHCHdlYmVybGFiAmRlAHSoxNqqAKym4hw9iI9\/cGB9AOyri1gZ9PRCVa3kokohNFwwgJZHh\/GYLEe5aVQ16NDPaZsaEDNFKVzAqyIPhTpD66im4JiAdIma3+zQ6MM9+50XgE4zD34pXPziEN3\/hpyx0OsRaMDdi+fLJ+VSFGsK+dEf7olAlTzREwS8gAhMxbir6bK5GyMP0HpB+N56qoJQqvHlvC11N4HQ1PiAfHGM\/e0cnoTP4HtNoJs4zlO01ipMUjuZ2yl3aHqydGgSm9jswrVneievkN6cP9\/osHneUEe3pq+Na767DBQ6GotyiL0ifYjqRt+tp11FZgz+RwhCI599k5mxFSecocr80szBaAABAAEAAA4QAATBGOPuwYMAAQABAAAOEAAEwvcFDsFoABwAAQAADhAAECABBHB2WwAAAAAAAAolAFPBgwAcAAEAAA4QABAgAQRwHwsWsAAAAAAKJgBTwWgALgABAAAOEACfAAEIAwAADhBdCiqqXOKPrjDwCHdlYmVyZG5zAmRlALFKzqMjh9BzTzk7te1fsFGook8hWPtH0Dh2qeLmkPiC00JY45Dj2PARXv44katX35tAeXg4ix8QZs+c1GIcPatTaDXZe6J7CgZjoERP+ecNOmJ3vNLtj8s3UGq5X1b66ao4qdZN6E8DXjYpPWxeaD+6KZd7ytQjBmRNzONHV4CNwWgALgABAAAOEACfABwIAwAADhBdCiqqXOKPrjDwCHdlYmVyZG5zAmRlAEEPt\/jvpNYZTaxUf\/hq3Z6tUps6XBA9Yu325Bwy3LukMjtOntkxZ48rvFNij79Ioq3EbGxCb4PD0EVLtA5lKR6U69jYrdbsh11ahmIq4c0voBJAKVJkpfioqYTXkZCppD5DWEnFc7+3dmCZtR6n7cdLRMGXeU0ee7boqf+ntG0ywYMALgABAAAOEACfAAEIAwAADhBdCiqqXOKPrjDwCHdlYmVyZG5zAmRlAAdbeEFbg2lg4i3rnV+6yQt2VeYizGmT\/rDt7rXbe9Gvg0bs7cCzKvh3nLNc7lfkw3Toxu3h2m\/NqvAJNkxLRmrtfxw68cyy4lkHhL2NLL3Y19jvp2qm25mZVgwcJylB9Dlvk0ReqgeiL8E1GyKZ+bYJb4PW+X45ewaJrdYFgGv4wYMALgABAAAOEACfABwIAwAADhBdCiqqXOKPrjDwCHdlYmVyZG5zAmRlALY71RRfBids18YMqfb3pDV95vjCv9gQTwdXg7KIz9hcjsWC4LdX4rCK4Rics7xQ5QaBNODVJNd5alz0R5hMDerxbEpzVvoggNs6EwCYRezdSpP5C3DJFx6i88C2SV16tmoc6mGNeWUyTywezAaRJpoOhH8Av1upKchJBcpyeezmAAApEAAAAIA="}
00800{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1558968019069,"flow_last_seen":1558968019069,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1531,"flow_avg_l4_payload_len":765,"midstream":0,"thread_ts_msec":1558968019069,"l3_proto":"ip4","src_ip":"173.194.169.104","dst_ip":"193.24.227.238","src_port":59464,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"fg2.weberlab.de","num_queries":1,"num_answers":14,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"194.247.4.10"}}
00805{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1558968019069,"flow_last_seen":1558968019069,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1531,"midstream":0,"thread_ts_msec":1558968019069,"l3_proto":"ip4","src_ip":"173.194.169.104","dst_ip":"193.24.227.238","src_port":59464,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"fg2.weberlab.de","num_queries":1,"num_answers":14,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"194.247.4.10"}}
00209{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":12,"source":"dns_fragmented.pcap","alias":"nDPId-test","l4_data_len":18,"global_ts_msec":1558968019069}
00348{"packet_event_id":1,"packet_event_name":"packet","packet_id":12,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":1558968019069,"pkt":"AIac51UUAAwpil3XCABFAAAm4hEAuUARm8rBGOPurcKpaAAADwAIAAsAAjgAIAEEcB8LFg=="}
00604{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968021013,"flow_last_seen":1558968021013,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1558968021013,"l3_proto":"ip6","src_ip":"2a00:1450:400c:c00::106","dst_ip":"2001:470:765b::a25:53","src_port":54430,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00610{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1558968021013,"flow_last_seen":1558968021013,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"midstream":0,"thread_ts_msec":1558968021013,"l3_proto":"ip6","src_ip":"2a00:1450:400c:c00::106","dst_ip":"2001:470:765b::a25:53","src_port":54430,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1558968021013,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":121,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":121,"pkt_l4_len":67,"thread_ts_msec":1558968021013,"pkt":"AAwpil3XAIac51UUht1gBi\/8AEMRayoAFFBADAwAAAAAAAAAAQYgAQRwdlsAAAAAAAAKJQBT1J4ANQBDpiukOAAQAAEAAAAAAAEDZmcyCHdlYmVybGFiAmRlAAAcAAEAACkQAAAAgAAADwAIAAsAAjgAIAEEcB8LFg=="}
00794{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968021013,"flow_last_seen":1558968021013,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1558968021013,"l3_proto":"ip6","src_ip":"2a00:1450:400c:c00::106","dst_ip":"2001:470:765b::a25:53","src_port":54430,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00800{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1558968021013,"flow_last_seen":1558968021013,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"midstream":0,"thread_ts_msec":1558968021013,"l3_proto":"ip6","src_ip":"2a00:1450:400c:c00::106","dst_ip":"2001:470:765b::a25:53","src_port":54430,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
01582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1558968021014,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":886,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":886,"pkt_l4_len":832,"thread_ts_msec":1558968021014,"pkt":"AIac51UUAAwpil3Xht1gCbz6A0ARQCABBHB2WwAAAAAAAAolAFMqABRQQAwMAAAAAAAAAAEGADXUngNAM\/ikOIQQAAEAAAAEAAEDZmcyCHdlYmVybGFiAmRlAAAcAAHAEAAGAAEAAAA8ADwDbnMwCHdlYmVyZG5zwBkJd2VibWFzdGVyCXdlYmVybmV0egNuZXQAeFhI6QAADhAAAAOEACTqAAAAADzAEAAuAAEAAAA8AR8ABgoCAAAAPF0SKiBc6o8QkEcId2ViZXJsYWICZGUAsAsLORY9T68251zcXXrXYMubapdXlnVZdczSZ8VjQS3g0dStlbXNUxRf4FJCpZevgIdkz+OzavU4Y3EyCKf5qxw7GiEllt+hznji85+jlwbqxa7BHuVrNf4YxsbIr0kaSblmtIn8e12vMQAgQIzOeK4VKGey+3rFftx2Cs7v0mw4V0Rd+gTYttfq+PLvGu8vSZibXFxqlj86VVzTwvOCEmjqKNyjon+\/djMG\/LpzWXoT2evp9l8K1VcJU\/8uUY9ZE4WS0WjV4uuPKKqmHeTkethHG1xsLp0jKFQP8kYfYkdlxDBuNu6KhurVxO4RiM92K63vMdmIW\/4VjMYm2cPPQCBWTlI1U0hKRjVHQ1RFQ1RIN0wwRUNLTEoxTkRGNE04S8CHADIAAQAAALQAMgEAABQQM4lV2XYIwLE0ewVnw5K1+BQAQBNLJ89Pbt3WSJZWXFg+eo1pkwAGQAAAAAACwZQALgABAAAAtAEfADIKAwAAALRdChEDXOJ73JBHCHdlYmVybGFiAmRlAFwWgMgEjrA1OcHB+Qo5dWmMix1bJ7WFGsQIkPmTlF\/KVvK6k5dVU4FDCZtKPuPYCkg0XLBOcR\/wguOUuuyBL7cbjUoN0UHJur34eNeWLngpBhaxFTmuqY80vKjed0ttFQ6uVnd2OAmDzRp6YxYtTin4\/XGlVO6lMt+k2mYftwRyr5Ohjp6NH+J8dbjX7gkD3ENGAHspVLSTz4LxrhUH8dsbFK8rT\/kUhlCBvTuJYAxOkSEWqp4vVZ54PXcY61pn5KAT8mJWdw+HLsa\/lUjZNXicEmky99XDlPLcJk7OI3ZM83QYPgYAFE\/lMHbTSiiue2rS4deUwWxFmnQYlhv0FA4AACkQAAAAgAAADwAIAAsAAjgAIAEEcB8LFg=="}
00805{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":14,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1558968021013,"flow_last_seen":1558968021014,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":824,"flow_tot_l4_payload_len":883,"flow_avg_l4_payload_len":441,"midstream":0,"thread_ts_msec":1558968021014,"l3_proto":"ip6","src_ip":"2a00:1450:400c:c00::106","dst_ip":"2001:470:765b::a25:53","src_port":54430,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2.weberlab.de","num_queries":1,"num_answers":5,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968021026,"flow_last_seen":1558968021026,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1558968021026,"l3_proto":"ip4","src_ip":"74.125.47.136","dst_ip":"193.24.227.238","src_port":59330,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00810{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":14,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1558968021013,"flow_last_seen":1558968021014,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":824,"flow_tot_l4_payload_len":883,"midstream":0,"thread_ts_msec":1558968021014,"l3_proto":"ip6","src_ip":"2a00:1450:400c:c00::106","dst_ip":"2001:470:765b::a25:53","src_port":54430,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2.weberlab.de","num_queries":1,"num_answers":5,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1558968021026,"flow_last_seen":1558968021026,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"midstream":0,"thread_ts_msec":1558968021026,"l3_proto":"ip4","src_ip":"74.125.47.136","dst_ip":"193.24.227.238","src_port":59330,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1558968021026,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1558968021026,"pkt":"AAwpil3XAIac51UUCABFAABEdWYAAGwRujZKfS+IwRjj7ufCADUAMBuRFagAEAABAAAAAAABCHdlYmVybGFiAmRlAAAwAAEAACkQAAAAgAAAAA=="}
00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968021026,"flow_last_seen":1558968021026,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1558968021026,"l3_proto":"ip4","src_ip":"74.125.47.136","dst_ip":"193.24.227.238","src_port":59330,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":48,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1558968021026,"flow_last_seen":1558968021026,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"midstream":0,"thread_ts_msec":1558968021026,"l3_proto":"ip4","src_ip":"74.125.47.136","dst_ip":"193.24.227.238","src_port":59330,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":48,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
02441{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1558968021027,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":1558968021027,"pkt":"AIac51UUAAwpil3XCABFAAXciTwgAEARrMjBGOPuSn0viAA158IGrsPBFaiEEAABAAQAAAABCHdlYmVybGFiAmRlAAAwAAHADAAwAAEAAAA8AQgBAAMKAwEAAdBU3CjxUKw7SeYza7cxyq\/Xg3znVQsMzuF\/UeLaigOubtJHhxhL+m129IxQkTKo8JRIXcKXD+aViztiml8+8BPCXFNPftFpdFCzBRNGHj\/ca1g\/Flck6v5avafB\/hGqbWKY2LEGKb5ktYWGj8JB0mrKGqDZVPyieC0dYVv02iOaOvUhdl7QtgVybR3V6gHlhoG0BxG+GbjUp+NyPClbuMOIwflbVGB5946PyQGQgnGNX2L1MHumOaYC\/D3UnyzQZNMmqj85GwDNPwEeDfLq6wm1BUfx7MwwcEVuO2B0YmUyiPiSfUoGTwm2P1nGNMhlYij3bY9VvyxCqPQnK0s5Tr3ADAAwAAEAAAA8AggBAQMKAwEAAd3v\/e0irXYKOwtYEB3VPe7z99qvi5le9\/y1XXyplp5y\/5xaqrm\/relG8pgx8GsNW2IgviJKAJ6UiU45ERKoH+fz2qf2SUFHFWwkweiWyLZ4EZHhowviCEx94P4OswNKXmdYHe38rlHPa+3OypW9gYfR9lhCKK3neCPq8\/aFFsTTI7dQ+Q2kERWiCMCybl4WOwsBo\/RlnPM4yufMKIlABiM5NWQPNmI6jYzAYpYoyUhd9HnnIIDlNQ89HpXQdFmysMraXYb7qDOoOEiOodttKH0y\/vtJ2SRU05RF4AEumacIUzAi5LL2cMQxC7t7rlDI4X42NRfOLAqGuOeclFjzqz3OdAJWeg\/AAnSbb02AGCkQ370TX1hWveAXt6xpPWOLgHXSLIF\/lz+wl+Dm8ZNWDnn5zEJuEj3xova1g8zmRXJOmqA6VhGqewxF8c+yKeNEOHz4X4\/RLmWHIuEbvboP00Dk5A9bhyZGVsytOJg+NwhFQtvBWLmD82FFtfSt2vmbFFNwAZOnRZWJOG9L7TFcGIm1OEULmohUyFLsBGMXDFOu1k0o6pqm495tsBuMyJNpfdQoPwOkUpsKi6jmNq6vRjvvNiJbcFylTQrqHGTGuOopuUsBbUXj\/nOr4I6j42k6GDIuTyLDkaVrdrxXmGnfNnStdqWmvHXo\/YFwdls9bcT7wAwALgABAAAAPAIfADAKAgAAADxdChURXOJ+MzN7CHdlYmVybGFiAmRlAB+yP4V\/njTX1ZrAUX52Q4ppNzTYQFwUb\/fZ7UyQYLNxrrstLuUEImGhNwZoGn47E0jCxJscYiApT\/lYiL2L1ySUl4RKqHIjPNuYuibs67t5ZabkYsahlYEA\/lOcM3eIQx9pu5Og7p1d2yBSUETOBiGw2mFf2+ESni6Ue4XPXEEYzAhiMRhuYOJAy8gBqoPjkRBcJfWJSQLCsK1uYySkTZfbAzgJeVM0nXd6azgG0BhRE+LeaO6rN3QVHDtfgnwRdZ0mqwEcP9Ixz7o9MUVSKZ24Kp1QfS5nvEHn5PilNALbZYZOO0cQAeV8BhlxVuALLDecEOLC8sY1mx6ozY5\/aRypyHA9HCrJT0qIHJwgtxE7ldoWyzsz32MKgZvCYMZSPOXK\/W3p61FPtD4iT4Id6xXDvyRuALL3waMUMwy3mSjXDHAdpXWaCOMfYx2IzRk4rN5TDQtUohYwaoSbystwDYKnhZGi9jS0G8FObyWhTrKCl7aTkMBaFEejCh0dfD5WJP+MDS\/TR32BG0S+GtGTl4n1Y8wgyP7nkz3\/REcevkIvpJRUImVc8A\/VPTI+9KvBSkoLPA9Za\/IpqUpgDVsKWU5bp0V0TdEryxvtwOnVXXdH0\/hJMgIgWhmZzY2\/UVoRBVGptWsAIhn5sO+UhcjvZ41p3t\/1mWp23BdUACblNtHcw2MALgABAAAAPAEfADAKAgAAADxdChURXOJ+M5BHCHdlYmVybGFiAmRlAHoYKuiyNMNSWsfXwtRR8n\/pKy73at02yEwt1EoWyfptV8sUoxs="}
00790{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1558968021026,"flow_last_seen":1558968021027,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1512,"flow_avg_l4_payload_len":756,"midstream":0,"thread_ts_msec":1558968021027,"l3_proto":"ip4","src_ip":"74.125.47.136","dst_ip":"193.24.227.238","src_port":59330,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"weberlab.de","num_queries":1,"num_answers":5,"reply_code":0,"query_type":48,"rsp_type":48,"rsp_addr":"0.0.0.0"}}
00795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1558968021026,"flow_last_seen":1558968021027,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1512,"midstream":0,"thread_ts_msec":1558968021027,"l3_proto":"ip4","src_ip":"74.125.47.136","dst_ip":"193.24.227.238","src_port":59330,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"weberlab.de","num_queries":1,"num_answers":5,"reply_code":0,"query_type":48,"rsp_type":48,"rsp_addr":"0.0.0.0"}}
00210{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":17,"source":"dns_fragmented.pcap","alias":"nDPId-test","l4_data_len":230,"global_ts_msec":1558968021027}
00631{"packet_event_id":1,"packet_event_name":"packet","packet_id":17,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":264,"pkt_l4_len":0,"thread_ts_msec":1558968021027,"pkt":"AIac51UUAAwpil3XCABFAAD6iTwAuUAR0PHBGOPuSn0viJJWaQ8FS9tIHo+oVjY51cy6+fgiJNB2zCSb2h1J8D40RJyUZYc0lguNGrMzvogBYnbxInuDKD2B8SGaumxsynJulBSZTde74knucmk+7g4DbM0zyfRD0W3RhD3u0NFdji\/0zmiI817VkCE2GpVvuL3F8KDCC+EMYjJlOHqM+STJxPq9ZF8xJcVITkC6EY6CdRmYmQdqvRYWzDXPjGtyu5XT13H1VC8IJisNUehBDr2PeppANUdXFlyqVQ6mARL6UnTBT0xam7DpmuxycO7BOql2rC7KBJb4lykg9AAAKRAAAACAAAAA"}
00604{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968031134,"flow_last_seen":1558968031134,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1558968031134,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c05::10e","dst_ip":"2001:470:765b::a25:53","src_port":34944,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00610{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1558968031134,"flow_last_seen":1558968031134,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"midstream":0,"thread_ts_msec":1558968031134,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c05::10e","dst_ip":"2001:470:765b::a25:53","src_port":34944,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1558968031134,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":121,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":121,"pkt_l4_len":67,"thread_ts_msec":1558968031134,"pkt":"AAwpil3XAIac51UUht1gCRS7AEMRbCoAFFBAEwwFAAAAAAAAAQ4gAQRwdlsAAAAAAAAKJQBTiIAANQBD+GeeBgAQAAEAAAAAAAEDZmcyCHdlYmVybGFiAmRlAAAcAAEAACkQAAAAgAAADwAIAAsAAjgAIAEEcB8LFg=="}
00794{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968031134,"flow_last_seen":1558968031134,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1558968031134,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c05::10e","dst_ip":"2001:470:765b::a25:53","src_port":34944,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00800{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1558968031134,"flow_last_seen":1558968031134,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"midstream":0,"thread_ts_msec":1558968031134,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c05::10e","dst_ip":"2001:470:765b::a25:53","src_port":34944,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
01581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1558968031134,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":886,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":886,"pkt_l4_len":832,"thread_ts_msec":1558968031134,"pkt":"AIac51UUAAwpil3Xht1gAJ7uA0ARQCABBHB2WwAAAAAAAAolAFMqABRQQBMMBQAAAAAAAAEOADWIgANANAyeBoQQAAEAAAAEAAEDZmcyCHdlYmVybGFiAmRlAAAcAAHAEAAGAAEAAAA8ADwDbnMwCHdlYmVyZG5zwBkJd2VibWFzdGVyCXdlYmVybmV0egNuZXQAeFhI6QAADhAAAAOEACTqAAAAADzAEAAuAAEAAAA8AR8ABgoCAAAAPF0SKiBc6o8QkEcId2ViZXJsYWICZGUAsAsLORY9T68251zcXXrXYMubapdXlnVZdczSZ8VjQS3g0dStlbXNUxRf4FJCpZevgIdkz+OzavU4Y3EyCKf5qxw7GiEllt+hznji85+jlwbqxa7BHuVrNf4YxsbIr0kaSblmtIn8e12vMQAgQIzOeK4VKGey+3rFftx2Cs7v0mw4V0Rd+gTYttfq+PLvGu8vSZibXFxqlj86VVzTwvOCEmjqKNyjon+\/djMG\/LpzWXoT2evp9l8K1VcJU\/8uUY9ZE4WS0WjV4uuPKKqmHeTkethHG1xsLp0jKFQP8kYfYkdlxDBuNu6KhurVxO4RiM92K63vMdmIW\/4VjMYm2cPPQCBWTlI1U0hKRjVHQ1RFQ1RIN0wwRUNLTEoxTkRGNE04S8CHADIAAQAAALQAMgEAABQQM4lV2XYIwLE0ewVnw5K1+BQAQBNLJ89Pbt3WSJZWXFg+eo1pkwAGQAAAAAACwZQALgABAAAAtAEfADIKAwAAALRdChEDXOJ73JBHCHdlYmVybGFiAmRlAFwWgMgEjrA1OcHB+Qo5dWmMix1bJ7WFGsQIkPmTlF\/KVvK6k5dVU4FDCZtKPuPYCkg0XLBOcR\/wguOUuuyBL7cbjUoN0UHJur34eNeWLngpBhaxFTmuqY80vKjed0ttFQ6uVnd2OAmDzRp6YxYtTin4\/XGlVO6lMt+k2mYftwRyr5Ohjp6NH+J8dbjX7gkD3ENGAHspVLSTz4LxrhUH8dsbFK8rT\/kUhlCBvTuJYAxOkSEWqp4vVZ54PXcY61pn5KAT8mJWdw+HLsa\/lUjZNXicEmky99XDlPLcJk7OI3ZM83QYPgYAFE\/lMHbTSiiue2rS4deUwWxFmnQYlhv0FA4AACkQAAAAgAAADwAIAAsAAjgAIAEEcB8LFg=="}
00805{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":19,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1558968031134,"flow_last_seen":1558968031134,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":824,"flow_tot_l4_payload_len":883,"flow_avg_l4_payload_len":441,"midstream":0,"thread_ts_msec":1558968031134,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c05::10e","dst_ip":"2001:470:765b::a25:53","src_port":34944,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2.weberlab.de","num_queries":1,"num_answers":5,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00810{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":19,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1558968031134,"flow_last_seen":1558968031134,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":824,"flow_tot_l4_payload_len":883,"midstream":0,"thread_ts_msec":1558968031134,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c05::10e","dst_ip":"2001:470:765b::a25:53","src_port":34944,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2.weberlab.de","num_queries":1,"num_answers":5,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00561{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"dns_fragmented.pcap","alias":"nDPId-test","packets-captured":20,"packets-processed":14,"total-skipped-flows":0,"total-l4-payload-len":9318,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":7,"total-updates":0,"current-active-flows":7,"total-active-flows":7,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":48,"global_ts_msec":1559042371783}
00618{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1559042371783,"flow_last_seen":1559042371783,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1559042371783,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":47634,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00624{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1559042371783,"flow_last_seen":1559042371783,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"midstream":0,"thread_ts_msec":1559042371783,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":47634,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1559042371783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":123,"pkt_l4_len":69,"thread_ts_msec":1559042371783,"pkt":"CFsOoYNeAAwpfKTLht1gCrtxAEURQCABBHAfCxawAgwp\/\/58pMsgAQRwdlsAAAAAAAAKJQBTuhIANQBFzxq5yAEgAAEAAAAAAAEIZmcyLW1nbXQId2ViZXJsYWICZGUAABwAAQAAKRAAAAAAAAAMAAoACJyfIZPEos+4"}
00813{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1559042371783,"flow_last_seen":1559042371783,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1559042371783,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":47634,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2-mgmt.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00819{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1559042371783,"flow_last_seen":1559042371783,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"midstream":0,"thread_ts_msec":1559042371783,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":47634,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2-mgmt.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00789{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1559042371794,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":300,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":300,"pkt_l4_len":246,"thread_ts_msec":1559042371794,"pkt":"AAwpfKTLCFsOoYNeht1gDo22APYRPCABBHB2WwAAAAAAAAolAFMgAQRwHwsWsAIMKf\/+fKTLADW6EgD2hIi5yIUAAAEAAQACAAUIZmcyLW1nbXQId2ViZXJsYWICZGUAABwAAcAMABwAAQAAADwAECABBHAfCxawAAAAAAAAAAHAFQACAAEAAAA8AA8DbnMxCHdlYmVyZG5zwB7AFQACAAEAAAA8AAYDbnMywFLATgAcAAEAAA4QABAgAQRwdlsAAAAAAAAKJQBTwGkAHAABAAAOEAAQIAEEcB8LFrAAAAAACiYAU8BOAAEAAQAADhAABMEY4+7AaQABAAEAAA4QAATC9wUOAAApEAAAAAAAABwACgAYnJ8hk8Siz7hkUeklXO0ZQ\/LRIFOjEc9n"}
00828{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":21,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1559042371783,"flow_last_seen":1559042371794,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1559042371794,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":47634,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2-mgmt.weberlab.de","num_queries":1,"num_answers":8,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"32.1.4.112"}}
00618{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1559042372779,"flow_last_seen":1559042372779,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1559042372779,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":33592,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00833{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":21,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1559042371783,"flow_last_seen":1559042371794,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":299,"midstream":0,"thread_ts_msec":1559042371794,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":47634,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2-mgmt.weberlab.de","num_queries":1,"num_answers":8,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"32.1.4.112"}}
00624{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1559042372779,"flow_last_seen":1559042372779,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"midstream":0,"thread_ts_msec":1559042372779,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":33592,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1559042372779,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":123,"pkt_l4_len":69,"thread_ts_msec":1559042372779,"pkt":"CFsOoYNeAAwpfKTLht1gBVO1AEURQCABBHAfCxawAgwp\/\/58pMsgAQRwdlsAAAAAAAAKJQBTgzgANQBFzxq9qQEgAAEAAAAAAAEIZmcyLW1nbXQId2ViZXJsYWICZGUAABwAAQAAKRAAAAAAAAAMAAoACOxvEogaB96P"}
00813{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1559042372779,"flow_last_seen":1559042372779,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1559042372779,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":33592,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2-mgmt.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00819{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1559042372779,"flow_last_seen":1559042372779,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"midstream":0,"thread_ts_msec":1559042372779,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":33592,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2-mgmt.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00788{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1559042372791,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":300,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":300,"pkt_l4_len":246,"thread_ts_msec":1559042372791,"pkt":"AAwpfKTLCFsOoYNeht1gDjr2APYRPCABBHB2WwAAAAAAAAolAFMgAQRwHwsWsAIMKf\/+fKTLADWDOAD2QdK9qYUAAAEAAQACAAUIZmcyLW1nbXQId2ViZXJsYWICZGUAABwAAcAMABwAAQAAADwAECABBHAfCxawAAAAAAAAAAHAFQACAAEAAAA8AA8DbnMxCHdlYmVyZG5zwB7AFQACAAEAAAA8AAYDbnMywFLATgAcAAEAAA4QABAgAQRwdlsAAAAAAAAKJQBTwGkAHAABAAAOEAAQIAEEcB8LFrAAAAAACiYAU8BOAAEAAQAADhAABMEY4+7AaQABAAEAAA4QAATC9wUOAAApEAAAAAAAABwACgAY7G8SiBoH3o+7l8juXO0ZRLEjB1nyQ3R8"}
00828{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":23,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1559042372779,"flow_last_seen":1559042372791,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1559042372791,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":33592,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2-mgmt.weberlab.de","num_queries":1,"num_answers":8,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"32.1.4.112"}}
00619{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1559042373843,"flow_last_seen":1559042373843,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1559042373843,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":46316,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00833{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":23,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1559042372779,"flow_last_seen":1559042372791,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":299,"midstream":0,"thread_ts_msec":1559042372791,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":33592,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2-mgmt.weberlab.de","num_queries":1,"num_answers":8,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"32.1.4.112"}}
00625{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1559042373843,"flow_last_seen":1559042373843,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"midstream":0,"thread_ts_msec":1559042373843,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":46316,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1559042373843,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":123,"pkt_l4_len":69,"thread_ts_msec":1559042373843,"pkt":"CFsOoYNeAAwpfKTLht1gAgwqAEURQCABBHAfCxawAgwp\/\/58pMsgAQRwdlsAAAAAAAAKJQBTtOwANQBFzxrdhAEgAAEAAAAAAAEIZmcyLW1nbXQId2ViZXJsYWICZGUAABwAAQAAKRAAAAAAAAAMAAoACKUAwuOvHQbi"}
00814{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1559042373843,"flow_last_seen":1559042373843,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1559042373843,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":46316,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2-mgmt.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00820{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1559042373843,"flow_last_seen":1559042373843,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"midstream":0,"thread_ts_msec":1559042373843,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":46316,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2-mgmt.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00789{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1559042373854,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":300,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":300,"pkt_l4_len":246,"thread_ts_msec":1559042373854,"pkt":"AAwpfKTLCFsOoYNeht1gCMIUAPYRPCABBHB2WwAAAAAAAAolAFMgAQRwHwsWsAIMKf\/+fKTLADW07AD2Jy7dhIUAAAEAAQACAAUIZmcyLW1nbXQId2ViZXJsYWICZGUAABwAAcAMABwAAQAAADwAECABBHAfCxawAAAAAAAAAAHAFQACAAEAAAA8AA8DbnMyCHdlYmVyZG5zwB7AFQACAAEAAAA8AAYDbnMxwFLAaQAcAAEAAA4QABAgAQRwdlsAAAAAAAAKJQBTwE4AHAABAAAOEAAQIAEEcB8LFrAAAAAACiYAU8BpAAEAAQAADhAABMEY4+7ATgABAAEAAA4QAATC9wUOAAApEAAAAAAAABwACgAYpQDC468dBuIqFazGXO0ZRcWgFHZl7TCh"}
00829{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1559042373843,"flow_last_seen":1559042373854,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1559042373854,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":46316,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2-mgmt.weberlab.de","num_queries":1,"num_answers":8,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"32.1.4.112"}}
00619{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1559042374827,"flow_last_seen":1559042374827,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1559042374827,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":46440,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00834{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1559042373843,"flow_last_seen":1559042373854,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":299,"midstream":0,"thread_ts_msec":1559042373854,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":46316,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2-mgmt.weberlab.de","num_queries":1,"num_answers":8,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"32.1.4.112"}}
00625{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1559042374827,"flow_last_seen":1559042374827,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"midstream":0,"thread_ts_msec":1559042374827,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":46440,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1559042374827,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":123,"pkt_l4_len":69,"thread_ts_msec":1559042374827,"pkt":"CFsOoYNeAAwpfKTLht1gAgVFAEURQCABBHAfCxawAgwp\/\/58pMsgAQRwdlsAAAAAAAAKJQBTtWgANQBFzxrqAgEgAAEAAAAAAAEIZmcyLW1nbXQId2ViZXJsYWICZGUAABwAAQAAKRAAAAAAAAAMAAoACLUmUKpHzEhG"}
00814{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1559042374827,"flow_last_seen":1559042374827,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1559042374827,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":46440,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2-mgmt.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00820{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1559042374827,"flow_last_seen":1559042374827,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"midstream":0,"thread_ts_msec":1559042374827,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":46440,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2-mgmt.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00790{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1559042374838,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":300,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":300,"pkt_l4_len":246,"thread_ts_msec":1559042374838,"pkt":"AAwpfKTLCFsOoYNeht1gBQOmAPYRPCABBHB2WwAAAAAAAAolAFMgAQRwHwsWsAIMKf\/+fKTLADW1aAD2vA3qAoUAAAEAAQACAAUIZmcyLW1nbXQId2ViZXJsYWICZGUAABwAAcAMABwAAQAAADwAECABBHAfCxawAAAAAAAAAAHAFQACAAEAAAA8AA8DbnMxCHdlYmVyZG5zwB7AFQACAAEAAAA8AAYDbnMywFLATgAcAAEAAA4QABAgAQRwdlsAAAAAAAAKJQBTwGkAHAABAAAOEAAQIAEEcB8LFrAAAAAACiYAU8BOAAEAAQAADhAABMEY4+7AaQABAAEAAA4QAATC9wUOAAApEAAAAAAAABwACgAYtSZQqkfMSEY\/2z8HXO0ZRm3ax03ipZX3"}
00829{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":27,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1559042374827,"flow_last_seen":1559042374838,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1559042374838,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":46440,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2-mgmt.weberlab.de","num_queries":1,"num_answers":8,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"32.1.4.112"}}
00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1558968008021,"flow_last_seen":1558968008021,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1512,"flow_avg_l4_payload_len":756,"midstream":0,"thread_ts_msec":1559042374838,"l3_proto":"ip4","src_ip":"172.217.40.76","dst_ip":"193.24.227.238","src_port":56680,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}}
00706{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1558968018074,"flow_last_seen":1558968018075,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1499,"flow_avg_l4_payload_len":749,"midstream":0,"thread_ts_msec":1559042374838,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c06::105","dst_ip":"2001:470:765b::a25:53","src_port":63369,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00704{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1558968031134,"flow_last_seen":1558968031134,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":824,"flow_tot_l4_payload_len":883,"flow_avg_l4_payload_len":441,"midstream":0,"thread_ts_msec":1559042374838,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c05::10e","dst_ip":"2001:470:765b::a25:53","src_port":34944,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1558968019069,"flow_last_seen":1558968019069,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1531,"flow_avg_l4_payload_len":765,"midstream":0,"thread_ts_msec":1559042374838,"l3_proto":"ip4","src_ip":"173.194.169.104","dst_ip":"193.24.227.238","src_port":59464,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}}
00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1558968021026,"flow_last_seen":1558968021027,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1512,"flow_avg_l4_payload_len":756,"midstream":0,"thread_ts_msec":1559042374838,"l3_proto":"ip4","src_ip":"74.125.47.136","dst_ip":"193.24.227.238","src_port":59330,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}}
00704{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1558968021013,"flow_last_seen":1558968021014,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":824,"flow_tot_l4_payload_len":883,"flow_avg_l4_payload_len":441,"midstream":0,"thread_ts_msec":1559042374838,"l3_proto":"ip6","src_ip":"2a00:1450:400c:c00::106","dst_ip":"2001:470:765b::a25:53","src_port":54430,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00706{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1558968010233,"flow_last_seen":1558968010234,"flow_idle_time":200000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1498,"flow_avg_l4_payload_len":749,"midstream":0,"thread_ts_msec":1559042374838,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c03::10a","dst_ip":"2001:470:765b::a25:53","src_port":46433,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00834{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":27,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1559042374827,"flow_last_seen":1559042374838,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":299,"midstream":0,"thread_ts_msec":1559042374838,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":46440,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2-mgmt.weberlab.de","num_queries":1,"num_answers":8,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"32.1.4.112"}}
00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1558968008021,"flow_last_seen":1558968008021,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1512,"midstream":0,"thread_ts_msec":1559042374838,"l3_proto":"ip4","src_ip":"172.217.40.76","dst_ip":"193.24.227.238","src_port":56680,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}}
00711{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1558968018074,"flow_last_seen":1558968018075,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1499,"midstream":0,"thread_ts_msec":1559042374838,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c06::105","dst_ip":"2001:470:765b::a25:53","src_port":63369,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00709{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1558968031134,"flow_last_seen":1558968031134,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":824,"flow_tot_l4_payload_len":883,"midstream":0,"thread_ts_msec":1559042374838,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c05::10e","dst_ip":"2001:470:765b::a25:53","src_port":34944,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1558968019069,"flow_last_seen":1558968019069,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1531,"midstream":0,"thread_ts_msec":1559042374838,"l3_proto":"ip4","src_ip":"173.194.169.104","dst_ip":"193.24.227.238","src_port":59464,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}}
00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1558968021026,"flow_last_seen":1558968021027,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1512,"midstream":0,"thread_ts_msec":1559042374838,"l3_proto":"ip4","src_ip":"74.125.47.136","dst_ip":"193.24.227.238","src_port":59330,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}}
00709{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1558968021013,"flow_last_seen":1558968021014,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":824,"flow_tot_l4_payload_len":883,"midstream":0,"thread_ts_msec":1559042374838,"l3_proto":"ip6","src_ip":"2a00:1450:400c:c00::106","dst_ip":"2001:470:765b::a25:53","src_port":54430,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00711{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1558968010233,"flow_last_seen":1558968010234,"flow_idle_time":200000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1498,"midstream":0,"thread_ts_msec":1559042374838,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c03::10a","dst_ip":"2001:470:765b::a25:53","src_port":46433,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00565{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":28,"source":"dns_fragmented.pcap","alias":"nDPId-test","packets-captured":28,"packets-processed":22,"total-skipped-flows":0,"total-l4-payload-len":10514,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":11,"total-updates":0,"current-active-flows":4,"total-active-flows":11,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":76,"global_ts_msec":1560869882430}
00618{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869882430,"flow_last_seen":1560869882430,"flow_idle_time":200000,"flow_min_l4_payload_len":67,"flow_max_l4_payload_len":67,"flow_tot_l4_payload_len":67,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1560869882430,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":48758,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00624{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1560869882430,"flow_last_seen":1560869882430,"flow_idle_time":200000,"flow_min_l4_payload_len":67,"flow_max_l4_payload_len":67,"flow_tot_l4_payload_len":67,"midstream":0,"thread_ts_msec":1560869882430,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":48758,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1560869882430,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":129,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":129,"pkt_l4_len":75,"thread_ts_msec":1560869882430,"pkt":"CFsOoYNeAAwpfKTLht1gDk+bAEsRQCABBHAfCxawAgwp\/\/58pMsmBkcARwAAAAAAAAAAABERvnYANQBL7vOR3wEgAAEAAAAAAAEFc2lnb2sQdmVydGVpbHRlc3lzdGVtZQNuZXQAAAEAAQAAKRAAAAAAAAAMAAoACKFV23rIz7mH"}
00818{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869882430,"flow_last_seen":1560869882430,"flow_idle_time":200000,"flow_min_l4_payload_len":67,"flow_max_l4_payload_len":67,"flow_tot_l4_payload_len":67,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1560869882430,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":48758,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sigok.verteiltesysteme.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00824{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1560869882430,"flow_last_seen":1560869882430,"flow_idle_time":200000,"flow_min_l4_payload_len":67,"flow_max_l4_payload_len":67,"flow_tot_l4_payload_len":67,"midstream":0,"thread_ts_msec":1560869882430,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":48758,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sigok.verteiltesysteme.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1560869882447,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":133,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":133,"pkt_l4_len":79,"thread_ts_msec":1560869882447,"pkt":"AAwpfKTLCFsOoYNeht1gBk3UAE8RPCYGRwBHAAAAAAAAAAAAEREgAQRwHwsWsAIMKf\/+fKTLADW+dgBPmiKR34GgAAEAAQAAAAEFc2lnb2sQdmVydGVpbHRlc3lzdGVtZQNuZXQAAAEAAcAMAAEAAQAAADwABIZbTosAACkFrAAAAAAAAA=="}
00833{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":29,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1560869882430,"flow_last_seen":1560869882447,"flow_idle_time":200000,"flow_min_l4_payload_len":67,"flow_max_l4_payload_len":71,"flow_tot_l4_payload_len":138,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1560869882447,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":48758,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sigok.verteiltesysteme.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"134.91.78.139"}}
00618{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869886413,"flow_last_seen":1560869886413,"flow_idle_time":200000,"flow_min_l4_payload_len":69,"flow_max_l4_payload_len":69,"flow_tot_l4_payload_len":69,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1560869886413,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":52814,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00839{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":29,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1560869882430,"flow_last_seen":1560869882447,"flow_idle_time":200000,"flow_min_l4_payload_len":67,"flow_max_l4_payload_len":71,"flow_tot_l4_payload_len":138,"midstream":0,"thread_ts_msec":1560869882447,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":48758,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sigok.verteiltesysteme.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"134.91.78.139"}}
00624{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1560869886413,"flow_last_seen":1560869886413,"flow_idle_time":200000,"flow_min_l4_payload_len":69,"flow_max_l4_payload_len":69,"flow_tot_l4_payload_len":69,"midstream":0,"thread_ts_msec":1560869886413,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":52814,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1560869886413,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":131,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":131,"pkt_l4_len":77,"thread_ts_msec":1560869886413,"pkt":"CFsOoYNeAAwpfKTLht1gDXJYAE0RQCABBHAfCxawAgwp\/\/58pMsmBkcARwAAAAAAAAAAABERzk4ANQBN7vX6xwEgAAEAAAAAAAEHc2lnZmFpbBB2ZXJ0ZWlsdGVzeXN0ZW1lA25ldAAAAQABAAApEAAAAAAAAAwACgAIYOOBSPgiBSs="}
00820{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869886413,"flow_last_seen":1560869886413,"flow_idle_time":200000,"flow_min_l4_payload_len":69,"flow_max_l4_payload_len":69,"flow_tot_l4_payload_len":69,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1560869886413,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":52814,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sigfail.verteiltesysteme.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00826{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1560869886413,"flow_last_seen":1560869886413,"flow_idle_time":200000,"flow_min_l4_payload_len":69,"flow_max_l4_payload_len":69,"flow_tot_l4_payload_len":69,"midstream":0,"thread_ts_msec":1560869886413,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":52814,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sigfail.verteiltesysteme.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1560869886443,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":108,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":108,"pkt_l4_len":54,"thread_ts_msec":1560869886443,"pkt":"AAwpfKTLCFsOoYNeht1gB6MtADYRPCYGRwBHAAAAAAAAAAAAEREgAQRwHwsWsAIMKf\/+fKTLADXOTgA2KY36x4GCAAEAAAAAAAAHc2lnZmFpbBB2ZXJ0ZWlsdGVzeXN0ZW1lA25ldAAAAQAB"}
00829{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":31,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1560869886413,"flow_last_seen":1560869886443,"flow_idle_time":200000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":69,"flow_tot_l4_payload_len":115,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1560869886443,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":52814,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sigfail.verteiltesysteme.net","num_queries":1,"num_answers":0,"reply_code":2,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00609{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869889796,"flow_last_seen":1560869889796,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1560869889796,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2620:fe::fe","src_port":42344,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00835{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":31,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1560869886413,"flow_last_seen":1560869886443,"flow_idle_time":200000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":69,"flow_tot_l4_payload_len":115,"midstream":0,"thread_ts_msec":1560869886443,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":52814,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sigfail.verteiltesysteme.net","num_queries":1,"num_answers":0,"reply_code":2,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00615{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1560869889796,"flow_last_seen":1560869889796,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"midstream":0,"thread_ts_msec":1560869889796,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2620:fe::fe","src_port":42344,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1560869889796,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":113,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":113,"pkt_l4_len":59,"thread_ts_msec":1560869889796,"pkt":"CFsOoYNeAAwpfKTLht1gDB+KADsRQCABBHAfCxawAgwp\/\/58pMsmIAD+AAAAAAAAAAAAAAD+pWgANQA7UegG5AEgAAEAAAAAAAEHZm9ybWVsMQJkZQAAAQABAAApEAAAAAAAAAwACgAIf6ON2rCVwqA="}
00793{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869889796,"flow_last_seen":1560869889796,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1560869889796,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2620:fe::fe","src_port":42344,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"formel1.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00799{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1560869889796,"flow_last_seen":1560869889796,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"midstream":0,"thread_ts_msec":1560869889796,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2620:fe::fe","src_port":42344,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"formel1.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1560869889815,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":117,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":117,"pkt_l4_len":63,"thread_ts_msec":1560869889815,"pkt":"AAwpfKTLCFsOoYNeht1gAAAAAD8ROyYgAP4AAAAAAAAAAAAAAP4gAQRwHwsWsAIMKf\/+fKTLADWlaAA\/kK8G5IGAAAEAAQAAAAEHZm9ybWVsMQJkZQAAAQABwAwAAQABAAAOEAAEVRnq\/QAAKRAAAAAAAAAA"}
00808{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":33,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1560869889796,"flow_last_seen":1560869889815,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":106,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1560869889815,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2620:fe::fe","src_port":42344,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"formel1.de","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"85.25.234.253"}}
00718{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":34,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1559042371783,"flow_last_seen":1559042371794,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1560869889815,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":47634,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00718{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":34,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1559042372779,"flow_last_seen":1559042372791,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1560869889815,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":33592,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00719{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":34,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1559042373843,"flow_last_seen":1559042373854,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1560869889815,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":46316,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00719{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":34,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1559042374827,"flow_last_seen":1559042374838,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1560869889815,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":46440,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00609{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869895045,"flow_last_seen":1560869895045,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1560869895045,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2620:fe::fe","src_port":46709,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00814{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":33,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1560869889796,"flow_last_seen":1560869889815,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":106,"midstream":0,"thread_ts_msec":1560869889815,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2620:fe::fe","src_port":42344,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"formel1.de","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"85.25.234.253"}}
00723{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":34,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1559042371783,"flow_last_seen":1559042371794,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":299,"midstream":0,"thread_ts_msec":1560869889815,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":47634,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00723{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":34,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1559042372779,"flow_last_seen":1559042372791,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":299,"midstream":0,"thread_ts_msec":1560869889815,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":33592,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00724{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":34,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1559042373843,"flow_last_seen":1559042373854,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":299,"midstream":0,"thread_ts_msec":1560869889815,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":46316,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00724{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":34,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1559042374827,"flow_last_seen":1559042374838,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":299,"midstream":0,"thread_ts_msec":1560869889815,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":46440,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00615{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1560869895045,"flow_last_seen":1560869895045,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"midstream":0,"thread_ts_msec":1560869895045,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2620:fe::fe","src_port":46709,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1560869895045,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":112,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":112,"pkt_l4_len":58,"thread_ts_msec":1560869895045,"pkt":"CFsOoYNeAAwpfKTLht1gAPc5ADoRQCABBHAfCxawAgwp\/\/58pMsmIAD+AAAAAAAAAAAAAAD+tnUANQA6UeeM7AEgAAEAAAAAAAEGZXJmcG9wAmRlAAAcAAEAACkQAAAAAAAADAAKAAh2WSv8Ots3rg=="}
00793{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869895045,"flow_last_seen":1560869895045,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1560869895045,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2620:fe::fe","src_port":46709,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"erfpop.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00799{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1560869895045,"flow_last_seen":1560869895045,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"midstream":0,"thread_ts_msec":1560869895045,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2620:fe::fe","src_port":46709,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"erfpop.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1560869895070,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":156,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":156,"pkt_l4_len":102,"thread_ts_msec":1560869895070,"pkt":"AAwpfKTLCFsOoYNeht1gAAAAAGYRPCYgAP4AAAAAAAAAAAAAAP4gAQRwHwsWsAIMKf\/+fKTLADW2dQBmf6uM7IGAAAEAAgAAAAEGZXJmcG9wAmRlAAAcAAHADAAcAAEAAAEsABAmBkcAADAAAAAAAABoGGKRwAwAHAABAAABLAAQJgZHAAAwAAAAAAAAaBhjkQAAKQIAAAAAAAAA"}
00805{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":35,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1560869895045,"flow_last_seen":1560869895070,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":94,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":72,"midstream":0,"thread_ts_msec":1560869895070,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2620:fe::fe","src_port":46709,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"erfpop.de","num_queries":1,"num_answers":3,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"38.6.71.0"}}
00619{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869900222,"flow_last_seen":1560869900222,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1560869900222,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":55729,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00811{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":35,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1560869895045,"flow_last_seen":1560869895070,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":94,"flow_tot_l4_payload_len":144,"midstream":0,"thread_ts_msec":1560869895070,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2620:fe::fe","src_port":46709,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"erfpop.de","num_queries":1,"num_answers":3,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"38.6.71.0"}}
00625{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1560869900222,"flow_last_seen":1560869900222,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"midstream":0,"thread_ts_msec":1560869900222,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":55729,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1560869900222,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":114,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":114,"pkt_l4_len":60,"thread_ts_msec":1560869900222,"pkt":"CFsOoYNeAAwpfKTLht1gDZ0NADwRQCABBHAfCxawAgwp\/\/58pMsgAQRwdlsAAAAAAAAKJQBT2bEANQA8zxHCoAEgAAEAAAAAAAEId2ViZXJsYWICZGUAADAAAQAAKRAAAACAAAAMAAoACPFs5uYvfUZc"}
00805{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869900222,"flow_last_seen":1560869900222,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1560869900222,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":55729,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":48,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00811{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1560869900222,"flow_last_seen":1560869900222,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"midstream":0,"thread_ts_msec":1560869900222,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":55729,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":48,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1560869905222,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":114,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":114,"pkt_l4_len":60,"thread_ts_msec":1560869905222,"pkt":"CFsOoYNeAAwpfKTLht1gDZ0NADwRQCABBHAfCxawAgwp\/\/58pMsgAQRwdlsAAAAAAAAKJQBT2bEANQA8zxHCoAEgAAEAAAAAAAEId2ViZXJsYWICZGUAADAAAQAAKRAAAACAAAAMAAoACPFs5uYvfUZc"}
02413{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1560869905232,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1494,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":1494,"pkt_l4_len":1432,"thread_ts_msec":1560869905232,"pkt":"AAwpfKTLCFsOoYNeht1gC9IyBaAsPCABBHB2WwAAAAAAAAolAFMgAQRwHwsWsAIMKf\/+fKTLEQAAAQAABpoANdmxBspAOcKghQAAAQAEAAAAAQh3ZWJlcmxhYgJkZQAAMAABwAwAMAABAAAAPAIIAQEDCgMBAAHd7\/3tIq12CjsLWBAd1T3u8\/far4uZXvf8tV18qZaecv+cWqq5v63pRvKYMfBrDVtiIL4iSgCelIlOORESqB\/n89qn9klBRxVsJMHolsi2eBGR4aML4ghMfeD+DrMDSl5nWB3t\/K5Rz2vtzsqVvYGH0fZYQiit53gj6vP2hRbE0yO3UPkNpBEVogjAsm5eFjsLAaP0ZZzzOMrnzCiJQAYjOTVkDzZiOo2MwGKWKMlIXfR55yCA5TUPPR6V0HRZsrDK2l2G+6gzqDhIjqHbbSh9Mv77SdkkVNOUReABLpmnCFMwIuSy9nDEMQu7e65QyOF+NjUXziwKhrjnnJRY86s9znQCVnoPwAJ0m29NgBgpEN+9E19YVr3gF7esaT1ji4B10iyBf5c\/sJfg5vGTVg55+cxCbhI98aL2tYPM5kVyTpqgOlYRqnsMRfHPsinjRDh8+F+P0S5lhyLhG726D9NA5OQPW4cmRlbMrTiYPjcIRULbwVi5g\/NhRbX0rdr5mxRTcAGTp0WViThvS+0xXBiJtThFC5qIVMhS7ARjFwxTrtZNKOqapuPebbAbjMiTaX3UKD8DpFKbCouo5jaur0Y77zYiW3BcpU0K6hxkxrjqKblLAW1F4\/5zq+COo+NpOhgyLk8iw5Gla3a8V5hp3zZ0rXalprx16P2BcHZbPW3E+8AMADAAAQAAADwBCAEAAwoDAQAB0FTcKPFQrDtJ5jNrtzHKr9eDfOdVCwzO4X9R4tqKA65u0keHGEv6bXb0jFCRMqjwlEhdwpcP5pWLO2KaXz7wE8JcU09+0Wl0ULMFE0YeP9xrWD8WVyTq\/lq9p8H+EaptYpjYsQYpvmS1hYaPwkHSasoaoNlU\/KJ4LR1hW\/TaI5o69SF2XtC2BXJtHdXqAeWGgbQHEb4ZuNSn43I8KVu4w4jB+VtUYHn3jo\/JAZCCcY1fYvUwe6Y5pgL8PdSfLNBk0yaqPzkbAM0\/AR4N8urrCbUFR\/HszDBwRW47YHRiZTKI+JJ9SgZPCbY\/WcY0yGViKPdtj1W\/LEKo9CcrSzlOvcAMAC4AAQAAADwCHwAwCgIAAAA8XSexsF0AI8Ezewh3ZWJlcmxhYgJkZQDDZMohasNCzdZy+qXT+i9EuX\/inlaoHckoPQ6pZUM55HOKiXWwbCF2bgR2vTatltfgdQMYsjHLb9y8\/8K16x1bINo7jHhPhiQ3mZPnhRDbC819\/mg\/DAJlEfo4\/PIHroaOXHkEsxclA3Sfl5XzqMY8dIIjCMSIRohmpz3ajd1g8Q5nPhvruiTi3rbkkaFuvAu6JBazSxvplBTGRsLiwD\/keT1H0ch7BVc1oZ6xmkqy68vIsD63Fj1r1Prt7pmrCHTCuEgsO78D9dCQuWCLkJQxGUVXJj5CI3Hv7xFFgpu2WdK7EiEBH5rHphjb8hJPFep1cggzgdSO7gr4PL16UQJ4paFWEovlSSSKN6CqV0KlzY5UKpoC4bOcRMiiujkcgLRcJzDNjTcP59699eiRBYcnSUNu7NR\/AQOsLe1gcGBMYVI28uXABijFJJPUYQFFRKKQYYy7U8augfodJClNM+5PjDrN7VUaoyW\/CtbFigLZaje\/SbLFkod9oTkuhnetL7fyEnlGfxKmEZ218qPcsKDJRrRyymc+WdZ+tPcZvQXr6AVS7RZSoUTV\/+5dVd2kWuuF2w5rsnAIOU3wwIEPhsTwq9njhb9Bp9jOMH3FFbo4srNvY4pocOs9Lic1Os813bu7VyQz3Nrv\/xfPOPvvG\/\/ufcPEO13FnB7dwg\/ymTeeu8NjAC4AAQAAADwBHwAwCgIAAAA8XSexsF0AI8GQRwh3"}
00819{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":38,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1560869900222,"flow_last_seen":1560869905232,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":1424,"flow_tot_l4_payload_len":1528,"flow_avg_l4_payload_len":509,"midstream":0,"thread_ts_msec":1560869905232,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":55729,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":1,"num_answers":5,"reply_code":0,"query_type":48,"rsp_type":48,"rsp_addr":"0.0.0.0"}}
00824{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":38,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1560869900222,"flow_last_seen":1560869905232,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":1424,"flow_tot_l4_payload_len":1528,"midstream":0,"thread_ts_msec":1560869905232,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":55729,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":1,"num_answers":5,"reply_code":0,"query_type":48,"rsp_type":48,"rsp_addr":"0.0.0.0"}}
00211{"error_event_id":12,"error_event_name":"nDPI IPv6\/L4 payload detection failed","datalink":1,"packet_id":39,"source":"dns_fragmented.pcap","alias":"nDPId-test","l4_data_len":334,"global_ts_msec":1560869905233}
00776{"packet_event_id":1,"packet_event_name":"packet","packet_id":39,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":368,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":368,"pkt_l4_len":0,"thread_ts_msec":1560869905232,"pkt":"AAwpfKTLCFsOoYNeht1gC9IyATosPCABBHB2WwAAAAAAAAolAFMgAQRwHwsWsAIMKf\/+fKTLEQAFmAAABpplYmVybGFiAmRlAKU8TJxFacYrnzjzribJyhzI\/PZTM81o7M0N53bVhGij+9zhJRNeoUG2ZbhJAUMEBAu7geapxJ7U1z+UqhkFSi8Qu6jROnMih5xzmixXOjO2RiHT8eMzQMHqilreexmdz+7rH4jCggpAg2YenRMzpvhrf0+OEWUNhwq6dNYVlNWg1Yf1oxCRsZ6Xiq2pemle4KOkgobWECgdELaMnIZKUJ0WtpAZJuCbAIPvak3YgHcNPR4Sbx1lKRTPW6QxjFsHJ5X\/B6mNMVtqG97wzaO\/ugVwH81Qt2Llpj5Wb873AtMbd7OQYLwhJ7fhxJ9xNJn6SlVRp6C+1P2Wyu\/7U0mgP+sAACkQAAAAgAAAHAAKABjxbObmL31GXCozdz5dCPwRZU4FwINgbJY="}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869910534,"flow_last_seen":1560869910534,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1560869910534,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"193.24.227.238","src_port":51791,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1560869910534,"flow_last_seen":1560869910534,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"midstream":0,"thread_ts_msec":1560869910534,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"193.24.227.238","src_port":51791,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1560869910534,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_msec":1560869910534,"pkt":"CFsOoYNeAAwpfKTLCABFAABQVdgAAEARt8DC9wUGwRjj7spPADUAPG1Sic4BIAABAAAAAAABCHdlYmVybGFiAmRlAAAwAAEAACkQAAAAgAAADAAKAAgdxATcWA6WbA=="}
00772{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":40,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869910534,"flow_last_seen":1560869910534,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1560869910534,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"193.24.227.238","src_port":51791,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":48,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00778{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":40,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1560869910534,"flow_last_seen":1560869910534,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"midstream":0,"thread_ts_msec":1560869910534,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"193.24.227.238","src_port":51791,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":48,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
02439{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1560869910547,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":1560869910547,"pkt":"AAwpfKTLCFsOoYNeCABFAAXc3KUgAEARC2fBGOPuwvcFBgA1yk8Gysn4ic6FAAABAAQAAAABCHdlYmVybGFiAmRlAAAwAAHADAAwAAEAAAA8AQgBAAMKAwEAAdBU3CjxUKw7SeYza7cxyq\/Xg3znVQsMzuF\/UeLaigOubtJHhxhL+m129IxQkTKo8JRIXcKXD+aViztiml8+8BPCXFNPftFpdFCzBRNGHj\/ca1g\/Flck6v5avafB\/hGqbWKY2LEGKb5ktYWGj8JB0mrKGqDZVPyieC0dYVv02iOaOvUhdl7QtgVybR3V6gHlhoG0BxG+GbjUp+NyPClbuMOIwflbVGB5946PyQGQgnGNX2L1MHumOaYC\/D3UnyzQZNMmqj85GwDNPwEeDfLq6wm1BUfx7MwwcEVuO2B0YmUyiPiSfUoGTwm2P1nGNMhlYij3bY9VvyxCqPQnK0s5Tr3ADAAwAAEAAAA8AggBAQMKAwEAAd3v\/e0irXYKOwtYEB3VPe7z99qvi5le9\/y1XXyplp5y\/5xaqrm\/relG8pgx8GsNW2IgviJKAJ6UiU45ERKoH+fz2qf2SUFHFWwkweiWyLZ4EZHhowviCEx94P4OswNKXmdYHe38rlHPa+3OypW9gYfR9lhCKK3neCPq8\/aFFsTTI7dQ+Q2kERWiCMCybl4WOwsBo\/RlnPM4yufMKIlABiM5NWQPNmI6jYzAYpYoyUhd9HnnIIDlNQ89HpXQdFmysMraXYb7qDOoOEiOodttKH0y\/vtJ2SRU05RF4AEumacIUzAi5LL2cMQxC7t7rlDI4X42NRfOLAqGuOeclFjzqz3OdAJWeg\/AAnSbb02AGCkQ370TX1hWveAXt6xpPWOLgHXSLIF\/lz+wl+Dm8ZNWDnn5zEJuEj3xova1g8zmRXJOmqA6VhGqewxF8c+yKeNEOHz4X4\/RLmWHIuEbvboP00Dk5A9bhyZGVsytOJg+NwhFQtvBWLmD82FFtfSt2vmbFFNwAZOnRZWJOG9L7TFcGIm1OEULmohUyFLsBGMXDFOu1k0o6pqm495tsBuMyJNpfdQoPwOkUpsKi6jmNq6vRjvvNiJbcFylTQrqHGTGuOopuUsBbUXj\/nOr4I6j42k6GDIuTyLDkaVrdrxXmGnfNnStdqWmvHXo\/YFwdls9bcT7wAwALgABAAAAPAIfADAKAgAAADxdJ7GwXQAjwTN7CHdlYmVybGFiAmRlAMNkyiFqw0LN1nL6pdP6L0S5f+KeVqgdySg9DqllQznkc4qJdbBsIXZuBHa9Nq2W1+B1AxiyMctv3Lz\/wrXrHVsg2juMeE+GJDeZk+eFENsLzX3+aD8MAmUR+jj88geuho5ceQSzFyUDdJ+XlfOoxjx0giMIxIhGiGanPdqN3WDxDmc+G+u6JOLetuSRoW68C7okFrNLG+mUFMZGwuLAP+R5PUfRyHsFVzWhnrGaSrLry8iwPrcWPWvU+u3umasIdMK4SCw7vwP10JC5YIuQlDEZRVcmPkIjce\/vEUWCm7ZZ0rsSIQEfmsemGNvyEk8V6nVyCDOB1I7uCvg8vXpRAniloVYSi+VJJIo3oKpXQqXNjlQqmgLhs5xEyKK6ORyAtFwnMM2NNw\/n3r316JEFhydJQ27s1H8BA6wt7WBwYExhUjby5cAGKMUkk9RhAUVEopBhjLtTxq6B+h0kKU0z7k+MOs3tVRqjJb8K1sWKAtlqN79JssWSh32hOS6Gd60vt\/ISeUZ\/EqYRnbXyo9ywoMlGtHLKZz5Z1n609xm9BevoBVLtFlKhRNX\/7l1V3aRa64XbDmuycAg5TfDAgQ+GxPCr2eOFv0Gn2M4wfcUVujiys29jimhw6z0uJzU6zzXdu7tXJDPc2u\/\/F884++8b\/+59w8Q7XcWcHt3CD\/KZN567w2MALgABAAAAPAEfADAKAgAAADxdJ7GwXQAjwZBHCHdlYmVybGFiAmRlAKU8TJxFacYrnzjzribJyhzI\/PZTM81o7M0N53bVhGij+9zhJRM="}
00786{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":41,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1560869910534,"flow_last_seen":1560869910547,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1524,"flow_avg_l4_payload_len":762,"midstream":0,"thread_ts_msec":1560869910547,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"193.24.227.238","src_port":51791,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":1,"num_answers":5,"reply_code":0,"query_type":48,"rsp_type":48,"rsp_addr":"0.0.0.0"}}
00791{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":41,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1560869910534,"flow_last_seen":1560869910547,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1524,"midstream":0,"thread_ts_msec":1560869910547,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"193.24.227.238","src_port":51791,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":1,"num_answers":5,"reply_code":0,"query_type":48,"rsp_type":48,"rsp_addr":"0.0.0.0"}}
00210{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":42,"source":"dns_fragmented.pcap","alias":"nDPId-test","l4_data_len":258,"global_ts_msec":1560869910547}
00677{"packet_event_id":1,"packet_event_name":"packet","packet_id":42,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":292,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":292,"pkt_l4_len":0,"thread_ts_msec":1560869910547,"pkt":"AAwpfKTLCFsOoYNeCABFAAEW3KUAuUARL3TBGOPuwvcFBl6hQbZluEkBQwQEC7uB5qnEntTXP5SqGQVKLxC7qNE6cyKHnHOaLFc6M7ZGIdPx4zNAweqKWt57GZ3P7usfiMKCCkCDZh6dEzOm+Gt\/T44RZQ2HCrp01hWU1aDVh\/WjEJGxnpeKral6aV7go6SChtYQKB0QtoychkpQnRa2kBkm4JsAg+9qTdiAdw09HhJvHWUpFM9bpDGMWwcnlf8HqY0xW2ob3vDNo7+6BXAfzVC3YuWmPlZvzvcC0xt3s5BgvCEnt+HEn3E0mfpKVVGnoL7U\/ZbK7\/tTSaA\/6wAAKRAAAACAAAAcAAoAGB3EBNxYDpZslD4VVl0I\/BakNFp6chM\/YQ=="}
00618{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869913732,"flow_last_seen":1560869913732,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1560869913732,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":60550,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00624{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1560869913732,"flow_last_seen":1560869913732,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"midstream":0,"thread_ts_msec":1560869913732,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":60550,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1560869913732,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":106,"pkt_l4_len":52,"thread_ts_msec":1560869913732,"pkt":"CFsOoYNeAAwpfKTLht1gCfvPADQRQCABBHAfCxawAgwp\/\/58pMsmBkcARwAAAAAAAAAAABER7IYANQA07tw\/fwEAAAEAAAAAAAEDbnMyCHdlYmVyZG5zAmRlAAAcAAEAACkCAAAAAAAAAA=="}
00808{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869913732,"flow_last_seen":1560869913732,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1560869913732,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":60550,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"ns2.weberdns.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00814{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1560869913732,"flow_last_seen":1560869913732,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"midstream":0,"thread_ts_msec":1560869913732,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":60550,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"ns2.weberdns.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1560869913751,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":134,"pkt_l4_len":80,"thread_ts_msec":1560869913751,"pkt":"AAwpfKTLCFsOoYNeht1gDizvAFARPCYGRwBHAAAAAAAAAAAAEREgAQRwHwsWsAIMKf\/+fKTLADXshgBQyy0\/f4GAAAEAAQAAAAEDbnMyCHdlYmVyZG5zAmRlAAAcAAHADAAcAAEAAA4QABAgAQRwHwsWsAAAAAAKJgBTAAApBawAAAAAAAA="}
00821{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":44,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1560869913732,"flow_last_seen":1560869913751,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1560869913751,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":60550,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"ns2.weberdns.de","num_queries":1,"num_answers":2,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"32.1.4.112"}}
00621{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869913753,"flow_last_seen":1560869913753,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1560869913753,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:1f0b:16b0::a26:53","src_port":57089,"dst_port":53,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00827{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":44,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1560869913732,"flow_last_seen":1560869913751,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":116,"midstream":0,"thread_ts_msec":1560869913751,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":60550,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"ns2.weberdns.de","num_queries":1,"num_answers":2,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"32.1.4.112"}}
00628{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1560869913753,"flow_last_seen":1560869913753,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1560869913753,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:1f0b:16b0::a26:53","src_port":57089,"dst_port":53,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1560869913753,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1560869913753,"pkt":"AAwpYjEqAAwpfKTLht1gD07UACgGQCABBHAfCxawAgwp\/\/58pMsgAQRwHwsWsAAAAAAKJgBT3wEANSHNFggAAAAAoAJfUI5TAAACBATEBAIICoRF3zoAAAAAAQMDBw=="}
00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1560869913753,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1560869913753,"pkt":"AAwpfKTLAAwpYjEqht1gBqwSACgGQCABBHAfCxawAAAAAAomAFMgAQRwHwsWsAIMKf\/+fKTLADXfAVwH8KghzRYJoBJeYK7OAAACBATEBAIIChJ809KERd86AQMDBw=="}
00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1560869913753,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1560869913753,"pkt":"AAwpYjEqAAwpfKTLht1gD07UACAGQCABBHAfCxawAgwp\/\/58pMsgAQRwHwsWsAAAAAAKJgBT3wEANSHNFglcB\/CpgBAAv45LAAABAQgKhEXfOxJ809I="}
00810{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":48,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1560869913753,"flow_last_seen":1560869913753,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1560869913753,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:1f0b:16b0::a26:53","src_port":57089,"dst_port":53,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":48,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00824{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":50,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1560869913753,"flow_last_seen":1560869913754,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1732,"flow_tot_l4_payload_len":1786,"flow_avg_l4_payload_len":297,"midstream":0,"thread_ts_msec":1560869913754,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:1f0b:16b0::a26:53","src_port":57089,"dst_port":53,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":1,"num_answers":5,"reply_code":0,"query_type":48,"rsp_type":48,"rsp_addr":"0.0.0.0"}}
00618{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869916459,"flow_last_seen":1560869916459,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1560869916459,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":54590,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00816{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":48,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1560869913753,"flow_last_seen":1560869913753,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":54,"midstream":0,"thread_ts_msec":1560869913753,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:1f0b:16b0::a26:53","src_port":57089,"dst_port":53,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":48,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00829{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":50,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1560869913753,"flow_last_seen":1560869913754,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1732,"flow_tot_l4_payload_len":1786,"midstream":0,"thread_ts_msec":1560869913754,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:1f0b:16b0::a26:53","src_port":57089,"dst_port":53,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":1,"num_answers":5,"reply_code":0,"query_type":48,"rsp_type":48,"rsp_addr":"0.0.0.0"}}
00624{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1560869916459,"flow_last_seen":1560869916459,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"midstream":0,"thread_ts_msec":1560869916459,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":54590,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1560869916459,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":106,"pkt_l4_len":52,"thread_ts_msec":1560869916459,"pkt":"CFsOoYNeAAwpfKTLht1gAxE1ADQRQCABBHAfCxawAgwp\/\/58pMsmBkcARwAAAAAAAAAAABER1T4ANQA07tzo3wEAAAEAAAAAAAEDbnMyCHdlYmVyZG5zAmRlAAABAAEAACkCAAAAAAAAAA=="}
00807{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869916459,"flow_last_seen":1560869916459,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1560869916459,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":54590,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"ns2.weberdns.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00813{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1560869916459,"flow_last_seen":1560869916459,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"midstream":0,"thread_ts_msec":1560869916459,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":54590,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"ns2.weberdns.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1560869916473,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":122,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":122,"pkt_l4_len":68,"thread_ts_msec":1560869916473,"pkt":"AAwpfKTLCFsOoYNeht1gCEAKAEQRPCYGRwBHAAAAAAAAAAAAEREgAQRwHwsWsAIMKf\/+fKTLADXVPgBEGsro34GAAAEAAQAAAAEDbnMyCHdlYmVyZG5zAmRlAAABAAHADAABAAEAAA4QAATC9wUOAAApBawAAAAAAAA="}
00821{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":56,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1560869916459,"flow_last_seen":1560869916473,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1560869916473,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":54590,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"ns2.weberdns.de","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"194.247.5.14"}}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869916474,"flow_last_seen":1560869916474,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1560869916474,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"194.247.5.14","src_port":39005,"dst_port":53,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00827{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":56,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1560869916459,"flow_last_seen":1560869916473,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":104,"midstream":0,"thread_ts_msec":1560869916473,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":54590,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"ns2.weberdns.de","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"194.247.5.14"}}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1560869916474,"flow_last_seen":1560869916474,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1560869916474,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"194.247.5.14","src_port":39005,"dst_port":53,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1560869916474,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1560869916474,"pkt":"AAwpYjEqAAwpfKTLCABFAAA8zqNAAEAG3BXC9wUGwvcFDphdADXWgnc5AAAAAKACchCQMQAAAgQFtAQCCAox8fNRAAAAAAEDAwc="}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1560869916475,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1560869916475,"pkt":"AAwpfKTLAAwpYjEqCABFAAA8AABAAEAGqrnC9wUOwvcFBgA1mF3frqtz1oJ3OqAScSDR+QAAAgQFtAQCCAqVd0imMfHzUQEDAwc="}
00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1560869916475,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1560869916475,"pkt":"AAwpYjEqAAwpfKTLCABFAAA0zqRAAEAG3BzC9wUGwvcFDphdADXWgnc6366rdIAQAOWQKQAAAQEICjHx81GVd0im"}
00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1560869916474,"flow_last_seen":1560869916475,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1560869916475,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"194.247.5.14","src_port":39005,"dst_port":53,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":48,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00784{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":62,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1560869916474,"flow_last_seen":1560869916475,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1732,"flow_tot_l4_payload_len":1786,"flow_avg_l4_payload_len":297,"midstream":0,"thread_ts_msec":1560869916475,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"194.247.5.14","src_port":39005,"dst_port":53,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":1,"num_answers":5,"reply_code":0,"query_type":48,"rsp_type":48,"rsp_addr":"0.0.0.0"}}
00716{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1560869913732,"flow_last_seen":1560869913751,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1560869916477,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":60550,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00686{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1560869916474,"flow_last_seen":1560869916477,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1732,"flow_tot_l4_payload_len":1786,"flow_avg_l4_payload_len":178,"midstream":0,"thread_ts_msec":1560869916477,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"194.247.5.14","src_port":39005,"dst_port":53,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1560869900222,"flow_last_seen":1560869905232,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":1424,"flow_tot_l4_payload_len":1528,"flow_avg_l4_payload_len":509,"midstream":0,"thread_ts_msec":1560869916477,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":55729,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00716{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1560869916459,"flow_last_seen":1560869916473,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1560869916477,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":54590,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00620{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1560869886413,"flow_last_seen":1560869886443,"flow_idle_time":200000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":69,"flow_tot_l4_payload_len":115,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1560869916477,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":52814,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00716{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1560869882430,"flow_last_seen":1560869882447,"flow_idle_time":200000,"flow_min_l4_payload_len":67,"flow_max_l4_payload_len":71,"flow_tot_l4_payload_len":138,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1560869916477,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":48758,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00707{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1560869889796,"flow_last_seen":1560869889815,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":106,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1560869916477,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2620:fe::fe","src_port":42344,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1560869910534,"flow_last_seen":1560869910547,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1524,"flow_avg_l4_payload_len":762,"midstream":0,"thread_ts_msec":1560869916477,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"193.24.227.238","src_port":51791,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00707{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1560869895045,"flow_last_seen":1560869895070,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":94,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":72,"midstream":0,"thread_ts_msec":1560869916477,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2620:fe::fe","src_port":46709,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00726{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1560869913753,"flow_last_seen":1560869913756,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1732,"flow_tot_l4_payload_len":1786,"flow_avg_l4_payload_len":178,"midstream":0,"thread_ts_msec":1560869916477,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:1f0b:16b0::a26:53","src_port":57089,"dst_port":53,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1560869916474,"flow_last_seen":1560869916475,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":54,"midstream":0,"thread_ts_msec":1560869916475,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"194.247.5.14","src_port":39005,"dst_port":53,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":48,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00789{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":62,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1560869916474,"flow_last_seen":1560869916475,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1732,"flow_tot_l4_payload_len":1786,"midstream":0,"thread_ts_msec":1560869916475,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"194.247.5.14","src_port":39005,"dst_port":53,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":1,"num_answers":5,"reply_code":0,"query_type":48,"rsp_type":48,"rsp_addr":"0.0.0.0"}}
00722{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1560869913732,"flow_last_seen":1560869913751,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":116,"midstream":0,"thread_ts_msec":1560869916477,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":60550,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00690{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1560869916474,"flow_last_seen":1560869916477,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1732,"flow_tot_l4_payload_len":1786,"midstream":0,"thread_ts_msec":1560869916477,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"194.247.5.14","src_port":39005,"dst_port":53,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00726{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1560869900222,"flow_last_seen":1560869905232,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":1424,"flow_tot_l4_payload_len":1528,"midstream":0,"thread_ts_msec":1560869916477,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":55729,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00722{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1560869916459,"flow_last_seen":1560869916473,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":104,"midstream":0,"thread_ts_msec":1560869916477,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":54590,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00626{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1560869886413,"flow_last_seen":1560869886443,"flow_idle_time":200000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":69,"flow_tot_l4_payload_len":115,"midstream":0,"thread_ts_msec":1560869916477,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":52814,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00722{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1560869882430,"flow_last_seen":1560869882447,"flow_idle_time":200000,"flow_min_l4_payload_len":67,"flow_max_l4_payload_len":71,"flow_tot_l4_payload_len":138,"midstream":0,"thread_ts_msec":1560869916477,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":48758,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1560869889796,"flow_last_seen":1560869889815,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":106,"midstream":0,"thread_ts_msec":1560869916477,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2620:fe::fe","src_port":42344,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1560869910534,"flow_last_seen":1560869910547,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1524,"midstream":0,"thread_ts_msec":1560869916477,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"193.24.227.238","src_port":51791,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1560869895045,"flow_last_seen":1560869895070,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":94,"flow_tot_l4_payload_len":144,"midstream":0,"thread_ts_msec":1560869916477,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2620:fe::fe","src_port":46709,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00730{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1560869913753,"flow_last_seen":1560869913756,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1732,"flow_tot_l4_payload_len":1786,"midstream":0,"thread_ts_msec":1560869916477,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:1f0b:16b0::a26:53","src_port":57089,"dst_port":53,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00569{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","packets-captured":66,"packets-processed":59,"total-skipped-flows":0,"total-l4-payload-len":17861,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":21,"total-detection-updates":21,"total-updates":0,"current-active-flows":0,"total-active-flows":21,"total-idle-flows":21,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":148,"global_ts_msec":1560869916477}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 66/59
@@ -154,8 +154,8 @@
~~ total active/idle flows...: 21/21
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6026201 bytes
~~ total memory freed........: 6026201 bytes
~~ total memory allocated....: 6026369 bytes
~~ total memory freed........: 6026369 bytes
~~ total allocations/frees...: 121025/121025
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 214 chars

14
test/results/dns_invert_query.pcapng.out
View File

@@ -1,10 +1,10 @@
00469{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dns_invert_query.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00558{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dns_invert_query.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1618744019230}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns_invert_query.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1618744019230,"flow_last_seen":1618744019230,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1618744019230,"l3_proto":"ip4","src_ip":"173.147.108.174","dst_ip":"244.187.95.1","src_port":18427,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns_invert_query.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744019230,"flow_last_seen":1618744019230,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"midstream":0,"thread_ts_msec":1618744019230,"l3_proto":"ip4","src_ip":"173.147.108.174","dst_ip":"244.187.95.1","src_port":18427,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dns_invert_query.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1618744019230,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1618744019230,"pkt":"AAAAAAAAAAEAVKCBCABFAABAAABAAEARzK6tk2yu9LtfAUf7ADUALMGVd\/wJAAAAAAEAAAAAAzIxNgI1OAMyMDIBNAAAAQABAAAAAAAA"}
00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dns_invert_query.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1618744019230,"flow_last_seen":1618744019230,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1618744019230,"l3_proto":"ip4","src_ip":"173.147.108.174","dst_ip":"244.187.95.1","src_port":18427,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"216.58.202.4","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dns_invert_query.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744019230,"flow_last_seen":1618744019230,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"midstream":0,"thread_ts_msec":1618744019230,"l3_proto":"ip4","src_ip":"173.147.108.174","dst_ip":"244.187.95.1","src_port":18427,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"216.58.202.4","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dns_invert_query.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1618744019235,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1618744019235,"pkt":"AAAAAAAAAAEAVKCBCABFAAAoAABAADsR0cb0u18BrZNsrgA1R\/sAFEgWd\/yJhAAAAAAAAAAAAAA="}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"dns_invert_query.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1618744019230,"flow_last_seen":1618744019235,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1618744019235,"l3_proto":"ip4","src_ip":"173.147.108.174","dst_ip":"244.187.95.1","src_port":18427,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00597{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"dns_invert_query.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1618744019230,"flow_last_seen":1618744019235,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":48,"midstream":0,"thread_ts_msec":1618744019235,"l3_proto":"ip4","src_ip":"173.147.108.174","dst_ip":"244.187.95.1","src_port":18427,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00561{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"dns_invert_query.pcapng","alias":"nDPId-test","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":48,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_msec":1618744019235}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 2/2
@@ -14,10 +14,10 @@
~~ total active/idle flows...: 1/1
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6003107 bytes
~~ total memory freed........: 6003107 bytes
~~ total memory allocated....: 6003115 bytes
~~ total memory freed........: 6003115 bytes
~~ total allocations/frees...: 120877/120877
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 469 chars
~~ json string max len.......: 781 chars
~~ json string avg len.......: 616 chars
~~ json string max len.......: 787 chars
~~ json string avg len.......: 619 chars

16
test/results/dns_long_domainname.pcap.out
View File

@@ -1,11 +1,11 @@
00470{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dns_long_domainname.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00559{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dns_long_domainname.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1599686652555}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1599686652555,"flow_last_seen":1599686652555,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1599686652555,"l3_proto":"ip4","src_ip":"192.168.1.168","dst_ip":"8.8.8.8","src_port":65311,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1599686652555,"flow_last_seen":1599686652555,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"midstream":0,"thread_ts_msec":1599686652555,"l3_proto":"ip4","src_ip":"192.168.1.168","dst_ip":"8.8.8.8","src_port":65311,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1599686652555,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_msec":1599686652555,"pkt":"EBMx8Tl2KDc3AG3ICABFAABZsREAAEAR9yLAqAGoCAgICP8fADUARcOpi1QBAAABAAAAAAAABmdtcjAyYwIxNgEwDGZoa2Zoc2RrZmhzawZ0dW5uZWwHZXhhbXBsZQNjb20AAAEAAQ=="}
00804{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1599686652555,"flow_last_seen":1599686652555,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1599686652555,"l3_proto":"ip4","src_ip":"192.168.1.168","dst_ip":"8.8.8.8","src_port":65311,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"gmr02c.16.0.fhkfhsdkfhsk.tunnel.example.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00810{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1599686652555,"flow_last_seen":1599686652555,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"midstream":0,"thread_ts_msec":1599686652555,"l3_proto":"ip4","src_ip":"192.168.1.168","dst_ip":"8.8.8.8","src_port":65311,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"gmr02c.16.0.fhkfhsdkfhsk.tunnel.example.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00603{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1599686652578,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"thread_ts_msec":1599686652578,"pkt":"KDc3AG3IEBMx8Tl2CABFAACR3WoAAHYRlJEICAgIwKgBqAA1\/x8AfQAAi1SBgwABAAAAAQAABmdtcjAyYwIxNgEwDGZoa2Zoc2RrZmhzawZ0dW5uZWwHZXhhbXBsZQNjb20AAAEAAcAsAAYAAQAABcMALAJucwVpY2FubgNvcmcAA25vYwNkbnPATHhn+r4AABwgAAAOEAASdQAAAA4Q"}
00814{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1599686652555,"flow_last_seen":1599686652578,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":117,"flow_tot_l4_payload_len":178,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1599686652578,"l3_proto":"ip4","src_ip":"192.168.1.168","dst_ip":"8.8.8.8","src_port":65311,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"gmr02c.16.0.fhkfhsdkfhsk.tunnel.example.com","num_queries":1,"num_answers":1,"reply_code":3,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1599686652555,"flow_last_seen":1599686652578,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":117,"flow_tot_l4_payload_len":178,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1599686652578,"l3_proto":"ip4","src_ip":"192.168.1.168","dst_ip":"8.8.8.8","src_port":65311,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}}
00820{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1599686652555,"flow_last_seen":1599686652578,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":117,"flow_tot_l4_payload_len":178,"midstream":0,"thread_ts_msec":1599686652578,"l3_proto":"ip4","src_ip":"192.168.1.168","dst_ip":"8.8.8.8","src_port":65311,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"gmr02c.16.0.fhkfhsdkfhsk.tunnel.example.com","num_queries":1,"num_answers":1,"reply_code":3,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1599686652555,"flow_last_seen":1599686652578,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":117,"flow_tot_l4_payload_len":178,"midstream":0,"thread_ts_msec":1599686652578,"l3_proto":"ip4","src_ip":"192.168.1.168","dst_ip":"8.8.8.8","src_port":65311,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}}
00563{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"dns_long_domainname.pcap","alias":"nDPId-test","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":178,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1599686652578}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 2/2
@@ -15,10 +15,10 @@
~~ total active/idle flows...: 1/1
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6003152 bytes
~~ total memory freed........: 6003152 bytes
~~ total memory allocated....: 6003160 bytes
~~ total memory freed........: 6003160 bytes
~~ total allocations/frees...: 120879/120879
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 475 chars
~~ json string max len.......: 819 chars
~~ json string avg len.......: 641 chars
~~ json string max len.......: 825 chars
~~ json string avg len.......: 644 chars

1486
test/results/dnscrypt-v1-and-resolver-pings.pcap.out
View File

File diff suppressed because it is too large Load Diff

280
test/results/dnscrypt-v2-doh.pcap.out
View File

@@ -1,245 +1,245 @@
00466{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00554{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":946739298533}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739298533,"flow_last_seen":946739298533,"flow_idle_time":7580000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739298533,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739298533,"flow_last_seen":946739298533,"flow_idle_time":7580000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739298533,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00841{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":946739298533,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":337,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":337,"pkt_l4_len":303,"thread_ts_msec":946739298533,"pkt":"REREREREZmZmZmZmCABFAAFD4UdAAL0GsQQKAAABi2PeSNGqAbt5f9qX6vvArlAYAfYrngAAFgMBARYBAAESAwPY4R+kmwrmRkwkOvmL20MZvvmmXV\/QYaA6X4C5e+GFvyA2SDuI+F1GOq7qyiEw+aePhhElQVpDVzMYXSdiyok3WQAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACjAAAAEgAQAAANZG9oLTIuc2VieS5pbwAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACA0hS9OEA\/J5twwMByNtSlpgrCPJW9Ooqwd+S9NxEdaCw=="}
00902{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739298533,"flow_last_seen":946739298533,"flow_idle_time":7580000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739298533,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53674,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh-2.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00907{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739298533,"flow_last_seen":946739298533,"flow_idle_time":7580000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739298533,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53674,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh-2.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02379{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":946739298797,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1464,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1464,"pkt_l4_len":1430,"thread_ts_msec":946739298797,"pkt":"ZmZmZmZmRERERERECABFAAWq1TBAACsGSrWLY95ICgAAAQG70arq+8CueX\/bslAQAfmvXQAAFgMDAHoCAAB2AwOWvrm4FPC7V7PYuN+Lshod\/nezEzfqc01CK\/K8f2FrjCA2SDuI+F1GOq7qyiEw+aePhhElQVpDVzMYXSdiyok3WRMBAAAuACsAAgMEADMAJAAdACDl61zVHhMWB0BdL3ddlBFKSw5Lr9HVe6EkVLOcYVLAAxQDAwABARcDAwAksgraFQq8T84jfrRmYc223NGnVGbYG\/xj8xk4v\/EJCHm3s9w1FwMDCVmg97DgSdnn53nb0jGLv9F1+4VVO1DlJvFZ4CsfAqRyJ8a0jMqAaeRjhyCNwiDpU+6mevWKgpxWfYNjWShazkI7oaAh0ocoGs0\/Z2Mwn5ZIkIv+OuDwieAM9qTwhi+fGVM4H+qU8v3e8TtrqoxC+IgZVc8V3I+\/yPEjroPH33YYxxjju5aqvElJCjEI4urJQzXoWsAq6uQKccy5WfzKSDhJNZ8AVPquU8SpWKmo\/\/E2qD+dKLWJFgaub29gXMXjQTVzoJxdvVKG52mcWm6EXETLAVeqYVAn1jxtrmpkg13Vk85sRN2hjK5eeu4ap8rf7Lodf5tfmhv8SVfULmdGCNmmvgZMJkjmNfdKrw+XnrBHNQP2GC7kgKzhx++y9Ur+7CtcaZ0Stuv2mMWKbTn30OOZzAWiYjVeWw1PNj6IPMesZYC3bO1PwS8+BOlQEPumskRErqRklUuVJ1OXsXJn8o9P7B9r5RxumsKPZbrYuGjTJfVUwTIwaAH4g\/GODGK2+B5YB\/Z\/6LysjXxF0obthFSDlDUGBTCdDZdGFQyyl8u0xri2sr4xv5TWFpIjmyYys6SXqhW7QRXi8cM\/fGE\/JM+qZpyddar8bHdCLxGlvvPz4eCxh6lg0sugzb6K+mUo6W7gtEoQaKMIAakeMy2FOKQ3NMe5\/F+3b43gHog099YK8NKs2bvSG\/W7LXyo8PnUinj+AVLnzhrSe+qvDBw9a\/Jp7AkHbVoQwt\/EIF5\/d5w+4KMlJPMSzCUov8rfi\/CCF\/iVjvModtxk+gLz4pUaK3XRZHYtLxfH7FHcLizTZ3sSU4i+tweqvPEyxXE1E7Y+KMLDCV+QkbWkWi9gMec8ZJ3GBnIg+iSrehGCt8i8t7Lu9Wc\/2fGKgQfE9jJe\/fDA2odknuy5GV2960tQvEZAXB0c5GJBhjiPYJgYdgJ2fzUt\/xLgBoWg0zKHa\/soHWqBrLympLp+VepVMyzuzIJ6QgGVTCC1EFSrrSUxkNXDsBrwmyRP\/9FLF9pdzZACXTb6S8myrZazmvEdGdk04PjNhUiHGlUT03OYvmagf8Ya\/4VRzGGdV43OAGkQYeu0ZY\/heh9h7fucuCFB8CyBx4wy7OhYHBnDOYz2gdf\/z49N039rzJarMWXOwbROgeoXzcsBH8Uj6StZMCbM\/ZBGWByfEjHDl5w8E1dbyJx5XuC65RezHZrv05dJlBbVSEsHIMbDl7IWOUdhpeDNskZrQ+GdU5boLCtHmvrbs62KT\/zlJm2mOApHTvifRvmqKBz9tPtGNCG6XGCZWhEY3FFyS9rmcTpceJwTCfQYlzYKZslhMKd4J63ankp0RnGQLgodwM35ISK98+Kq2hNOJCTBOCxPPsHuXjZuhXdIi8QCW9VQZqww\/\/NjZPMOPy4jcZ7Tkixh7\/JmbpMEV7PnrhAXh21z+u5dLFH52pKdwGRat6A94UDcInit5rOcJtblnF8P7F8IlQqF3WFZurZBuXzllHTzbwe54UUGPwrqwyOIUkW6zUYU\/09YfhXdyYwY1MnGRAlrE9sPr4V9Vgn7ZntvhQgmKz\/jiHNHuRGaj\/PJAjEPTmoQib9SfYaA5fyYDQmsautNL\/cJ4oyfD9Jembyctib1BIp9Ramfe6PSsBXI\/0Ka52Or"}
00943{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739298533,"flow_last_seen":946739298797,"flow_idle_time":7580000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":1410,"flow_tot_l4_payload_len":1693,"flow_avg_l4_payload_len":846,"midstream":1,"thread_ts_msec":946739298797,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53674,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh-2.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00948{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739298533,"flow_last_seen":946739298797,"flow_idle_time":7580000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":1410,"flow_tot_l4_payload_len":1693,"midstream":1,"thread_ts_msec":946739298797,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53674,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh-2.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02292{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":946739298797,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1408,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1408,"pkt_l4_len":1374,"thread_ts_msec":946739298797,"pkt":"ZmZmZmZmRERERERECABFAAVy1TFAACsGSuyLY95ICgAAAQG70arq+8YweX\/bslAYAfkcrQAAThemFBuD34j0ZojpR7nDk08tEILyrSrE7HS0zZ4kmhXJJxPvCajO9mPz0f1Ba7CUeJZuC\/ww3Lrn+zD28CW1o9VT3LiWNj\/tk7IhVjR3oxyzXVyp8GIUKoCq+rFgLmVNv3t4E9NSsp0vzaP0F7j0JBrlPSojRxE2tlZsJ5feSSYzKGVucsWX6pYRquGlpuPfdHODx0L8ifTKNZ7sMGSXufTYU71W7zucIJWTJn92oiP3KQmXtYYb39SlVhRkoPmox0CcWIbUIkPk1mOfiZj7ZHZGdjmSkO+stoE+mAIy1qeh6xhTg7nyjAGvTt0OEbSBbL64py0gHtL8p9MnYDH\/rEu94PzROteC\/nq08LwZZof+0aydUgoyNJpYIzziL6obgZ8r3XFfT2yBZeGRYlK+7j980Fzg4IJlxXjB\/7u4t3CFM2KzwkVTOl0QgQ2WdVMZr63UzYIuBqVeqhjDwph8EAIPfj6GHii36awX1ARUIn+i2we8pqEICyjrrtz5abqrvBqhOgUymt9799jpjN96PN89rSa+qz8R5hSWva8Z0q12NMSUqK4V32q2T+XbFuVZUlGqNPo8Q4LGFZXuYD0rXuNudeUYIvyeE2j5uqdZqZHCJg4amyAZz0RTts0c1\/NYqX2y5hPaOLvInAlZn4kgRx8P3JUIFzzVPNJJ35uuAChT5mattKXxu8qwume7sBZMgcO4xIk9V0GeDf7Q0iqbxG1cZybv7JIhiCiaIbji819I0oDOejGbK2XffVEsRj3+LURpVM8fUmFAk669Ff\/Nr+yt6tH9Ktz6qOevm0rhgviDIUwzLNJNTxk3pvt9wNVus\/LUfcLiMKspToabUtDV2KtFlgjUQBZ6M603sQeMbcyD6v4zye6TReEZisbYDNmcge+IFl+e+6gIZYcwnBnjL+IMuKODuiRDaCLQJS72LiQoTClqyWNhk8p3nZX4LJsLVi6dW6cV7ErhFynQJtxWGrvo9DrmvbJGRV80Ul449jTrc22WvgTBKnaXTTsv2pw69IL3ziatAlwA6VUKivZyuSnP\/qeqQsLIM3h1xsud7x+raSQILbisV46QaEMOKNMhEo4f9EE5vYtzwm\/ngKP6CEyyxa5eOnqoj72FpXRNgDKcpbuNQSddL+rkopq\/y8uRR5TATut5xq9zEjEQLnRu3bhaqmLH7wPAre5tejGNaBElH9ZorCCzrnrfL+5ZFV65djnMn\/burxQW9SIIOlDcRe3ddZxIf\/z8dXGWfc\/YJ2alVKWABNBLcFPeFubCnDOGFnp7WaEezUQCo1huX1d\/AR2t9ZFIxb+\/2YA0Fcu4FFOucBmHB64h34YnG1QktWj0QN6yNlW1E24ubX3xPextdjh4av9ufsqLyV+lQC34GqCFKa3D2btbNVuYlf3F\/nsdPHHCRn+svJvZKssoO39MnIg20E8\/NZSYgAW7+dMxM2JbTCDpQf718V5e42Tcc3D\/MVuwLpSLFUnGgbahF3PvczhUvo5QFk5tF0YRiH+1QJX+P4Bld+SLzREBNKhff3\/yg9uJJKca+U+6nBcDAwCBaMxAcfS4h68NX8O4\/JsJCa+QWF87yNO9r0+szCZ1TeWGW\/KMvQNFzX1G+Y2PEnQ68hI4LpJQIC4VjBdW13rCggF8QR46NY3HL4enM7oteZTlqkQvxVphVmRyDsYFcjY4u2fGUw5LFrsQktQhx2VsQTygsXipX2KtdmPdscHLlgGRFwMDADV5C7WBlZ+ocDTA\/zppOjhaktsCXwO0sG+1hu0Zi0K+GaWwxXTJGdG0p2vdDlGf4dOI0eNxTQ=="}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739299058,"flow_last_seen":946739299058,"flow_idle_time":7580000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739299058,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53676,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739299058,"flow_last_seen":946739299058,"flow_idle_time":7580000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739299058,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53676,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00839{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":946739299058,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":337,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":337,"pkt_l4_len":303,"thread_ts_msec":946739299058,"pkt":"REREREREZmZmZmZmCABFAAFDIvZAAL0Gb1YKAAABi2PeSNGsAbu+7R6jIfk4pVAYAfYrngAAFgMBARYBAAESAwOSQ8JxHhGuu6wLKnGtwDfaCU9fn2zkXyLvCqG6Z1EJrSA97l3xa4NDBUHApuStJw5z26JVCZKgohlNqcovRpE62AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACjAAAAEgAQAAANZG9oLTIuc2VieS5pbwAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACBvduxHcveHyzSwUHe1UMoR3WO30Q1YJASO6Gqd5f5rOQ=="}
00902{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739299058,"flow_last_seen":946739299058,"flow_idle_time":7580000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739299058,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53676,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh-2.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00907{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739299058,"flow_last_seen":946739299058,"flow_idle_time":7580000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739299058,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53676,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh-2.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02367{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":946739299325,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1464,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1464,"pkt_l4_len":1430,"thread_ts_msec":946739299325,"pkt":"ZmZmZmZmRERERERECABFAAWq+oRAACsGJWGLY95ICgAAAQG70awh+Tilvu0fvlAQAflBFAAAFgMDAHoCAAB2AwO4E1L4A\/\/vaa3qFy7zGtkSllYVpFARFReL8E9wQ5edfiA97l3xa4NDBUHApuStJw5z26JVCZKgohlNqcovRpE62BMBAAAuACsAAgMEADMAJAAdACC6hi7aKoaulrg0kHVy9iX3JtIXsjOWFqMY4JtXoR3ZFBQDAwABARcDAwAkVn7ui3VtyEjBPho8csX4cWU91LDHlldd37yMDuMkm1WrNSA\/FwMDCVkNxERPpxFp1hU3MTygH94nI+uO3MFA6Pgc7Cjgsqv9R94L1LzqnlTJ9qM2GdC3DoaCFMZy2rvnd3TUb44js1wH\/ZjR\/tueYjuCchsydXsjOJIItHXpv6rNdoQc5GxilmSN3ZLV0BdssW6zhxxgQaE3FYajxWXTTfgzUzOS+6W++jmvd1q00zg+8Q0qSguzfNUtyikLzjXqF591w71tmw1RwueDWDRqOR8D9ArOOASC\/gfHKocbf3MYoPn\/L3+LeyjDo7Dan2mPuEUKlItjagedNzassvjfnCKDfWzjTYX1Oj074zzZKYUi326SCBVqvZ4BTAJFklyVRE2\/7w5a9Hu3TkucSU4uD6YDgHvYuwr1PUeuJlpLcTtMIe6KqdQO6VhykmmEfKtsuoqKDau0V16KSQWM2aCvsVesKQ3DSQJg5rL5yIwj9vpyWnaHxDEgfEIDmYjy\/Axgsm7vfVWFF3Jrfc1xzCpgVx2Wzxxl\/maZOzNTYwZUTU3hLDZjHHXTyifvb45snBjXrLw3E9kNt6T2lmZ7d2lzBq35OqiFyiqDdqg5nN+wvKg6FFTseFXwn\/Cnava4JqwJeCYBLZwtvjbxpmY\/Z7bzc6mZPg2Sh+dbDSkCl3bi0C7OGN4lTKk6SakWyrfvl60M9dBFHVDrzgKu7xbDvPEvSNcZq2Dx1QXy2oMyLZnD977uZ9nLe2MaP79hLJNgy4v+jriXtA5fuVRTABndd0eLGpCNoQRcyQEasclWVE0X3djEYjD5W2s+8ID+COBoWOoyP\/WAq9bDmdFuLbZL5YcQMg6OEX37+6VcGXh24mzLjiWqRW2SXZBECP5e9Kp+qBc4nsLJy+\/cCFFzWnnOIeDNkPzITjeYYG62LLpDcjihxenHjNkU8aI6W9z7HJRAKXj15JybI7ZavgKdsyBJSz8Rv17E9WgwJgE24FqtNa6LcXPjCIVJ4JA\/FRIvlJbq2\/PV2grzaPllz7EIQXESn4AAbsSK6v\/afg1rifhsSGv2yYjxwtRB5P9D+FT0dFjO2m9zDYEYLvFPNAv2\/uEF0d+ML9zrDfaDdz6z+wzZI7tOXb+ZgoELySqXWnZpXCKfAbAaRdkBWG9n\/7DEkPQfGc3BRuxecF3gZRN5TjRNnS3L\/z3Mjd0kgq5NvuPBzwr++r8PkzDyv4SrhrEho0ZXiTGQlO7AUNavDHJ2E6WcvB6wH6w+nDu+LafkJwVBrA3g2ry2AgWQYQlCtuH3p4tS5epl0vy3sOsnzjbAIulHq4VIitq5pO3s+sczN2QL3hoGMgZmvfNYCCppei2sMRM3JeTXdDamDavAss5ffhc7o9sFzFOhYwBHF3K+RDvF+\/0hY+kvloFXPT7w5qyKb029c\/+Vu3kK8iCqQMpkd\/Y7fPVoDJRSebia6NkOtp0QF10Wqdh2s0768F9ux8l3ns6Ahcvm\/CEcnhylTvqF1H8nFLoIPnLNfkqliriwfEB7qB8aB8psWMvXozj1u+xw79vKaBVDClx5kPg1ndY1UZCkXuVmLOZwvxWWc0tuTJcMVug1lNwCPKGUEoQ6IRWLIe8NCbqmkI6bW\/5Xu20soyB9iTbKgsh2xLBekpYgVl8gT8VGJflOjydyD64I9+T\/dXz5zy\/0oPQP9q2vSa5j"}
00943{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739299058,"flow_last_seen":946739299325,"flow_idle_time":7580000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":1410,"flow_tot_l4_payload_len":1693,"flow_avg_l4_payload_len":846,"midstream":1,"thread_ts_msec":946739299325,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53676,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh-2.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00948{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739299058,"flow_last_seen":946739299325,"flow_idle_time":7580000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":1410,"flow_tot_l4_payload_len":1693,"midstream":1,"thread_ts_msec":946739299325,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53676,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh-2.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02291{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":946739299325,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1406,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1406,"pkt_l4_len":1372,"thread_ts_msec":946739299325,"pkt":"ZmZmZmZmRERERERECABFAAVw+oVAACsGJZqLY95ICgAAAQG70awh+T4nvu0fvlAYAfmmIAAAiW51QuqEfobYElojzNdmal3NmvuNd\/aotOFuZKIcd+01MY62EHH7E56\/oxK0qr9J58d7Jfc491vr3AkBsKJZSE5EN1LMlpXioNrse464nnbj5nYCt1y8iJtaYVHfHT9x8ujbG\/T2N6ZekRm+ONP3O7xw3rubgw7ubQJF\/KHEiRVFPrbIwq5RI7VTRdfrd3b9Fc\/71kitl8ImBckYsh09FSa2nRQrqALNG43BNA+FPS+D4bALfGJGztFq32s2D2cWRj2vno7VjQQWYQsz+9R40cUHWMbbW0anf7aLopYHYwhAUnxfUJyLSGv\/hcuY1JoGSes4gPPm0w\/KvSPUfmH1XOcuJRdoXdElY5F\/m9je9IUq8euoPyf0PXU\/w6wn+q9PJNYNblwNWPVkVSF6bp87Ycrz+bZvhmrk3ipYYu58\/qf3ItMXsHiYNDHVbyhTOrrT84X2uXkA5ajgilxkHZCWJdDIvRFwT++59P5vI4krRFU0SPX1eygQdMslXLsxvfqQATVp3sK76bt8qHa8rMRVLCfPA3UPe8Z9q\/JNBVvEPCwFBWQICqqCApD7kqMSclaEy89K83LVugXlNfNOargw6YlUR36QNrsco2xSkkpbYZSag+guZDt8NaBOAQqx6Dtx5yS9ZeM2TaZ4Tva3cH5WwTw3nwMfyBrZkmKclliFlyL+l3\/Ft\/1cAhtU5U7a4LgYVbdqsQxRVbeUPAwUZ68y2BGyj5Xg8Mtci4mPsgh+bnyNL5K5y9jSltRS79PDJA87B7hqXTRUrELkxjFWaMPAzghsENt\/UjelVjAgSWUxzpqxPV+2hED3HVp9LJOBmZIcSEVN1eWHazkX+mtW2m+0GAsZaxamutLzgJh\/DRJa7Jw23fjV9PCXnj9MWSdJstPENtBI0OVh7PH0+uAGt1zxMdGzUgBU2QlNOO7S4UuYD0Y26DtfRFNsa3yyMMJMA4d1B+99D0rLBp+YTr6CIQlSGW7\/MY0mGzKXnXLKEBMjIoE76aJQADNrOQ1pUsHUbMNYSxpurIgJZbgBG3OALLoptMECW3PsCTpgXkQ2OmVE11D882PmbdA0f4acC7LQATIGoxF7ZIVK6E9Vi5\/LR0AueJFdtzLq+oc1+GpS8l4A7KvQzJjHl8BFVtlJFp5Ft91g8c86AHAIukg5AmfSwO3K4Rq0SXUs8KcP29aiI1bA7\/K0iAEMbAiDcRNwXEEo+uNEfshUZQDIyZoBHdLzMTL\/2s9ouLF90mtZTkbub4ko0oHCp0UBuhgnfDbrA69yTnP91yV8UR8xswBSaiV12vmMHeXGGKIJ6dQbgPNn5OzZbyefQz5\/sH6dHxYbcGGfd+8wSxfEi7DokbKnmTmetH85RkCusy06sJkhFgf9bhlEmk63Cet5cz7Z7ea9PrtiS\/xOPZoAmLR8AcrBNB\/tHpNVlFcTM+gO6pHXXYSwt1o+rdQxZT4lFn7kVxmARBzEGQB8TIogOkRi0YtdMrX\/cAGbQWx0wllwfDL\/JIISbxKwUNTT45zepGk3OVcnv0694KsAM6Pujlm7XvrZ+hcDAwB\/JlZfTL2CfKHweE8ivDA\/8Dj4s9MhpgBrmwa3P4sMMqXQFKgI6jQB7iGhbQGftnSVKI+QCxWleTjngiVWQbRq4xwswRPPuCr\/EteohSIpdjvjIjT4EQlykWjN3TxUSVyvVSA8Rp0nUkHXzRzNgRwt1EKIchjIYekan95L5wPtZxcDAwA1P8zjtyfqh9OaAN1qf+msLEHbyvTYhKC4e6LNeICCaSA3aHIsCQ1pZdcK52vQiTVTlBfFsLw="}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304432,"flow_last_seen":946739304432,"flow_idle_time":7580000,"flow_min_l4_payload_len":298,"flow_max_l4_payload_len":298,"flow_tot_l4_payload_len":298,"flow_avg_l4_payload_len":298,"midstream":1,"thread_ts_msec":946739304432,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.95.218.42","src_port":50614,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739304432,"flow_last_seen":946739304432,"flow_idle_time":7580000,"flow_min_l4_payload_len":298,"flow_max_l4_payload_len":298,"flow_tot_l4_payload_len":298,"midstream":1,"thread_ts_msec":946739304432,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.95.218.42","src_port":50614,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00864{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":946739304432,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":352,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":352,"pkt_l4_len":318,"thread_ts_msec":946739304432,"pkt":"REREREREZmZmZmZmCABFAAFSUVZAAL0GFwkKAAABuV\/aKsW2AbtqjRCaK20m8FAYAfZViwAAFgMBASUBAAEhAwPqrEqAFBwbSYnmd5FQ4vhXWCXQOM7WSA+ydz5Uq2T7jCDruFBRjE\/ZRtIlov08nzXX8Izc\/f7Ut++FjeF3CgO25wAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACyAAAAIQAfAAAcZG5zLmRpZ2l0YWxlLWdlc2VsbHNjaGFmdC5jaAAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACDBZSA439npt9wjB\/Qij4hgUYqoHU3i8\/GsiDYDjRoMEQ=="}
00917{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304432,"flow_last_seen":946739304432,"flow_idle_time":7580000,"flow_min_l4_payload_len":298,"flow_max_l4_payload_len":298,"flow_tot_l4_payload_len":298,"flow_avg_l4_payload_len":298,"midstream":1,"thread_ts_msec":946739304432,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.95.218.42","src_port":50614,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.digitale-gesellschaft.ch","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00922{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739304432,"flow_last_seen":946739304432,"flow_idle_time":7580000,"flow_min_l4_payload_len":298,"flow_max_l4_payload_len":298,"flow_tot_l4_payload_len":298,"midstream":1,"thread_ts_msec":946739304432,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.95.218.42","src_port":50614,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.digitale-gesellschaft.ch","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04390{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":946739304474,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"thread_ts_msec":946739304474,"pkt":"ZmZmZmZmRERERERECABFAAuA8Y9AADUG9KG5X9oqCgAAAQG7xbYrbSbwao0RxFAQAfVfuQAAFgMDAHoCAAB2AwMcSuw\/xeEh9B9zohSBYXmLCSdYelc0PZguMzAQLdc5lyDruFBRjE\/ZRtIlov08nzXX8Izc\/f7Ut++FjeF3CgO25xMCAAAuACsAAgMEADMAJAAdACA9LiT1RQf61DUAcNgmrd9PJwh2JRIEeJ2AayVwYZe0VRQDAwABARcDAwAkpkFL6pYrY48v\/7oiAzlOAXfNYnXJT5\/VQ9ye3Jhdgfb\/qFcIFwMDDINDI+OvHUF+FRNUcqHGAtixa5OM3ESWY04brG7N5Xjztm8RaH\/MawsGpkLkwKimhVGQ6ciJhhX175QbHhfhLL45mnkevxxrQGot9ty+fzwVg7GUUCbrsUr32l6TD4OY9EXQQSyuoBvDePneEphgFWs2uB\/zEFQxJzZvf194T3VRrMXZftbpf\/YmEhwWBzhFxCXz7FBI47mE4BFAjuyUMEWUzwiwE55sybcBJQIrcz91caVnRcYmA1Wi1qK5uHVbVaqkF1jIcRZS6+N+xmFq9MBtbs1TttpF6z36PG19i1g1CIx8xl4wpaYvqDA7QOoSL5x3PMqBtb0k4c3Q\/zEwDdawR+TYy7hNCaHkQ1sAWum3cmhRVUAXu9xkbB0O3nyNloM3\/1BpKJAhKkuU\/V2kkZGB6Ql\/kS7sAxcWh603OAJFGoXqcwc2spjFNCK4ea9Hs8PmACV\/UTaJ7lrlVw2HKBfFrLZE4S2HECqocWhjyVs89\/VZtJDOJu7pXlvP6vYnAZ+sKU9FZHgQ29hFtZTpOUnFJKyIZ7qR3IrvVPATpVytUzMEEVKArnVXT6TYqqci\/q+Ob0fbpe70cziyO7QaX7DT+VhBEhzijRbBVrFLadSpyh0XwKqeuShTd5lBEg4jq+0xz6QU3AR+JKO5yFNIu3wqn66JM48D8VfHh\/P6zoK25bt+h0uyMx2Tdvz0o8sXcXOlNbkjxJTj+b3L48sroz1OixQLEwkGWR0YALDiDYZDaGEdLMJeKpDENsvWGjQzbcLGtxojF3IPZE5plenMHHam99lQcz7tOMhTuD0tu9K1ubLwoOk+K9ZSx+jQ\/y8OgEHvmzPhQqCD3uYFzKXprY15BXYSgVl4JkFtCc53KhrIqQpwfu8AGb8d7NaM+YwOO8C5+0rvVtZQVjay20f9c8RH+m7E+z6+gghCL2zO42Qf0EGAmfsmAKXMp6WNxCrd7mkU+MupYWwFGBmLvHH3Vl5XVJZL0bTZyhceC5c2NC8KJ3G3fmI41pUyCIqBiCF4naOVVb20hz4J7t7d4+3vNMlh9pkutkDtBUG\/sopbYKTD6kxhRU0nbMYNcJYsotavdtxk+5ricax8dlXTEQUyVGuU7VzQro6ZTS2J\/N+Dqw0JjCzhzZM4Iy+Zigsyz452Mxwn4H+POZW9AEa8UJIqsMXNYUOgxqdRZORU8gjSaaYtyhn4ZgPLYzJWev+UYEVbkQQlIs0qMsnDALKCKs\/vPLbMaZzLaWAeXOQBcQn6dRdSl1OHdjVYou9K0wNLFmi57+vod9Ufwp9xSCvh3ThgMiLBs9ntZ+DKnnpNK7K++8wDuLBmnbcYEnUZrZqGa8EXM5oLFPSizN87UN+K45Q\/S\/mtl3uxWe3MQN2DDd0vZIT\/pM6xA4vmgKQKhOGh1G\/LsJ4bGVvyfPbVWvvPsPMrkNeqwnVRFRE+JcuPLjNn3DyJRPv6SImnNR3F3p3NDu+U\/bZYbpfAqdtebmwkI6E92\/4EaRwnMS8jUU+nm4J3KxRiQRAHf2ic3MpHIJFU1alZ3UsqHJ6ixFmoZGKJNMub9RVwhhoMDob7lsWG2+BH4aWefcCL1wBXs4NIWJsY2Ws638ztVCok6ObVcpsMJe2l2ribLtt6uLyB1eEKfooGXoxgtbiHn8UI8BDgLRXpCnA7qK7wNCPv\/hXV\/5qObuA7HW\/C2qkSIpV\/R39i9wwVQ1ug1QIQz\/Ivm\/r6WLd0npdZrGVu5GBOJgUSRjnZQS5nqzdQ7xc5efsR5ICHi2XulsD+Zl3WQXVxYViEQMZNQRJCVpPIcx8YSgUINm5M6giDWQvYaHGMiifN+4pLOGo7UDtXSoYcIPou4kTo7mt5yFzAggk8EG0TmExkKN5uy8guvzoGiu3UmP1ayFSZA5TF4Hxgcg+2NpMUwTAvYDD0pW884S8fOW9HXDNECKzwG\/oVVn5NMUQqNCBUKpIkrq4caPrR60LP1G1fKKVz2Mf14oxUS6BYWLwcRFuY6LigPfz3Ch2bE\/jL+itDz+psExENk+g1PfaK4go+YhsmYCnhhZtTocVAIm+qVANsaIE47+Mr\/3qaOf1rseYxdMsxv04vxWH70UAraH7Y4AGe1DhKm55YgPg2VNLv+h443L3JtfuQRH1c2k3TEXhdwCAcDQH9W699eTwV8ntiQTxjZssTXuxQRFgjLr00HeNPNF7n2H9VgT8LsXQAt4\/i29eoQanjq3bUca84pwERHpxJCf8pS1a1KaFzMXvwUcJQOHW0Q\/N1pQGzvCpgH08Dx9GmHQ9KyzJ\/25WSu25QUZfal6F7L79g8iREwvmDUfy2lEv7mGnvWdhk02quVGsRpK9JEZQWo1rmsoDlNw4F7rXwD7R+U4RUfRyKkcbXPHiTg6YeMzcydsycniM9RaMjPPob9n1bk26ufx+9SlvlwwzqBTbOelsik5jIa525vbi5OIQxSrn0plookRa9xUJNwJ0omdn9j\/AW9IsSa86jM4scUrSMFbeKS4NfQDG9J4VYxzdoR7UNco77sa40\/zPWSa52BjRajNWVVhLj2o4JJQ1TdUu1\/Y89xmSzFKfGWeLSDj5A40mFHXGu4ywpzLC8Nndnau8G5aFKzcr\/e\/FYXUsoYZybTLRRgFBh9CldD2TTFeVueuq98o4ZVu+q1YYgsJKBwBBdV7ZQvj9\/cuG60fpzaNEiWJubkXSKKJvv74KXiPSXeDhQYLSS52OcrIzafNPniFrdcohvXMGEBoTJqcVbFo3+5iC13wm4mlmo+quy\/l2iSqCs4wxDhhSbLnO3Mj4Jo+xpM+BWcGCqCQkZM3XVKq9YiLnmUpBqToMdPk8pxszpPKZj1LhkprcBdvtCOBdOnwV08YRjPbT04P1DuRJXM7LDfWyxwk\/Is8GGMA1w6+\/RlaDUJ4QA8kKf62dGdodCfjoiQVkcxdXgak+xv+ho1izHEaG3Cxi3\/0JNNkwi2GYgruxc5fmKOdC4sqtkxC8j7I10mTh3+xdhudUBx0Sfr8yXq66S2KI88KrN3whtG4+sfGtAkvxG1DDMgti4zkfemFnlOATAqP5VRZM6U99yi4VhRBfczJTw1gBFetM1BkbvErs0YQl2nnzhNtTGtufXl2uHH4oKan\/xnak8wRRzvD04JQK431fn3TEvjjqMfQgcgW2JNC7Jyw7AYjY5nB5jUcAvogHpO11F1M9vRMop+cLQefP6yxy73IHNujTUtW4L99fDdjHVHLSrb7JdVLoGFBt3fFHLJFZwGyi73KaVuA8iLogqAdT6WIlJVQpMEOX0IGn7EhGzmKBzxPYnYlqqEBMEmrbIy10AsTQseVjaAzuWns\/HCPxtq5uB5ayh6r0SQlamctp8CNeSGkejLyD9InFUv\/cN6jEeAPw9ln90Uo+NcJcsUJLeRD+0uBhQVWKlzlgFrsdNHfyZgldWogT0yc5biAQ0YsfjTotPSED4mJ044\/CPZYxO\/WG1WatWJcgbBPZpTJOczqp0KaqRJnQpbibu0vaCcUf\/KqPXTh9mQWbhQvkie6BJSQGOWuxP4jMOKd9ZpnBr0kUhcDeMAPaBISZnWKXpcStlkCGJnAAKL5CAgF\/30XUkXB1LxIrTS74Ar8WfurKCvwBWG\/WZugVENhYI47kxJo12a6YH"}
00960{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739304432,"flow_last_seen":946739304474,"flow_idle_time":7580000,"flow_min_l4_payload_len":298,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3202,"flow_avg_l4_payload_len":1601,"midstream":1,"thread_ts_msec":946739304474,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.95.218.42","src_port":50614,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns.digitale-gesellschaft.ch","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00964{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739304432,"flow_last_seen":946739304474,"flow_idle_time":7580000,"flow_min_l4_payload_len":298,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3202,"midstream":1,"thread_ts_msec":946739304474,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.95.218.42","src_port":50614,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns.digitale-gesellschaft.ch","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01589{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":946739304474,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":892,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":892,"pkt_l4_len":858,"thread_ts_msec":946739304474,"pkt":"ZmZmZmZmRERERERECABFAANu8ZFAADUG\/LG5X9oqCgAAAQG7xbYrbTJIao0RxFAYAfWPbQAAW0wo1H0j139pBXgBmTX+NlnQSaFEq5K3Pk3KVeGnXpOOLq4X08kQBuG8lGioiVe9QPOeM1XWvGxPlasRKFYrXBH86PGVaXAalDOEWJlV3PHRUUevw5fI6G+9XzuHkGZKTzPpIIOZ3iAzfHnVG3aTpqTBf7xHcc9kM1a8UHbmE4vJrXG9wa2HwWF2bcpsRjUYBUQxiid3MXG7FbSTEXHjqgO4LQdR6Xrrbq+Co3CdY49hyuqnRUiglv3ZkZvp\/BcnFskV9iJiOLBUK+jpAhnIdIbviFi78T5PQD4Tbyt8STzKJ4\/mkCRReunmywmmxKyYx8ErZcAkoKDR9IOJ3LCf8I8uzSUCcTKeSSnHS6ASYLDpWersQuLDgg3Is5Hb+2kMH37wQnKetidHgJqxmhLBaw+NX16ETkRc5vqPLeAmNQjzUjFZW029RGYPrEM\/M2aIcKp372plYpuhFsySXWIydCD9tqNCwZyquQ9nS3XV\/M4rQP8eJtxF8c+LbyHgf4cpoHUgBE4Qg\/rQ8QPjUfA1pwRPb\/2owpEEJi4RutXWP+JydB0D0ebOUJIyGUMSTIpJcFH2AKhLGUYE6NfckNeCzln4nEp2+qOXsbfMejtOZFyyhHVzHpRSbGA51CkajxcDAwEZGvKJBQnU\/r0Z9hIPhFlH3EC+7xZqS+s7+uQ2E96CDW5iU++SeFvwmMtUyG5rZZUMcBGpLzGamrlpIcWB85XVCU4gt4ssg9\/BdLmFwKiGqbmqVBGWt\/8gKtXdyHqS9eDrvNFNLvTrsxnC0XEzuTedB4Vu4WIaC7MUadYnyNgpkYSxjxFL6J71Xhm+92aoteroJN4zzFxDDd8rAkDnu1z+ZiBNnpB\/Gl8e1OMkCP6vsWHqZoCX9H9vn8tgHDIFyxXWqZDdxctsoUH7QrryxeYlvn1njblpv3w6tKj8ghJZAtQ3ko6UuvntUQvQpT48C+AbzDC+CMGpscAjbO2LKlP9fB1a9O37Dse31zOmm1FlQiiQCvlL1EpsgdEXAwMARSV8NSHQ2Cma7zLl9Np9i8ttiytzR2iGli71aKFmLcmNdXIXIfvH2D8Tx5IjanqSAuAMgykIOqh1u3rHE4swCwSQXoiMxQ=="}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304846,"flow_last_seen":946739304846,"flow_idle_time":7580000,"flow_min_l4_payload_len":290,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":290,"flow_avg_l4_payload_len":290,"midstream":1,"thread_ts_msec":946739304846,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.147.50","src_port":55962,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739304846,"flow_last_seen":946739304846,"flow_idle_time":7580000,"flow_min_l4_payload_len":290,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":290,"midstream":1,"thread_ts_msec":946739304846,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.147.50","src_port":55962,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00851{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":946739304846,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":344,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":344,"pkt_l4_len":310,"thread_ts_msec":946739304846,"pkt":"REREREREZmZmZmZmCABFAAFKCqJAAL0GKn8KAAABM56TMtqaAbsV\/EiYhf03fVAYAfaIyQAAFgMBAR0BAAEZAwMDM0zFcZBVaq8jarHhMnn706tDCSlU6qIcSdmbVQbksCDb4Qi2Yz\/q0+XeTvQ9QWQ6+8m8vlFJqWD30N7xMHe76AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACqAAAAGQAXAAAUcmVzb2x2ZXItZXUubGVsdXguZmkABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAgp73dM21LptFd0ThW7be4\/uwlUqgVJQtqqMQYrFbmEGQ="}
00910{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304846,"flow_last_seen":946739304846,"flow_idle_time":7580000,"flow_min_l4_payload_len":290,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":290,"flow_avg_l4_payload_len":290,"midstream":1,"thread_ts_msec":946739304846,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.147.50","src_port":55962,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"resolver-eu.lelux.fi","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00915{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739304846,"flow_last_seen":946739304846,"flow_idle_time":7580000,"flow_min_l4_payload_len":290,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":290,"midstream":1,"thread_ts_msec":946739304846,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.147.50","src_port":55962,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"resolver-eu.lelux.fi","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04708{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":946739304885,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":3185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3185,"pkt_l4_len":3151,"thread_ts_msec":946739304885,"pkt":"ZmZmZmZmRERERERECABFAAxjgA1AADcGL\/sznpMyCgAAAQG72pqF\/Td9FfxJulAYAfWT4gAAFgMDAHoCAAB2AwOQkeJmPgfI+2\/Nb2YFPwnrh6xqnBenx5u8q1ZnyWqFbyDb4Qi2Yz\/q0+XeTvQ9QWQ6+8m8vlFJqWD30N7xMHe76BMBAAAuACsAAgMEADMAJAAdACAildRAk\/Ii9q568Shy0jK1lY4Sb1nfErCeFDdP5ao6KBQDAwABARcDAwAkQtxzjO6Y1fKC\/+pxVLm\/ix+V3OPJ68RUn+6KLdAjN0rm7jqVFwMDCjCAB4dDMRsvk08LXpiehq\/g9vbt8WAZZyX0IwUW7zm2s2JxksqGXN7MA4aQXMsXbea79jo4WvO3p6dz8ckR6\/GSVEFX2o1gGE3SmFE8bI1yIk7FWs3aYgxYwqLKQEvbN1ogdjJ6GVf+z5kiMwtt12G5tdTf7rSfZ3NH6Yk4oM8Elpl9VtGpp2o0FPfY8QB0bMd4GPEVRd4k3sqTgevSs5A\/CC4vXXDNw8uBoNAhPcBJ041jkXgJVSYm9QwFsJI4LdQTSOvpWGu8g3Q7\/FqYiPFofKEmMJ\/qdjv4rC472QK9MBOUQREh1M+X1zwZya0Ac0YwCKyp0B6QV8x8ZfPc4YWcPVw\/CzcsYjigSbp5JV0L4gyAue9Gh6S3YYS9bSWcQ6OYfhcUgIVrottiHisZ3rFZLnhHY2SXkUzy2eOnD3Qi87\/nZ2OjGdHVYvM8Yu4DBGax+k0RD3dyn9+WKeU6QKdkf0bt\/mxpZ+gCW+joqGHWhH8T8mliVYu97Vp1QkdwgpRB7hXYN0Y6CGFsBPw4pzAHjVBFBgDGgx3FLp+jHtYGS4QJXS1JHRsP\/ek1Bjr6PmHXQaaRrJ7LWjgQKI7Gha0EZqsq38SOF+eicMwDFpzc3B+5eNIjmjJW4NSel0FytKTt9ojc0NWkn0EYaG0EgY6+6x2nvzg5YX9tM13wZT\/oz2Ot9pPHCaabuHca2dbfesbpNetZkot4ox97XYVrqgngmst1PfSQmtM98M5ptnPmd\/sO4Q2zmY5zCyE4gqZJ\/jBMttfXco2\/5avcH7mX5ejSI27aNnLJexzSKXQ+JaOKITzvIhr9MApYef8a6mxmBG7KvaOHtWpBt2xvsdwkyGKaTSFivERAQJ3qVVpBnDVBNegKy8yEp45YgbraKILphly37eCzmeR8+BDQHM0\/olAhROBUZh\/RONZXvUkl5SKTRjHC2xvJNaeZYZ+hmdzytY6JxtjOWIkXJWGOQ1NLnp8ApIWyE\/uNNjzCwSksu7oipiMjp9\/TYKv3dTCD+5Ol7BQVVV99RWf0LzZ8iQzJsQx4OWgFzyT+Rx7ZVNnTGOrqRbAycjVipQHP7zlio12QWc9UNzJCxesOye7ivdDzyOxpzywnD3v8hSp\/9zPmf\/3ENHJgy8O34UUO06MOahgiokayYgWdjmVbemjxT1TryYu0gDna\/E6EV3qm9EmJk3uwiz6F8MD8T978R+EclF8jScCvS+0rc0myMoeeGSKvHZ59\/bY\/8uMlpK\/glxn4tf2FrEjMiwTYfD\/iCofxemvMkvC\/JJfgLtIuT4eRwYnzHY6tx9RKYdE3USzn4\/mm5qo5iJNIvjNV0kDlflg2at\/H0LoUPuAQDzKEIijJENcZ6pth1tAfPuzZbqzQybao7+N7tXszvfJs6XQ8U0IN8EKUruqqe63LmjAuODDmoGi5l1XKUHloz2N6Z0c6GOIMVwe3VD3oKEzis5\/IqukPTBIlPi3wM9hPvIjDsgqHeQuZwd0P2uGkmxxX+CQ\/eHLZcMkC6yXGIsoms\/DqqMmKImF+\/kg3KVbsOWynlp+qs+GRnuEe5Gwcck3bNanvNfRO2hnDlR3xxWpDeCDtY554dnKSdrEsmz56E3HZY7CS4xffa2qaRU9o8FE6oWceQ2YomJuE\/bMT3knxqniPrzl1K3GkigMh9J1i47zylUFJIasxWeeT4rnsrPdwO5pPpDZPDAhZZKqamf0Xxf7UyzOur5bQ0RGdSbDmjCGZUxwrcQgCzOocJ07C3y9f5\/cPHLy4Hcpi9nKHy5+zMgLxDuHh45d7g5aX2opBYeDFdZVkS35fhN\/VA5YDY3hjQkRRPMbthZpOOEiiUTiyQGuttf7SmNH1qqd0+P4R98lk6wmtu\/RYPzzoAOrY33Oweyfv45FrUJjxFb3dkB2JJBL+a3b7QXiEHk+jfi2DFJC8R1nDmEiD7lG0zp+GgCp2hMKrzTinc3jq7XrvSXgjRArW5vMll4UVtkgCZOG8JOPCJ+1InS6ZkzsHBlVE1ulhcQ6O07QOIetMX\/TQcpOws1Y3zI6xlDo7QN9RXjghTw1OQy\/e7csIpoqCDP+zQIn4uVNd9knXoZalNv0Vl+aMYpSUZU7SqXuPd5TrgUjyDCp5uSeJ7PvFxTrvq2m\/J4PCA00dz61blph4TnR5jqkjnWkPCWysgjmFP6jSXDVhi7OEYKJ3O5rj9s1KlWrTAKqEQ1WqkKpYs5zhjZX8C2jJXc7kR7CLzfiUXF\/NgCKD1oPTUZ3B8\/5yhnRignY4ZXMdGmmpuO\/YtIw9z3hTG2mvGzyDH+lTissPE7qvJQZpSJa3YSyfqgptZgRRY3rqQwM1Uan0WZB\/VyeZi71E8HGjmCdytjr1tbuT47siLcnpw\/tnXbVcW0DRQa0UluCuUeRWsFfgTuUhjuWHPeilVqW8TKVGxmd00ikgPoQa60hulHvmRZ5KO6vzi71RXX6dL\/wcA9t7hqc08oZMCG7pFOGbkwZ0H2Ou1cGKyFuTh2P28nKV1VsXeJy03j0rMepvwRePH7BjQM109D5zTvZ+x9U7LeeU5p\/97XLGVSvHyU6QoAkvI7FvvpHkTyoqhk2wuau1Ks3W6ziSuG5ItHrlZeoz2vdhzoVB+PdecdxLzV339b9A3nHa+rng\/3RfrU7m\/xV1uGOltE\/q6T8zbMwllfgMWQHWJtalokkS691O3vXWaxSb0GH3Eukn2GTLqT7xyn8hsg3I5F5pOCMspm6GHKCedNXQt\/rOrbG+70oNkLEiqOTucHrzdm7u3q9vZm5H7InHwwhmYB9o+wmMx9CpSsan17Eu6kQzONsC+k776iKm10F9TFCFRzcFvoSkJVRCogWUna5X6unZPh90yhZj+joK9OmDYl3uGf3cxeeYhuWr7BFipgMV88P5BfhbMuQJTiRkmE2tdVLKXiJJMT3RIuLttxViwKIZxqrsBPVZWuFgeoB\/tNKx1MPoFMSkd6Ady\/JPiKCd\/Lo+LSa+EGciXu3JhsD37LOO\/iaE1hxwYGWesFtcRBD82I4gt\/VZ4IZMSaNKHgm65E6lCcq41BJ\/gbuCDCFJ47l5UE8QhYSOHmp5J9j5vA1FjZFm5Iv6VRZaegnWKKRCmp+e5pBYWdf4T92iFA3wkmAojnbzcZPXM1FL7vahyaLx6fEfTzbYntPyfIJ2l5KJE855FQl1WRsib7X80Yvtknk5W4cHEv1yr1kjUU2CGJ8WMhJhi5rps9ncDKvd4PP0dTrH0ia8H78o1K4OYwHp0nPI0tpDBJqSO906qPhy7pON78NLR8NLi7ebyinTbjqYrIeAPW0BcPQXfo+ePTRQEGlW7G5LCAYlQCvO5j\/LMgF9c3iJwt3nUbOE+eqHvK0\/PHJmQK+ijLfXFLdBd6NBQSn3sHF\/qzgQRE5VwfSRmK55bFmg0PCiTnhGTWzfK0OvOvyyAAiwvXCaBV+gFnzKnwwQ+4ebBmLMgQpqYGGOrzwhV7P+RvbAFwMDARmYqpARsWX06T7\/aIqUa3gqpszdt6QdkNXpjrjP\/CtX9C+2AHbAmlDaq+eynMum8sDVzFoKFvQfGpt91s0+c4BcfaWSQDicP6abNOaMq+Hp75lMfIATEOyO9cUpGtsxdjbO98fR3ligfvynTicYTBBKOabjGzsvGqpIQNsc6yP7ec1DM5IvytEF3WMD\/BSWfSyCMBkPc77J1iCDteQqYtaAe0whPDVMG6GGDORujY8TM3L19IZL3YvYjw7AjSCmeKp+dThVSFL7D\/ks2Bt12v6Pc4J\/bL1kxAzO4vYx1vazs5rxcAfFBrI00UuE4UKrW1AuFrQrWAmy8gFVgJ7l+nCzCeDoyrV14OgMNuqUXIpirZiejq2fhnoXshcDAwA1MiDkD+m6EfUtBdx\/Pyl0ehgKaB76+ayZoBt6uEP7tnUDn+hUUsmcN7NZ1IZhFxhyx2uKd6w="}
00952{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":28,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739304846,"flow_last_seen":946739304885,"flow_idle_time":7580000,"flow_min_l4_payload_len":290,"flow_max_l4_payload_len":3131,"flow_tot_l4_payload_len":3421,"flow_avg_l4_payload_len":1710,"midstream":1,"thread_ts_msec":946739304885,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.147.50","src_port":55962,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"resolver-eu.lelux.fi","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00956{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":28,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739304846,"flow_last_seen":946739304885,"flow_idle_time":7580000,"flow_min_l4_payload_len":290,"flow_max_l4_payload_len":3131,"flow_tot_l4_payload_len":3421,"midstream":1,"thread_ts_msec":946739304885,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.147.50","src_port":55962,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"resolver-eu.lelux.fi","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":946739304887,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_msec":946739304887,"pkt":"REREREREZmZmZmZmCABFAABoCqRAAL0GK18KAAABM56TMtqaAbsV\/Em6hf1DuFAYAfWH5wAAFAMDAAEBFwMDADVGrMk33Jx9u4V9oT8gk9T3N9siooKVMszOs96zlvjMst5cKF\/6mDE\/X3tfb1uyKq+NLUpVEQ=="}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305016,"flow_last_seen":946739305016,"flow_idle_time":7580000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739305016,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":59404,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739305016,"flow_last_seen":946739305016,"flow_idle_time":7580000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739305016,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":59404,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00848{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":946739305016,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":946739305016,"pkt":"REREREREZmZmZmZmCABFAAFIJYRAAL0Ggi8KAAABuf2aQugMAbv\/W2fgE34PaFAYAfYWNwAAFgMBARsBAAEXAwO7rF9fivBYq0PPnnVftpI5xv63Wth8iDXYIbCI66xBbCCVvQ4J9sHqcW\/KB2T6FVper40CtcJE9we9duJ2lwo5jAAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACoAAAAFwAVAAASZG5zZXMuYWxla2JlcmcubmV0AAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIHdlaU8VTQtoxOo631cPtMLo1fhD\/NP8\/WHh2FCfWmp6"}
00909{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305016,"flow_last_seen":946739305016,"flow_idle_time":7580000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739305016,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":59404,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dnses.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00914{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739305016,"flow_last_seen":946739305016,"flow_idle_time":7580000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739305016,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":59404,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dnses.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04400{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":946739305061,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"thread_ts_msec":946739305061,"pkt":"ZmZmZmZmRERERERECABFAAuA+UlAADkGKDK5\/ZpCCgAAAQG76AwTfg9o\/1tpAFAQAIMgbwAAFgMDAHoCAAB2AwNWoPreEkJ\/UPiZCRV0IEx6jRSqugqY3M+B37V87ydZxyCVvQ4J9sHqcW\/KB2T6FVper40CtcJE9we9duJ2lwo5jBMBAAAuADMAJAAdACB0RVn8jGqUM9fyfUTkTuhvHxWfPva1vJ9a18\/+TyUNbgArAAIDBBQDAwABARcDAwteuwCVRbAjw9pKtY4dNJzB+NkDPzUPU\/YSrAhwNpHIEK5V+o2\/HqZHUFxtVJbEBPgURU0pRFWa9dL9lQp8LuDwWHwDq1H1B4wIu6Cjn5BK872nUeQltRw5+FbrO5MDeZZJRgg48HKHnsK1mBHQnXLVwFvBE\/e\/UwSrANn9vg+B6zkss+nwjnEuw1XfKHcjr3B+gq7Tt\/pkx\/SEVt9DDhoVQjkT+nj8Ch6uFvKMxBfoNlGXQAfQ76Cfus9zBAZT5EY1YHp8kypEbWJsqWobkhk3j7efutg\/+7i\/\/3hwY3S4DA+PZFxsrSsM6AIVwaJ95fOH1dRdOyCRxbfVQ1s5uNDJcA7OdsaNR8VQ06UA5uK3FnFY9IaeCSIuzswKtKKP\/cTlEabfxoFlZbInteiv8UhvUx14oYH8877iKbTHauga0SrPYwJ3hDQ38FuPBJ16hIcickFsAxoIxHcrJTcDxD31\/+27P70ucqJUKNnKmwnMS5iCjU275dZeWQ9Zr0T4s7GAOpJ\/qhuQ0adCzilfe+zxessB1BHzKqNpomqUeAJU6wiiIZGwIQCSR9TnB+R6Furn+4OgUG6PGNdXCZNQ9itsUGoaOah9Fd+b\/mJSMoK\/FuhgIcCIxvGAml0OlSPbxxyIuGAWgYtRBimB3o6JaqY5BlDiRDxZX24w4nNBhNEgZ23H2qCY1hFOw\/NxAIqZ6i1OczcdQK5je4mFGQnk7n2Dd0xCvT\/QbVT+DGwohNzMpmrD81sKP2YRMryNcEXaCYgEk0oi4bjQNtHjwEi3WiSTxdHtROjzPbx1MuktYL6gASggOg1Ub+v8yVRI6bLdeV5Xwvz5ZxoF9vdrBEyvVBdMauaRYoyVnXm15LfrTPUCeXkHS1kWpj909RBaupD8tKI35AMNBM63GiCNIPCKacZOle5IpXYl1uAfPyEf7I7c\/Z2VAGWif0f1eRsudqghQ1VDSbMFMSOUlZF8oqR69Dp+GUrZSkzXH\/vlToVdum7PDCHkza\/W9cBDPI5wtxaPFdq19aD9CF4UXzcnY86h4hX1BAKMl5ymvY9oQmQKwLyZZk7gJ3BG3QSRRkEJLHmElRTA\/j6+UD2DUirljLXPFbrXC2eKn2CCwq3Zuv5P5wO5+t0UU\/yghFoQluNjQ3lfw4zQuwuXqm940OzzyqoEcUuHVR8IXnZ8TZqE90q8rCtGIOP+LD4hWpqBqHuwk66vMcJQgwNCFXix5ZnSXLN0BgV30sQI8N\/4QNcrVg18QrqrwMX5353ArFRERLIaGuZFxOud2tKJXNi7\/8bnQL4pfggVMDHzys0Vv2kSkmMM9AH5fy6is33XJQsCiLeVAW2BJv0HWG\/2v54ftufeuJKqjAweFaFpf8nOnSzUujidt2Hj6vD7NzSy9u5bVuAiVU8CLsOjLUQDZZwuXq5KPOpcqPkwUfO\/JhY2IYSty68WbtoEQ\/LicI5G0k7qhGVYDDLZjTT029eOEYuXI7f+lB6Kb+6SLaMGDm8r9Mw7ebinM16XyWOwJ5JBUayf+vtez432JNrnbq1SGS5rLH5Fg5ZMgKUFbGPULmfIDV2jwsa5no0weJKoBPHSF0j2z2Ws3ZeYohMSNwPof+eIkWPeDsS0odMH3bOI8vjnmbAlt1LEuTlP9Bgfbe4EZBkTArblnr1PduSYp9HHqPcDcdegoFu3tk12XJWCeAczLwMdcKTivhfzRMPv6R\/QbwvNULNcqw3kjep\/lhPa8MK5fd2CGyIw+LCWxGXv+q\/ds\/TSYSN0doo9wcXYWwj8LntYcpK6i8bE1mnU9HhfDXOdgKZheyUxq\/2aHTotcU7hlwJGxzG1S8L2XOL+e5cK\/uWYrHMSCsilBLjzbaE58\/UhgQTo4G7REl65txB7jkxytOXC2V8igiA\/VVPL1iSyOqszjZhZj\/KQ7cRXbuiY2hUvh3d1GHeunUPxkjVr7SBFLwo5npluN5uAfc+7Lx2v8sh\/0AXjRBQzrzXUGOKzmSDk4EsluiAOjG78HzOAmharQORiNXCoRaRa+fhf0Ejafe7HoDuKqj5ukCKAbsCU6se\/uViDv0Ko0frloNjTZWVHeFLAU\/8Rxbf5R8lMV480rpPEWmLytLklZol4xviBgu3uvWIUzW30atpHjpq+x1y1B4ZeqEOMO83R7O6ddmc3f06vtoo06tW\/Agu9h766pQvpNm2vTYudTnd6DSqBlKI5KeonXz4AxZiEG5DKNiVkur+pxwlM3ugAjT44z5C6NIq2xLtYBKvjI4ZiVK+oThODcy5mgGaurXo21aX3cTizFa3bH6OPqttL9gjP05Bka27HY2jgRwKVSbziiMro9AX8Xsmg6S2yWOPjJLfqZCcbtLmpaNGvdFtOkH77j4F52qkt+me41p1UftUvN6wiwxxp99NI0\/fMosQgl7ighWoY2W\/IB0fXHatEvBsmPr1KEj7P+aJaj7oNVmyRVuFHPwaBwwi7T8Vvj9wG3gSDuuYdP5+UFDM+35GxMSRkihqY1Nf52lvDc2vDx7TdolcUJnmrezHB7iOplwsA\/pnoSxDqDzY8u2hWCRC+c4jg1z3vL2zvzGplrkFak387ZT7iXl569hRQY0g6W72J\/qU\/wWvKrh5aic7Fca9+09fN8mKvizdcBFS1tmo5ud9hSP5IApLh\/AqNGAsSvFB77AMVMPcqCZqs\/LzhQ6p8mk1Ztud+POMwqvs7eCTrsyIwvCFHr3MjxRECobkoOUnKuDn6O2Ba4MeFaOtHE1XjJdkhICNgy76FwlNk7qa2miONerIZrFWrQmU2yx1Al5ihAv+BSYo7OLYt9zXUcCSntdFwaG5iWvn2D3TqvQcyGsX7n8R8YOUmBL+xEDz8\/cHI76eHoMT9Gcmgev3Cz2de\/7ilgKsoMsC9dl+Ldtg+QDnuzeji5lROtOH+fv+MRICCWa3t+oaVa2XgjAhIywmeaAGP7+W10HhLqbtIimjrrdbxpeltnnJv0HxLov9cXj+b0Pm2tBSSGlhGmiCqLRib5vepRDq5ASTdoFYCIMH422KVZztJ1b63ltyCjG5NtOVaK\/MkO7\/KWS1XPbQXAVUScApoXkKlzQiVxTCMZQoZIoE4pH0+fjzQcElC405f+pmLRfF1iVpdbRwPdWdjvokVy8bVGY3GGXVtgS7DasELvMxZruoBcMEH12JcU31nt00epqRaM7Ty\/hGPJ9RgbFIN6nscoLHLm6YFkdOMqn+3D0CMvB4x652Bu8PF5m7DHJMIBJSoh\/WEUOZDxlHi5CT9KYRNTMZDhIkJj++9o8TtwBf\/+FOKgQZYlLc9emRrICiIhqz7dIu9M1nNq8igrwodBBqfV3IJasHHoy\/F57WNpO6ufh54oPFaVKYJn1bg656yNokeiXMSkMhJsmjb0+SAmQ0rTBRRWtbjoeZCc3gkigutNXY3WNHxKSc5xsJ9iyr3gTZdRpWgWbT+isP5Ovqam4GzSglt\/k+unyjMz4\/f8vVi\/7W288anM52u2gAT5Id3RGTrtEQDPQ8UVftSrylfoNAZTKGGhUJLAcmefkYZfUt\/EB+t1\/S5DOAvsgdK0URdbVybob0RmFJKIBsQ7DYRwD\/HgqXJ6uMDVUKO9XoO+9dwhRf11sqhooAzPCeXtVLggV615qXldaBtBjJ4Fa\/LAamnbZck+pr1D1RAPJP4HQwfBLL\/eWmzwOCA4y+tqnSn"}
00951{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":44,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739305016,"flow_last_seen":946739305061,"flow_idle_time":7580000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3192,"flow_avg_l4_payload_len":1596,"midstream":1,"thread_ts_msec":946739305061,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":59404,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dnses.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00955{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":44,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739305016,"flow_last_seen":946739305061,"flow_idle_time":7580000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3192,"midstream":1,"thread_ts_msec":946739305061,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":59404,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dnses.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":946739305063,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_msec":946739305063,"pkt":"ZmZmZmZmRERERERECABFAAC4+UtAADkGMvi5\/ZpCCgAAAQG76AwTfhrA\/1tpAFAYAIPkeAAA4ov2OS2FYwHLyLK8HvldhjW58oZhz\/dEDG0qRvP07Xrr9KbrwFzXsPAENpwnRYTilEXtuGTXfjP8+51dqVC3h3Voz6vzPB2E1qN7598iQNHjvdaBjrZ71M3dNmhXs0fudaDBYxVH3HnrCgr\/VoLnr9AAImTV5ybiMJS9e3W0V7h9Z35p6EhyTXdDS8\/1x5Ew"}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305650,"flow_last_seen":946739305650,"flow_idle_time":7580000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"thread_ts_msec":946739305650,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":40938,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739305650,"flow_last_seen":946739305650,"flow_idle_time":7580000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"midstream":1,"thread_ts_msec":946739305650,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":40938,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00841{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":946739305650,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":335,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":335,"pkt_l4_len":301,"thread_ts_msec":946739305650,"pkt":"REREREREZmZmZmZmCABFAAFBLvBAAL0Gw1EKAAABrGhdUJ\/qAbvjN2w6lQOuzlAYAfbLqAAAFgMBARQBAAEQAwPaSOnODEW\/53X3FLI0n+Mih\/iyk2Bze7sXLhS9N0ueoyDada2r8SjLZf4K7a+NbQASLzSYT4924P6pAuqOJM8\/hgAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAChAAAAEAAOAAALanAudGlhci5hcHAABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAgYin8bJdqHx3ibHrbfDgwuFVcZV3PPNkWvp1zHo7\/2AM="}
00901{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305650,"flow_last_seen":946739305650,"flow_idle_time":7580000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"thread_ts_msec":946739305650,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":40938,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jp.tiar.app","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00906{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739305650,"flow_last_seen":946739305650,"flow_idle_time":7580000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"midstream":1,"thread_ts_msec":946739305650,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":40938,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jp.tiar.app","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02427{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":946739305852,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":946739305852,"pkt":"ZmZmZmZmRERERERECABFAAXUYr5AADcGEPGsaF1QCgAAAQG7n+qVA67O4zdtU1AQABbJOgAAFgMDAHoCAAB2AwMioc+jlzNc+VBJaZcDKojs21jGEKcSNKyg9ExllQqy+iDada2r8SjLZf4K7a+NbQASLzSYT4924P6pAuqOJM8\/hhMDAAAuACsAAgMEADMAJAAdACAdEExo5yrIKmMZ4nrOia6UHa7Zh09ZMNUZYLDF+NYxaxQDAwABARcDAwAkT\/VVW9e6tSXUn2DgdOFI1vJ9CWMqaG0B1UgAogfcRWwpZ74dFwMDDDNZ3TFhx2HRd\/d\/BnLRqx3w9gJyapE59ga0mk6Gbdpy2uhfU1raH\/kLDwO0PHahqFeiov5PtmafDzH5oAzRDBThfFaKNK986AJtqna7+\/+W9HqZppsUeMeFtSdutMbm9VkvNNWFsngalQ8\/TjlWYt\/LNabidW0R+diEYRXkVHectSDnGgpIKw7AqJmgGmRJSQFZmk8mMFHUip8Ns8L0Qm+4mFM3OyM2y8uotBFp52jwBE4JcdWTlWvX638UUEwGd0+Jev1b4UZvqaI8gBJQiwDYthQvx2cilE03gvQZUs1gLv40OT\/eDg1VwASYtXu1QKuaTXj67d3FvJUxTfjdc9Un1x\/xpNxQ9IvL0JgGMqp5Nvz4C+qRYd\/CysKeUwM5LkGikxDP3qZXZjcRDF3CvWl\/0RJAgB68oCh4lzQ6BTBYQsLIO+2npSdMMO1mcmGxOeyAtRoiglI\/Mu+7bxclTAdkFUgpS6V0wzwluZmFW7Rx4iiSeZWVmQDKjFeHStRAafyFrtH26wCU1ei1O7zDiCd\/St5EWtAfoATjugif\/dASmeS6peR\/N837DyefuOM7XNJbAUXXdVYFQbj88dVPYC1ZWfSpl1wPAKf87TREgv6h4ZkxzRnB6COvKSvUqklCC1SSMJfennS1L0Etglf8wZsulJYWIe6+sEiyvEkrN24bb021w2X\/KuVEn+j5dyEDiGG5loD+4VYwc9G5Wa+jxRUO0+A62CO2opPif7xWIxQXRSJ441bKp\/i7j7P+cl88sdZsTxv2ygPWKGEBO4XHbg95EUra3m5LdhfhQUM\/e\/n+Ak+LAL3mStir5xjEDf9+haA4s5VbKmTRNrJtFiUwt198TeBjvlKCejLbJO6d8gE6SQECz4iM7IcNa\/bXR7adNUuu8qhullq5WfyiHcztVpItdHmrHXbaCsGaPgIKVpIJp30oUBjXbdyBrklTyARetsx+L4hfDlDZiZOEujpickcQVHRV+Rq6dF5UrRJYU3XU\/ZcqBeRvNXpu9d46M\/bhnVClgq2Bd+aOiR2kaho07AGNJ9Fr4k5Jos+2Q6DGpQasXC6x+iPauGKBp59nwGXbOOKtd8ArTxOlVzQmOZH6I0tx+iKMplPSCHR8FFec2EwXBLm\/1vyI9Pwo+zYiVdHp09rRHeJXaKGgiynxtv128gHPWfts6k\/bUS8N1Dw2y1OWa2cDxVOv79IA65ALHyABrPQbEH+byQd5tzeWrWUmzmNi3p4jdd62IgsA8HkYmsZmy5jIyKyWEYlUo1SPeqjIhX9VriaKoSoSKPFRDULdhc+03ZBXd6SKMHCSS7x6DpL0ufFkfc0ZfcGyz8s\/jngcscp5gmPQrY+VfOmrZe4EnOIAqkwdbS5Vejc5Yga2D4LRGGWgMYBm5SScqu5500ZCpE0WmkryZPm\/4OMJ47iDZWRTkVie5Ea9ONRDlM9tVglWZF\/oUiAJVVWh4mt0z6nVYUgTMbtTn0pDKN\/0TJikQ5gt3TXgtioj57ko+eiK8raQcuhqyXG3KA52lsLM2MmWuS6VxCjD2hxANDc3R7BZOaM4bmyza4JUsEms3Y5aNGYiFwaMTvyvPSX55q5QHTJ\/Mi827fNg4TtCrFRxN6XxJuU0RfIATOX3faQkD1YP1V51gStaTXEj1EBrNyqEnKqYk6Yxs2aBmn4CqaTQ7ru+2yyoapdX3D0JCzKb"}
00948{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":60,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739305650,"flow_last_seen":946739305852,"flow_idle_time":7580000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1733,"flow_avg_l4_payload_len":866,"midstream":1,"thread_ts_msec":946739305852,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":40938,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"jp.tiar.app","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"475c9302dc42b2751db9edcac3b74891","unsafe_cipher":0,"cipher":"TLS_CHACHA20_POLY1305_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00953{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":60,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739305650,"flow_last_seen":946739305852,"flow_idle_time":7580000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1733,"midstream":1,"thread_ts_msec":946739305852,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":40938,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"jp.tiar.app","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"475c9302dc42b2751db9edcac3b74891","unsafe_cipher":0,"cipher":"TLS_CHACHA20_POLY1305_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
03431{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":946739305852,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":2248,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2248,"pkt_l4_len":2214,"thread_ts_msec":946739305852,"pkt":"ZmZmZmZmRERERERECABFAAi6Yr9AADcGDgqsaF1QCgAAAQG7n+qVA7R64zdtU1AYABbTIQAA7khOXiRDmimON10SUW6EdkRNtideeCAmsCP9ufTAbxPBEESbRp6rJdX9WpgeGKEcs1FSJYqSgEbwbmVZ45a190xHBVgYJoheRrXwVU8\/AsBaHDXul428WYkRrLMS2d7ip3ZonDd7PZHF6J0j5\/wI70KV9AUCOBt\/Btv4kzO+Hj+j3yK5bLSbWlRhD1fuMQAb+cF537u0\/U3MsC4OMo+87usOrwz6eMrKL+s31DCb4z6f8eENi68oRi9OZYKpoRYjhFkw0unmspSreLKjulrpWluVXrk1btWPgYpUVnavuXquTK1NtVner355EoOvAf5CAN1Y8OcMXqML8XqYMeqEg34ZtCcYr+tnetE29K921LwsoIOkJdbaiCVLTv\/9X++VjLPLL4afBqrrwx2ZkXw2VSOvNSpMcVsFQ2sks0er7rCvo3vy970zXk8N2ZRM9DEPyk4S8i+C3Yw3j6efIbDNyRRGIb1TGn6z1LzsFfHkHQ\/coPiZhIhvnK6o5iGWcHYOGEPLh4XlmZt5EnCBavREWdcXDAq+Rj+biwLLNbp9Xm75T3bbWxLQivCzGfNO2oBB8jJz2Zicez5S7098raXjnFVLWws7S\/ZjTQ11gAbLNqyHJOm\/RerOFZpkbGJsCCKjsmgBFYujoZTifdvrnskuFGuKqjRU7sBnWY38jO4yTlznAvt2Cf2\/I4bnh5roD5\/h3R\/5c28EQTDGmOL2\/KspdGSS1bjToJBQbcS2YbFnjwR5yrS+5SOLXVmRcZDGU4Ke3DaCJifWpD1EVuVb2ilryPAD8yGt9JaIe3cT9jnaxoJojKtbQNqrLa4+HAzDJSTrT+I7IXNvzHDQ5HJdRQkyKEzhMuedfOGX3aae0qJMXEdgmL8U1YL9LUgqs4gaInFpYecyGYMFaC7RpVTbVJ8AclN3JFij4ikMLs8OvolwBsIUxkwvTd2kxXvS\/GtkZpTdB40Qwypq6\/slHam9c8zmzEZ9VsQqYPOs7EU3IWXPB\/7jwR\/Swoqx9IepHlyCi3ipHUa3krt79WKeMN9slFrvDSuGQo7cCX4PwLWqGq1s8n4xGAwbb4PADqo8FJSgQHdjNMolIHMWyuqk5nqOgc0W36SeHQOxctDFxw00aD7\/ZIjnA7m+97J5Qh0XWgw5Lpsc8Mvp+VBxyMQklBuDFOyN3HJKbg943DoSjIMucZn1tzh8KOxw0Xql8+gP0Tj\/ncw8jVi\/PzuMVXmWMiQX\/wdJfEzJkJUlcXDAAE2IesO7KR0oZhnwcsaVEwrsJruOKxYtv2pbkmhOIxpFm4wJGmE+2JRFXkQDnRtvWvAJoF\/v0k69TDViO86TF2AjLFejfwjQQnCJXVkS4fuCh3i1TYrS+lUkfVezPrjjWW3F2LEdQQXJZmRfoBHSJjBhCP+Dcoc3jONSa9PXKqNJSf7Vo6MbkHB0XBcD7sdIZ2\/wIgxkllAd1uSaGBwJI8\/jhtA8RENMPWOxsz00xpbl8rHi+OkSD\/7Q58nbh7qhfzlemdSmsTNYU4yTeEr2yQTmNZcolwert2uPuF9VK2g\/3nveH2piPFCpAJOd4Z5dmxFR4fRYAGlILa5aNYiyWSR3G947wAwiYaU7l0JrzUlByQFpex9hGDkjjcctCUn8127O6yoOswVES887ts\/gfsXkn4d0JROgJbDiWFnN7j7+sZKWDkghhJYjTBSDkBNASiM9XLxgQ\/DaEwEwxYA7HjPEO\/8BxDusP8aK8hEqBPa8c8eFHdAYT3Eu2hChRagjV1O7Z0Zuc1z25GaMGiFKl7kwOrHIqt7609HLDEc8DgoFPHHr7IZJAecPMzvqj2CVzFTWl+NcGQgu1OZDB7YN8IsYE0Hj2wxjJJ4M8ncKFSWkLxvPRwAg+0hpC\/tSOqvX1jgKKAZg82Jl+tqVLBoZ773\/7qHfr\/BAX6oJ0vKtNpEDEGeMy6jjr8KxmYOPhgJuUsXOSiQKReqTW0HLQJn9LpGUn4zKUgOBpUtJCVQOwstz8rJvV98lhrypc92o1bXoXeUIxGojGdQmZAgxriin+ux8aVQDWCuRuunDdKlwCqYBaBQ5f2rPbpDMmRJRFIQV93Nffpu5y2M2nD2zqfxShtHtZqK9Odguom6eKtfMYRNoP0\/G2utDI3qzWXA4Mjnq20qW6WLp3\/OACxfwxJs+mIIux4CN4Of382BKD+HUg6iVDD+mi+PZO8yXcm+iMHr94FuVjknbJgwr8pz8hnl6BJO7Py9BRIAZSwIskF6wOgI\/\/4Qr2JcZ3TwaII9SEN+0Sx8PMXXAKDv89DA4GNqNhV0hw6VXwyvbxpg4tI+badMBjtd\/o4XHqPH+BgFz6M8EMB4Jddticq89uWfyyGOVmNlx8K6oUYEdD6RJBEwIP6yYPzzeebCbDK3en7B16cFcus7h8285+5Wxpsa9ruV64Q9ZoEhEUMGgffnT5ajZ+UpmS77fDl+DfNEzJY8TjXm9EL8XAwMBGQ9SGwhaT+0AWTV1WADn36NruqoDTHdQXMB5KJVX+hyENZfYkPjY19bk0TmuSlxnW4sPXtcFmHvEzv8TYCgHXXFqdgaXEgdtFhRRSPS0CqywSlTwtg9zlqkP6Vu\/gi2jnM2lX\/S3paNkHLJK2Xs42G6p+yMmyRBfn14DEFDykxvC8z+scW1WMMiVZcbQBKhJ+Ek8WtRoS9WYaJ74jobV62XFVLje4Al6wOy0PssyggYMNCsvtsxQ5KXxmsj4du7sF6hIaLMWOz7O8LamYiEYnY4YByhzDbINOM3XB385ribm3TlBE2FwQhpCNmgQNjG7wIBC9IfEBLxv5rxwvF8PVckgsWpRxADmo+gltAb0\/tgSzKl\/30lZxZ8BFwMDADWhE8bE7ktzdpeT1iEQv9HPHLrjBcBDs9EHJnB16E0omVuS5qQqwxUOOBNAVfkBff92\/dyz\/Q=="}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739310588,"flow_last_seen":946739310588,"flow_idle_time":7580000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":286,"flow_tot_l4_payload_len":286,"flow_avg_l4_payload_len":286,"midstream":1,"thread_ts_msec":946739310588,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":37530,"dst_port":453,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739310588,"flow_last_seen":946739310588,"flow_idle_time":7580000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":286,"flow_tot_l4_payload_len":286,"midstream":1,"thread_ts_msec":946739310588,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":37530,"dst_port":453,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00849{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":946739310588,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":340,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":340,"pkt_l4_len":306,"thread_ts_msec":946739310588,"pkt":"REREREREZmZmZmZmCABFAAFGz7FAAL0GqFMKAAABp3LcfZKaAcWpCIgSh0x2XlAYAfZF5QAAFgMBARkBAAEVAwNM+6CQ4xrTV+1tOPP7h0Gj90S89M7DOPc8QQnDuq\/mRiD0eC9rhNsSjRzwJJQFthL\/q1ufnITsbP94aSBdrdhzDwAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACmAAAAFQATAAAQZG5zMS5kbnNjcnlwdC5jYQAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACDUjoSgwC\/YwRC2sL4\/9W3ATSzLtM\/v84EfifaAhQZfWw=="}
01040{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":73,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739310588,"flow_last_seen":946739310588,"flow_idle_time":7580000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":286,"flow_tot_l4_payload_len":286,"flow_avg_l4_payload_len":286,"midstream":1,"thread_ts_msec":946739310588,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":37530,"dst_port":453,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns1.dnscrypt.ca","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01045{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":73,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739310588,"flow_last_seen":946739310588,"flow_idle_time":7580000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":286,"flow_tot_l4_payload_len":286,"midstream":1,"thread_ts_msec":946739310588,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":37530,"dst_port":453,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns1.dnscrypt.ca","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":946739310697,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":3154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3154,"pkt_l4_len":3120,"thread_ts_msec":946739310697,"pkt":"ZmZmZmZmRERERERECABFAAxEyD9AADMGLsinctx9CgAAAQHFkpqHTHZeqQiJMFAYAfVQ4wAAFgMDAHoCAAB2AwOMlhGBzZbQdgMB7SlRRNR6aAHyhH11lUBOX85ujHC26yD0eC9rhNsSjRzwJJQFthL\/q1ufnITsbP94aSBdrdhzDxMBAAAuACsAAgMEADMAJAAdACBUUq246Yl+EWhWLEvZvcutMb+IirYuhEzXmLk3lr59QxQDAwABARcDAwAgZrqPXWP2zV85oWOqSEKZV0DzXUfiOwwJJ+C5CgZ1QqEXAwMKFVw16EKwmaYl6UqgM5FDRFEvQkVVdsBwborgCOxUvP2YbrJsHBMovDHHpAcBFTWebPQJMSKasadU094aHDRpLPrxxCjXB2pxM0WIqTvteHWIfU1Fk5\/NpqSuHKzO0Ra3PwdESYixe\/zb6sDdKKc1TRT99VsGnFNvwT\/9kRj6LGAVtWhnVsCfJH598qgWQ0wNsN5\/qg97535WjDSAoptbAHelOwuJgc8mZW87Z778lSdbGSJVYmbS+Kzpu3czloyo+k8tnMR0gAcl1hEQQ49kVF90oJqhnl11GE\/B0nhnrDcMC484Ni2gzPflOc2ve4l75Bv19quG6UuBjAJ+lAILT2sCAli3NgfXnu\/RIxYWHOwg5dkUsitPEbeddf7oCeQEhHZOIe8IWZHCTWJ8Xas6gq1DtDEctxSwxYTmBOPQYJURvi5XAJunxgkYorZ1S5H22PsJbPQoDTXE7jb\/MK+t+sJi\/qLBk\/QTcK+QjjpfOnPOG6kcTfb96PDiNmimFlhI+7qPbHOuBFKP3RlOfNCtE0LR80aRulQJ7mOKrhCqpMkFgCoXo\/4IvZulEfNa6rLjjxU0mGwRO9C\/8SUW\/MWxf9V+fhaFIFLLIrdk9mjlOAh4RTjBuIhZwdSm01OHFabvxJQc5nWUTI8sDv\/4Hth4Nmyyi395Zo\/bIgvPNsPA6YqSbJJPw7TRXj9EpeXABU58rfRMlnEHMcHSeAnr61+lHN29cf2rb7cQuEObxOV+r0Ti2hnTxG1kzZXxUKMf1TJz\/QNCPdFs\/8sc7I75BLceNNdyiMxbhvl0\/mQYkbbTX+E01I4nneSr0YAWi\/dj5OFWkY5oKdT3ijaj5ZnH8mUoUzF6gidtHrJfWLUutNNAVK0ii3hJTxAh53tLa55cziofBXUjER9OxqdXFQX0xk0dW5\/N25Am3sfN4K9G9Or+Mq0ZjCUN\/b\/4AAu5iVdc2xuiywbhKCKv\/+1ba649i2+11N2NuNP4WLerjRdmVgUEXTqjPsE1bvdPpgn\/tgD\/NfJO4snitGVo2fF0AIvoI8ffNDBM8mHNAe\/P4wCN21PuNzrXMiMwd7BKvHy1yaV3bx1ZcbZVsRq2ArQ\/sz1xvbYIM5K\/4uE3U5TUD7iEvNa+H0F0t5Pm3xl9hPFjB8UQZyCzE0eaHFxztuY1AhJrANiSpn9KUApux28hlfmPpxZwwY\/4voaTDNDh4a6l1L\/5bBlTMZQ8ZTPo3KsCc7rYoLRgUBfec4EVT3pXIcfZwnttUMEultj1OSOdAYKMUVl+Ae797PlHj+BPOvQU1JP+1NxmeW9EkPxvKNxTuFB8Ql03lSa0sP7N4iOT4LxwTyM6btUOuFjsDMq5fFh3z8x6u4eDmVvymYi2lDSt123i5VnAGlmqe2vlBnBoLSjRbpHHKNWC14LFSfaclke+Fsk\/LXqRdmrmwoK42FR8QM5yBJ4V4XBtfp1iJayJWXrv2Yp\/Jw2nGI\/8spJXweIKBfFJYNDE+FKqYVx6uY0QURwmsxmAiNbUSW3iE5ptj6f47Bqqzcu614k3woIktKLvq+R5kAUl\/94OeFfc1MDcYQiS1itHZ6WgYMqXlALhkIaagT341vLWH8EINXXu\/JPbuL4ratmRZsOHcAq4Z64Qth7VsN\/NAOgVmBZa9WLc6jmBs+\/7oNewv6pYbinaC9eFjw+AUviDZIoPDTI2cqHtCKNJKtQeYF8JwZdso+kGs0e4hY6Ekh+Gt4QIAdcddPMJiEMdHRRcI7TJwLsTmixFKIFFEmFMcRnAgRce970vQl6+J2m\/3\/zT76RlKTnb6S5cA2Gh1xVWfifqZ+dJJ4S6U8o2kzOx1BcO4lPr6QndhbLXBopt+TnAxhiNVC0jGSLxxKfJsKliuCmauybike5VfhMB74\/Zd9LI0lHZcyjtrJZpkqIdf9mUmq84TeFEVObpfDxeDp9pwfwnzY7CZiAhc8H7X\/B4eL6QPbJJeDvWRsaiMa8MtOGUovwBK\/1RmmRbBs9Ps\/WvCegAP2zZsifFoeWn3IFAPuF2t4F1jzP6KFB2fJjiCF\/xSMUdVX4mSSLxUy6Noq6HH8DTkiTT7i5Rtb6Z+6YPqTrIz0kRUJm8ymK8qGaWvXbafgJW+zAD6LQJ6Uz\/H9ede+fQeVaNdwR2ZGANN93T8+CUOO\/5QCgVylxvI+WkULYljrgmsAHGf2x4K+AdzUNCRbtqqamvoa9+H9TZ6D9K0XHtu60WRh\/xvg+0kvul3oISkBwW\/5VC47CJIkeqDKIcaH28dzjF68bVaWHBCOA\/QVspO8f7PM39uibr2ZI\/9qT7jw8Z+41laurnLDDiiTcv8nIyk9gPkkLpL0gZ8B7RwNepdi9poakmfyvLsu7noykkUZPrrciaDs4AxlMW2SE0l6ggoSXHblXDfGv1qrkJ+wYHqoIpx4Orz9BIDwmFuIK9uApDePCMMJ8COMRLP5+c7CWBbef3qNt43feI9i3DxrqohnnAeDQ5XayaaeIrWeswn\/yTkRhpCGBJsg0rlCy0bwelKJ5jOd0Z6yAeLdgeBTN7mANe1L7262l3N\/TUj4BGdpkUJSKWZ+F5L9xh3ZDx0CN7nut3setCOi4jALV8qZWBwNBsnPw\/1et9Mhz5yQU5W4hKDkIkR0JbpteXZI\/YulIUs304N95S0rMRs+F91Z\/I1bjxYITEBnA3nKgeOqnJG67UQeyBJy3Wot3ZWs1FnfHSinzEDRXoy\/in3NMk3Ee4UJjJJVvh1u1kB0flpae3nwu8yHniwAQeA4V\/IYlytwzxmH9UBxClJ1YaCH4QYvYTNNn4X5yrgDRFy8aRZbx7KFTZjETXMAwD7jXdzFpBRNyur7a5hxwjkpR1nPJHXNHbl9ulhBQraPk64O22lXmWhmTqqJxPCHLTJc8dCW9Tw+MWIDqlSC6iP\/uFGWMugMNTbPpm71YwCV6DE3MM5Iw3r\/pJtSMpVM1czkfmhYfe8YtiZEI64Bh59v3JQ7Geu6i4Q2THuBrvHiZucUzufDS6W\/DBGI9K4\/J9OjIx3bbp4KuEgDSz3alUQX8h9N3c6Ve\/ecJdJcy74VVi6oGyfaHP6IVk7S15X3oTFjfGBcG+hk0a0dR\/W0BGALH+pY8iH726JsGgeEg52jxxJyoyqN2BP+Onsb9VAjI4Axsa9MyFPMa6R4QE78VraMZsIMjQY2e6jOI2lFaIx1i29CS8IB7OY+l9i9GRSJhN1TC+qRidWiZdwiZ6CGxjzCAIjCNtYYMpt94CcLWARqfnvGVuwq7RqWOpW3L6qgDcGRhcwof3dXDPhz02YMhWNSauXVnUXZfqF8vmR+tgeJWIevQpdj5ioEIsT2Um5j+gijjHh859fJLDhzYVmYtQ3TEi737GfFw2SXnggL\/Iy07c7IZEI94AezYiyRdA9+kLWGaO\/dAL2rthXXz37bspZFnOGyuB0KI3G4RabCIXAwMBGcOMNM44BDplKj\/3Ojq4jdtuoD82NTa5b2k5zkFslQd12hFn3q5eB44nkwI465O8I9pSVocWpqU9EbYhTvyK1R8N4URD7Q5PMRg7Umy5tkS2hB9uZLmMl9DoKxlIW+kyr\/KuqeGrCAN583A5M1yhRuOwYF56CIKxvuyChPRKUAt8\/70gOTQjynH\/\/1nGoYgPF\/ta4eVsTLhuzDLb9mQMc16\/4VLa51E7HgIT9to4lg95nWvnMoIyp4a8sRcKKCYU92Ot4xWr0tqEIEu0fXIbk7\/Ta2loRt8FUwirJas4rlQGX1glaJy9RyPTHTwKV9kLdjGIRncOAxHu\/8Q7IfLg2aWJ07\/3naoyq6szJDQTcE3S8LB44P4jJ13NFwMDADUJ1y22teIy1dcIiwJwX4cS160nI55Nkh7bUzq2ftRXjrZxugVJnOhQTCokK54\/+GLzaYeqbw=="}
01082{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":74,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739310588,"flow_last_seen":946739310697,"flow_idle_time":7580000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":3100,"flow_tot_l4_payload_len":3386,"flow_avg_l4_payload_len":1693,"midstream":1,"thread_ts_msec":946739310697,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":37530,"dst_port":453,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns1.dnscrypt.ca","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01086{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":74,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739310588,"flow_last_seen":946739310697,"flow_idle_time":7580000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":3100,"flow_tot_l4_payload_len":3386,"midstream":1,"thread_ts_msec":946739310697,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":37530,"dst_port":453,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns1.dnscrypt.ca","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":946739310700,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_msec":946739310700,"pkt":"REREREREZmZmZmZmCABFAABoz7NAAL0GqS8KAAABp3LcfZKaAcWpCIkwh0yCelAYAfVFBwAAFAMDAAEBFwMDADWIup5ey1m73Olzdr+La\/pgBsOV2156nE0gjo7pkVZbX+HWq3wNBOBZgTPS2Gv4V1H1NoVl6Q=="}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739310980,"flow_last_seen":946739310980,"flow_idle_time":7580000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"thread_ts_msec":946739310980,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.43.135.1","src_port":38186,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739310980,"flow_last_seen":946739310980,"flow_idle_time":7580000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"midstream":1,"thread_ts_msec":946739310980,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.43.135.1","src_port":38186,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00836{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":946739310980,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":335,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":335,"pkt_l4_len":301,"thread_ts_msec":946739310980,"pkt":"REREREREZmZmZmZmCABFAAFBYCBAAL0GW60KAAABuSuHAZUqAburhCguMeSlTVAYAfYCHQAAFgMBARQBAAEQAwM7gJo4OG7S+iUgpLXTuxo5Xw1OBGj4DiyxVBvpcTjrrSC1ygzgmnU02BGfASVXjVBWPNfoJIqu28ODMXbR4UvXGQAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAChAAAAEAAOAAALb2R2ci5uaWMuY3oABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAg+HQ6d2TRAhXiPlV4SzYTTgVvyRFR0ttaRH8caXLPDAE="}
00900{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739310980,"flow_last_seen":946739310980,"flow_idle_time":7580000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"thread_ts_msec":946739310980,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.43.135.1","src_port":38186,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"odvr.nic.cz","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00905{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739310980,"flow_last_seen":946739310980,"flow_idle_time":7580000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"midstream":1,"thread_ts_msec":946739310980,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.43.135.1","src_port":38186,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"odvr.nic.cz","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":946739311016,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":3057,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3057,"pkt_l4_len":3023,"thread_ts_msec":946739311016,"pkt":"ZmZmZmZmRERERERECABFAAvj5XlAADUGU7K5K4cBCgAAAQG7lSox5KVNq4QpR1AYAO0MvwAAFgMDAGICAABeAwOYp2uqwk2kagwv1bFvuG7BP4gwxFJK\/HnbYlDDBgxtByBtkhDnIYlAH5FeNvmtcy43X+awJKk1khM1gLQ9O4\/1KcAvAAAW\/wEAAQAACwAEAwABAgAQAAUAAwJoMhYDAwn0CwAJ8AAJ7QAFUTCCBU0wggQ1oAMCAQICEgOvzNhD6HsqkMaua9kU943O+TANBgkqhkiG9w0BAQsFADBKMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3MgRW5jcnlwdDEjMCEGA1UEAxMaTGV0J3MgRW5jcnlwdCBBdXRob3JpdHkgWDMwHhcNMjAwODAzMDY1MzUwWhcNMjAxMTAxMDY1MzUwWjAWMRQwEgYDVQQDEwtvZHZyLm5pYy5jejCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMSBtMaoOIrrVwbIP2cWYEJHSXjqgj\/\/9tkWX5PXpNopleDTdQVoDYtrhgWWdCxKvyghVnCCvqzpAdxH9iHJ+YDCJvMhSONvyUnQC+8wqGClBPGGgWuYJiWCNGWLq05jQxU5OjFamZYLeA83J41w0hXJ0caGVgR+ZmGHFjjdBCJABPqlSZbx4n\/8eqoqwv3W6903WKQrR8zszV5MtKKlTANB6QP2yhXI+UhhzdoeLxrEImAA6gxL2BOHWdKuBhBuV+ph8YRaL5IiMHVdXgcmxhPMtLDMaXcrlQWC6XO\/mVYjsQjycz9NHwfX9HBGmqdB8EpxpqAzOMv4Pfea+srqI+sCAwEAAaOCAl8wggJbMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH\/BAIwADAdBgNVHQ4EFgQUiF81uRjtpDLZWzD7gWIvMHk\/TcYwHwYDVR0jBBgwFoAUqEpqYwR93brm0Tm3pkVl7\/Oo7KEwbwYIKwYBBQUHAQEEYzBhMC4GCCsGAQUFBzABhiJodHRwOi8vb2NzcC5pbnQteDMubGV0c2VuY3J5cHQub3JnMC8GCCsGAQUFBzAChiNodHRwOi8vY2VydC5pbnQteDMubGV0c2VuY3J5cHQub3JnLzAWBgNVHREEDzANggtvZHZyLm5pYy5jejBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQMGCisGAQQB1nkCBAIEgfQEgfEA7wB2AF6nc\/nfVsDntTZIfdBJ4DJ6kZoMhKESEoQYdZaBcUVYAAABc7NP+yAAAAQDAEcwRQIhAKJu6NqRyIYQsDPHU\/A2REhgeKHjM4x+XnuUUYMuSVKBAiBvFXWETRjBcg4jaK4iYqlFL3MxxHaFAihU4M5Y1\/QWIQB1AAe3XBvlfWj\/8bDGHSMVx7rmV3xXlLdq7rxhOhpp06IcAAABc7NP+0kAAAQDAEYwRAIgbhSITSEVzSp\/pS3dsOxVrCnCOPr0QsQS\/Z8OeZ0VJL4CIEqFJZjRYER6kq4HNRyZ4yzxaPbu\/njrCFn4rfkG\/MO7MA0GCSqGSIb3DQEBCwUAA4IBAQCGEOIQRUNcWjsX719Aj278yDJZeRktrpYQiEzTApT2VFFAVk9RNpDtIgove0nygMmo0gYcRhVp8veJjqVoyBOpTj8fBZ0k4jHFaDhaRBi5aQXOMln+cU\/N+ZZyxOF\/OvhfMIgmGnNpnX15fmj0DD6pQOeMMvjd9\/6LhaAOIYehc8T\/qnYYgS+NN4PGwZ62L8NBcloKk78UBZkehMmgkPB4R4UGWU+P\/9wBXoct8xHeSEI\/RKypAvQONIxcx+PGOfY7cug8EawYjQxeC0dBrCPA4HuTbflrjLpxCEjs2nsPD4SXJGGl7AoG4paGMGZjt4DcZO2jhWz5unIehkjqEM\/fAASWMIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA\/MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMTDkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0NlowSjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMTGkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EFq6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan\/PQeGdxyGkOlZHP\/uaZ6WA8SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0Z8h\/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWAa6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB\/onkxEz0tNvjj\/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0TAQH\/BAgwBgEB\/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIGCCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNvbTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9kc3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf\/EFWCFiRAwVAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcCARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwuY3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsFAAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJouM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr\/1wXKtx8\/wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so\/joWUoHOUgwuX4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlGPfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6KOqkqm57TH2H3eDJAkSnh6\/DNFu0QhYDAwFNDAABSQMAF0EE7OwduzycCFyh5foVYUYJfj2csLLoqbmNrs4ksDiqkMaHC2NulFxfST4jcCRZ19YEaLojL5JVRvlluRb8LA6yDQQBAQARbpzNdpCTfHNn9Bz14lNKRHZrsXa4X4EmfyVVEagU6WSCW5UKp3bMis8UAzosg4RFbcIE\/BqKgmQG64Bt\/cGitnxq47bonIC\/OFLylrM320R6R6uLkQuGNQpkUlgrZKL\/+YkYqd4ToLlZjenqQeguYlPWOUvDEduCfvOd+A9y2fcGuSyrbb0En99qwYiK1PUm11WXjEDQ91vzKm5Pz2wWWFYuywvRbHOtLetuqGEfMtz5QTTP+GA2fJf1SHhqAtT7v7XaP+5Wvee65IgIoNU6aiAVYz3hwW\/AkDmTqCcqZ608Q7A+R1MIFZgfnWqkxiaXPHcpFh\/8pcgjckhLtTiSFgMDAAQOAAAA"}
01276{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":92,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739310980,"flow_last_seen":946739311016,"flow_idle_time":7580000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":3003,"flow_tot_l4_payload_len":3284,"flow_avg_l4_payload_len":1642,"midstream":1,"thread_ts_msec":946739311016,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.43.135.1","src_port":38186,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"odvr.nic.cz","server_names":"odvr.nic.cz","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=odvr.nic.cz","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"15:57:4E:06:5B:3D:23:22:EF:BC:2E:5B:A3:3E:A5:76:BD:14:01:4B"}}
01280{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":92,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739310980,"flow_last_seen":946739311016,"flow_idle_time":7580000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":3003,"flow_tot_l4_payload_len":3284,"midstream":1,"thread_ts_msec":946739311016,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.43.135.1","src_port":38186,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"odvr.nic.cz","server_names":"odvr.nic.cz","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=odvr.nic.cz","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"15:57:4E:06:5B:3D:23:22:EF:BC:2E:5B:A3:3E:A5:76:BD:14:01:4B"}}
00629{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":946739311048,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":180,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":180,"pkt_l4_len":146,"thread_ts_msec":946739311048,"pkt":"REREREREZmZmZmZmCABFAACmYCJAAL0GXEYKAAABuSuHAZUqAburhClHMeSxCFAYAfUBggAAFgMDAEYQAABCQQS+L1tdhkv27psDloITDJmmm+nkuKGJ6kBYeGBEdwUOSK4polbbfA55gXHwNtK3Y1Aq1CUhl++X\/zqhOD+IGqi8FAMDAAEBFgMDACgAAAAAAAAAALayQyzNIxhtoOFefQYzbs\/rDW3NZGb\/HW2xO7qHfaVY"}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311335,"flow_last_seen":946739311335,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739311335,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51770,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739311335,"flow_last_seen":946739311335,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739311335,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51770,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00844{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":946739311335,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"thread_ts_msec":946739311335,"pkt":"REREREREZmZmZmZmCABFAAFF8W5AAL0G+HQKAAABCQkJCso6Abuxr7nkL4f0JVAYAfbUBgAAFgMBARgBAAEUAwN330DAziY7Qy75ow2vvPPweI0WjrfNmIygzjgDJAOaiiBkC+TeFnwD\/kQWoA8NwSkWiR\/ZS3JD6l8yhQXJVgAa3gAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAClAAAAFAASAAAPZG5zMTAucXVhZDkubmV0AAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AICW+8u6SZcrHjrKSceEpWhhd\/sXKRaui0Qq2OMNRWOwf"}
00901{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311335,"flow_last_seen":946739311335,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739311335,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51770,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns10.quad9.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00906{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739311335,"flow_last_seen":946739311335,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739311335,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51770,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns10.quad9.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02431{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":946739311357,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":946739311357,"pkt":"ZmZmZmZmRERERERECABFAAXUEqtAADsGVKoJCQkKCgAAAQG7yjovh\/Qlsa+7AVAQAHdneAAAFgMDAHoCAAB2AwPsHFeUVovCXmWpA4VyNoqF1JeqKqRwRROYqOPJU94DoSBkC+TeFnwD\/kQWoA8NwSkWiR\/ZS3JD6l8yhQXJVgAa3hMCAAAuACsAAgMEADMAJAAdACBGm95D7Gx83XoeinRk1rxGpZA8u1buvy6HtAvs0UM2ZxQDAwABARcDAwAgBCGr5NOssVZ7TUX4BrL7MyB6aRLwiu1feUb2m7o8fLYXAwMKaD942IoOSpCliO6ZHVfN+ruurWUvz7jYgeJjK7SV5aPdpOPU+gCK34wDZjZp50dMaIsg77NAx4MrmJU6wTsTAwZldztvUMpws2wEYMHKWN686r\/ZugmuzBYB3tOPhjCMvk8pBO5Z4lVJQc9Hb1RsJ03QnqO\/EjZsCDIJr3EwAdBfauIjY3hi6AzlRf9VL9JoUREwghpYtzQDH4RvKScS6ISuIZ0qtqLTaSpG1rQC+HJZ6KKhTxZKSTcym6aIqvAR7ZiyINnXnDnxtWbl8cRiOiDv8PdDsr+5E5xwhcf6QYoUCBscXYYl1EwqfCWZLU9EdSEHvyBTgkaNAt3XMqrEl7x4wjZ94SWxkiQsQ3IyHj5ooHHdJLNgfAhAZ1sF3MqWOMepm6yBmJwKpSpxHS0\/\/oYNPpH+52R4vidTCtKs7UfIN9SKrOu0JFbGVqc8M5lplCXOQx4+S48+BecP0sGtTkcShvyBVSAANiwxQTDnS7JinVgGYtRwWjEqrWQJJopko6YuGLn+wkhYZkogv\/onHZtE4hlsg01xAHJ9PxQYxWbOdVfS1w0JvhE5EDMILwTMYm\/YfzaRcfZnN3X3c8PldLUC8Q00rxaePA+7a5mbMlVzZ\/ZKqlpmGHRhU3G\/b+Za7F3XZpTKcWJ\/+pP4OAaUaey+j0NOSrl7D3\/HeWq7P0vSd\/KYIm9oS0ZJvLtsffCfxTm2zwDcPGhRfKW16iadTUvmoczzCHSYvw+n8hl61iMBIgJerq\/CN9KkicrNEfU8QCR9bMF1D3CABgNImMdCKODlAcrpb\/Ya\/cQUwfP\/CWuVsZ3s+sh12SEW9JLfAgHTnuYwcMjbvAf2Fgpb\/+WmXCT93+A3gLKANXIVA2PfvntvndGO4gXYEiHaUhu4qZSsHkkcQJ5rwvJrE4CSJC\/fp+te7FlAxBXZxU3peCLLIMzIhccFKuqNX9+cPYxqAzm+f4FDsJg5KvH5AIh6Nda\/JBKZzhlz2omWzUxsNRCyzYkCR\/6xx8emByUElOOQjp3\/HRm+WaL5aZHnOk2myD86PdWR0IdZibdlJEHJ2\/GXJsQQv95dhA35hvgjWHiQLe0QLkAtPzosLXULXc5d7ytqMATetgFrOl+B+IuaEJAtm5NdT9m+\/Uo1nl\/TbvSaNp5EaxK2DPhV7Vt+vxmsBj23m0aDhv8PPgUfy9wK\/Niqob3bOD6oQrofsTggzpDg\/0PeQx+LRnGU46v4ljhYI4JoQY+cJBFQKWNeFww9uy1s8SJhz9LzcLFv+j30Vt+r4FFm8AZfzHX3wSuBELuShY7dZHSjQzxqOJfeGLr5ThoXw5ldv54ifSY52Lfxp8BkElu7BDDbf4F6XdVR3aRKy8Yk7ooQevFc0GOsxn7jXeMuFiaf9M\/MspabzWIKD5sTaMPvexVqQrSIhAE01MVqTa8zAs1n4D9AszPAZaArvvaw1dpUAGCn22YGrLkylRxMCN07\/HyOXir6cpxUbsvRgSag8LgIuYbY\/Ta1KZ2trDeXprvYofOqOqX\/ep4LHzQHiCFm14LvDzSoMa4qqUdxfJfOjiZQVsJdT+2uThs188toZRMoZsziXxP++fZpO4m\/wGTJ13ciJYHkQjnaWtFJW9KHR4pPyXX3T1W5XcomUZpNi+tnQlSKiXPl02KPyhw0qdY8Z0WoKV536f3wtH00HuTa3UIk1hZxDmxFcYOKvSwc"}
00942{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":114,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739311335,"flow_last_seen":946739311357,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1737,"flow_avg_l4_payload_len":868,"midstream":1,"thread_ts_msec":946739311357,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51770,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns10.quad9.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00947{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":114,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739311335,"flow_last_seen":946739311357,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1737,"midstream":1,"thread_ts_msec":946739311357,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51770,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns10.quad9.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":946739311358,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1616,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1616,"pkt_l4_len":1582,"thread_ts_msec":946739311358,"pkt":"ZmZmZmZmRERERERECABFAAZCEqxAADsGVDsJCQkKCgAAAQG7yjovh\/nRsa+7AVAYAHfZAwAA1xiWPE9sRZ+HRED66TQP2BK\/H\/\/55yXpchOqptSfdmizDwWdekTWC4fynK8Z2sZPt7VLeiJJja8C3BQX9Rz0xZnn1eoThbbJA0Ru7pA+5J7tyanMo4IQcPUIBSO5p49Bymfzm29G5qjErMG7mQ0OPPjTCRaB\/UjgjbKvSEcd8\/qlBT71ZfI4uv2myCBr7kstCCXPIR18CKF+Z2\/VrH6vxRdx\/DMaAsMgc41PzNU7xNOukRDZxOR62YLQKe5TOm9eGAE6qQfGiWVQuBPTBNCMLbyMtxxnLWSXpHUM8lAFCuaK7Kc6QBacccBEf2G6WUxZTWFo3b0bLTLXGsaAdMgEEvX57cRGL6Gq8YWmgloFc0L4YPSBPg4QXqG2603cgV+j6PlTHv6e2HefSTdXdeLXiPRCN345+9Y7w0ERX6leOOccKhVG5SuGrnMow7zmCn7a2KZDo6IK6nPbbrDUtvAROe\/2qAE2VCX9KID9EijWEziQ9XCbVPjeL02DA\/rYN7wYXRiJgCIeBs3cXR7OygqBY2+3+XFzo9TaLSJOjL2D0foR73wSCVhYWptmpzwaIHjhZCo4rI5hdLdI5wijBOAwhmr7WRW8Yv8AQsnvt1Z4coLNvTRubKzb6tX\/Oxf2jOtE8ql46ReYSM8F\/WAKChrNRMIbb1FxJ7q10gZXMDttRcPXX\/qGmHUzaGCJmbtVGS68jgVwThCO60XMMu84lvsX\/Ppf9SgVkWGycwU0+7rBExjec94Gk2PRYtyBh7FtK\/ojKF2Zx1IbH4Ped7sLfGR4i7sMPLWNn+T5wJpId2IpurmzQEup+Wmo7GS+GCV0scp4nxOFT1awumcjwSZT8bYpF93Gq1VRsPaw1Ed8OHX5e5gmoY4MVzie+NT9SEgMn6ichQsu5snHAMbc8\/IWQxw1j4WN38V6zcIh4u4V1Gd7SkhAHeYNQaHO8zyvvE8ImQNU3iYNHLIKvw9jrqWUBqp23GQnf3jir7+jnbT6O6iTPLexjWoZTCF\/FtolEJ0e895tZWyhQDvFKtQE5PBsOvi7\/BalOF7pvRKDn\/re0ni0oWgQPdEaU+LIaPzCC8LkWYd5oE27150iJxzh1Gp8SiKQXDLhLhi579hHj1+ols2JqJH8RdJfR0+VmnJeuW7LLf+BRMSJBXoQCCLgwxC7f\/h7fFu2xKC0W6c42fJZaQRckgm7zcULCvbrdB3\/7TiSzFX4IqscHoIIazQksB3SnhTuJmLtEq0s5iQGUGxfhlMGhmMgzukQ6S3xziGVGLlkCIIbeLTBQrX9TXDN8S1GsZEFqBjMPt\/N1zN3ViQ2J2at2dPSgSFskYDCKI7W279fwmbZs7V8tsMKdl7zI9bVkSm8TK+VOCU7uRHndZTCFD0rVG1nulq\/L99PnlHGAGXK\/CqGETUVVLlDxaOxEAgpjONuItzxylFN2ddXgvj3hTCiDE8O0ZeY5HxF3kaLieLFjiKlcFdLwH+yoWIasdZ5ETRJVqr26OzVYBTCPTfSgbwHD0EdFC3v31MUjg04ocQ4ZiFf7dRFVtWmOWN0r2SpHXy2xEBvMuqeP3vQyXuuz6g6Dn7YZmJY0+sx4Fy9C8oBJAE0ZwKxguZmJv1GeQHP6tU\/veMnBxdJr3tx5OgYDk+909nj4a5TD3cRR1pqKY8PwvBnQ1a7o21Mx6az\/nj775\/EQh2soovj6zthqPP\/vtXFBBG3tG\/sEPeFuYX44cpRhz5K3N4JqP6Lp6W3KZYJ1EwmXdPWiQcbK\/K0dzC4LCmApJnMsipnxLFAxIsyZnv1pRKdZtp6E4ZNkwItTRiePKudtegvLH1+qbg3pXvAj\/AueIMUCY+nZ2bEiLI67RcDAwBgsXSJyFgjJRWpsUIwFa+B3HudQHKrExr60U8JLlKkL\/P\/S+PEy7whFdA90+7WJF1F8DCmOjyvxxrrWdZx35m5pHvRkiSavCeWDYlRzcWBeiUF0TAz0e0CdFpMI0nfm+C5FwMDAEXIcqRX1+3I4YBN1ZyTwBh\/\/IzIU5lJHrJKAnGrUu2ocpCQI2eEwS+zVK0zKk1o2WUWMhhsV2wCrUmzne3qZHF1rWYeRVk="}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":139,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311566,"flow_last_seen":946739311566,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739311566,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55322,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":139,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739311566,"flow_last_seen":946739311566,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739311566,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55322,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00844{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":946739311566,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"thread_ts_msec":946739311566,"pkt":"REREREREZmZmZmZmCABFAAFFTLFAAL0GMYcKAAABuYbEN9gaAbsU0wRrjALq7FAYAfY\/sgAAFgMBARgBAAEUAwN53D+IdbyKMqUcdChlG3BH1byG6PSts1pdzll38jdueyClHPY2D7aJB29xaaA7zmDQUztgP6bTAGw+VMEA\/cNmhwAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAClAAAAFAASAAAPcmRucy5mYWVsaXgubmV0AAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIASid2tq+mdmASZBUTGU5iyt2F1JUvrNCp22BxrDleoO"}
00908{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":139,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311566,"flow_last_seen":946739311566,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739311566,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55322,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"rdns.faelix.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00913{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":139,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739311566,"flow_last_seen":946739311566,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739311566,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55322,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"rdns.faelix.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04388{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":946739311603,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"thread_ts_msec":946739311603,"pkt":"ZmZmZmZmRERERERECABFAAuAg39AADQGeX65hsQ3CgAAAQG72BqMAursFNMFiFAQAfVJ7QAAFgMDAHoCAAB2AwNkY5ffptLk\/1RQxoHPHysW3r9+0ddQo4Z3YjqxuStqKyClHPY2D7aJB29xaaA7zmDQUztgP6bTAGw+VMEA\/cNmhxMCAAAuACsAAgMEADMAJAAdACDs3oZu6oN3lGaq4ly6\/hAqFwB\/djty35eYhaI2Lxe7SRQDAwABARcDAwAgv82VBnjlaTkDEuDhSukFo4HH4nI6fax\/zFPW2XozJ0kXAwMOr9L3WKPFCRevhqaVGoGS+x\/kXxxMckfNoOqk04UOi2nffzkls4dz\/6PwTgD2O+tiYezNJxr\/6WpHVX82B1TCh5LVuQtfmobZqrhUuztxfuDnZpjdtqBFN8\/ThU4OUKCLhdBohaEJUJaODtpSPbvHLMo+XUoovzoT0\/zM8eQTXQpCXzBBMJx7xHTAsbkvGn3C+AG5zWAlrqlt8rw8cJvpcKk420r2AjCbqQCcOhIk9fgtrE6sGQpDmvb1eDYkMJL0ZWhtJpArnw4DJbVlN2eqshODC2oEeU4LRs6HxumiPK1q9BAYm9j4B\/VQvljlxD1l2D54nI0XTtCqzYVH05VeNSyKwY99P0gfk5KbNuwMkg76KjoZ0pANDmDoK2O7MRcalHkbOzBtmCZzhD7k0YW7eqNkMU5wTjhw6\/SKqF25gZNB9Nt6RXkKo6zhp67SL4jpzGRuSRzfeNfXwE70s6GkDEHT87ePp0CPZwkccES0koYuFCUJ8ZPaF51CsuO3hEK6HLj90BijpqZSqxhfc1mm\/yqD3lLZlsT6EnUdCBK75PQ4LqFtNj1aZVWZmY0bISdBsjTgcU\/azUhlVpbtuwFzbRgeZMjYItDFV3G2Mz1lBTIG8+EI15TAfiX3THktTEDNdXWRIKZWc6CdSZSTQj5epKSMIDeZ3ym23Y5D0uYv2rRWwF77WpaBXG+MUxbpeWleGLZxmojsUrhsTN3K\/SO4YTnIH3mEDcbuEL\/C6kXZUUc3JKUkSmGmNO61dgMehbma4fB8llee+ia3ZxrMWwvGiTS2tpm78Rjdk2lVGQ4Kw0Hv16lr+xG8BLc4CMV63wU9gsM8SvlR14rXUIcZ1w1IVKRMCPj5\/ktzqCSdsd7JLAu6iqnF+tffAp0R7hABno4kl79WtkvKmhCxs2C9rHaxhWuglRBec9Q1dOU4n\/q5s3oTaT0MWOiB9FA9hPVkcr5rHO5WTaUTZCO3f07agWWupUC0SrT4kMq2F7GC\/qyJUokz54psYmDyksoYU5W4XunHAPWif32UI8qTU8ZnD9BGfH74hn454rDYVO6L7CccMxZlmp851erV6hvxeQE4QFic5+4T+9IQsqcHez2OFejw6vdevdAwPVqE+KjL4UP+MGf4lbUn4WzekrRNg4+OLWhqMW5jPxgVFLL1X\/7LXlyiUW3FZsQlx3wHUnrfnXgRsgIdVSezz4HY0222o0JjMjRIsMAML27omWMbFkL1GH9F5whlSmkQo7tR4pkO8ZObYU6gN63eRur2pr9yUb6mdaHxKmoMOtTc07t4c0mmYRPcKvUuGEq\/qFZAib\/Cn9qtJSED+KsOJFP3lcOvHyBWmDkPTuXhIirjxvNRHlhpCinnvq51BRLv0iIYtLa4+FWzOnZxdtRmb+J7gXcYqMUZr8f9hSbjcXpRs0qTCNkn\/vEFebnj0Oa5wWQ\/wyYqcIXbH0+Qg2t4MHCtt5puUCcnWiddPmXVCEbusxDhj1mW7Wb7s7TbeMJNHqJK2wkpexuwL1VqKOcMpKkVK63qTpeBRS7pKr42\/e4RAue3aCNMwXb2qN+nhV\/yAs+no2\/T8CA38S+A3XjJrTp3nRj3b7uYGTvq6vgcySIveyFsNVxbpOrMNJwA55r7OmJm\/TMMYu1Cmm7ApgsYESAyvVbBcTmlsCXf4kc5\/PCSNGVGXc3ry7HZ6UrNLiBxVinlqk+M5YS+nDMxRpBRZ\/l5jocQH\/hTpYeDeBYM6nlOI3a42ojQOf0qu\/s3tJK0pVMQq+L3fiObQL0w0ki8zB\/Pq94eJzcgGDCpDBI5rSkrXqKSKwE\/TPxGGb4EW3iPF5GMaLLk69BANjmbdOWrRbmSOZIerFLKML4S4ISArr9z\/Hd6jn9grfPQF5QPRgsy72snzNYK+cdD78EVK3JLSsYYqn88MbAXaWnvt\/NrtPJL0QXd+HGti75Czr60Z2exrtdLfvuyhP6EA\/OJF74UO1DMZkdkO4dBy70z4Gu4gpkQ7cqPDY0GZ19ZQkhDdIe6tY\/KPM4UldVfU5Ox+v3aicLwXXKsL1aYiIDMExLQqDr8Vp6Rg8MhQd15RVUWWezyYpN93w5RckR2WthYnNZNsPa7iVvEbmCiUoUkbzt39o4APEG2T8nb60w4QPGzL8Bs+6zqpdT6PPZQOoSFcrit36uSRZP8iGT1fW72Vs+Zxy5GcZuta5oSW5oky8Ru7NnhXKgfldlxRBIOjtCyzFizIawHPWtdb1FNijZyZVKdj4BP0ocR0b5RYPeWT1DhR9qwqhFmLRHqWhBkA5vK7BpYSEPmeNp9JvF8mc9PzqPXFx4qv46sa0RB9Om1TkSniqOmaKfC0VJ55FKEd3mCSVa1mQ2nzlNyLUC\/G6NFqNfA87dMc8kmjkPDW9L4TPuUdk6cFk2SWFMlOT4UEAqyKhiuK9S2TSwt8uFOPCTdi2gCXoEJdX+9z6vM3zP1D618aG60X5Ut6n4\/mqqX3ZYS740az2d1czqYB7kjzMa99L4RSKw9Nv7MMuwMNSxkhAXISg5MWpacHw\/KAdEQ1nUyITpRoICmtn4wFkGI6VHWSC4OZg5gMWs1Z3587N6CIw3eN5rLnfYJ5l6ZBNqLnr+ciVip8x2IDHWDGTGr5OC+uJxAOEMiK+fcS0il3LgKzbRTF6C8+Y0IWjT3NlBZzIZBcCE3FjrijIv+69vNs6VJAKOlSW3f43x0FPmVvFyGHd0hZ6go7pV\/2O1uABkUwtp9Jfvr8prX7E0NzIH8AuTCtktrwjOAvCJu4CHVfpkaygbTIxPH5m45oyD64MuKPbsc5SlgZwhfZunmTwVDMaVpXGfayrmusZgZ\/07zHxvKOvoAfTCZXoYameOeAqJlNLuCW2W26TogT5fb\/9WF1j5kVLVJW3+Xr3WsDu87Z6wA7xpdVjSQWvWXCJ9y6jEXbNwmvXmeHALYBp+DdvlGU6uIsmqv2tJETpbTRkgR+f7Dhm8aD8084eT\/a67jbRGqTJcyCWp8HFxcSFdtdPKZoErFiYrC7xPgwqW36MeKC3pPi5nT9yuHbuL7yiKV4x9J1dDJBmuStOS8bPFHHOamsDufj+1xHeCKIDfJN+meXy0zdvw70PEKqqZXmCwfi2TfqRVP7d77vAzcphP1F9+RnUlovNNUieiBKgaaaLwfIEAiD84YhuItQrVIeJCa0jqOgMbgEKi1twm5DKS0bcizlDtDFNkFvRAghS6l8H5MMzc8ps2oVnq34RHWoVdxAXCkHDkkmpkGwGKoEP+YEVOArEfXlh0taA60GiWgLXrspKhJVAnjFiuxV1QiMjD4R5UbJ+BnJTGXsaH\/yPppjwU5bzpYvq1TPW2pdHuooLQ3rQ5gXMFPVeJEv4l3u9D\/o1MxYmTHF6ag0Pg7EYa9IiJh8NJsAWlNoM+jz3\/neEdRD31BwTKccVefTs8giAaZY3hKJ1XXe6Hys7XZMAJR72EIr5DA0qa2euR8ERpA8eew\/h0vqG8NScpvxxA8Cdjmhn\/JwaSSF9ubglNVw4f\/Z3JUgBYq3\/\/+9aFTg5SP56AY5voL2goU8TTHIbBp4JfOUmUTToGPy4GEqVcJNDAs6V2L7PobZ6srGT2l40lZacD46Db+MrlADUrWNBC6GAGEaOIzjsVXO2C7zOXrZPBi"}
00950{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":140,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739311566,"flow_last_seen":946739311603,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3189,"flow_avg_l4_payload_len":1594,"midstream":1,"thread_ts_msec":946739311603,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55322,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"rdns.faelix.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00954{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":140,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739311566,"flow_last_seen":946739311603,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3189,"midstream":1,"thread_ts_msec":946739311603,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55322,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"rdns.faelix.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02347{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":946739311604,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1444,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1444,"pkt_l4_len":1410,"thread_ts_msec":946739311604,"pkt":"ZmZmZmZmRERERERECABFAAWWg4FAADQGf2a5hsQ3CgAAAQG72BqMAvZEFNMFiFAYAfXAzwAArcpCfmGLOKjDkyzsTe+IPkiqYnruzR41MPuGsz88MQqvC3a9HfwXJ6lzqQ4rCWJcWhWOM\/faQczL\/u4LUA47B+3hgIraXqwM7U0QtAPKeofLhsqBn12DazruSHbiIbxy+mEUG3S56+4ZRbB44U5cKRW56AecOVegPdxq19WX7WP4+ZvrOsXSvkcqGqyY6l57+wMNGtK9Hor0ODYeWdBnCWx+J55Yp1BLeNHq9nHIKHj0qCJNcTpuSY3kcxYIKgCzUqmtnXdoJ0GIMlbY2ljKsarNr5cWoMUbBujc0flI7F15VAzRku1eV3Kl\/7Wukzg8w4HiH6xnnC2hyeJ\/S9kg8k3Thktb0MRLph1xkAte3QZc08opc3Fwo1Ft6aRVOUnBzMc2ygQi4cXDCHwkiaI53r8gMzkS7anbEcS4yQcROtN4r2sH3n\/Y2Qw1v5Gb+U\/+RFg8+P9ZzSoFBkttBuC7bMKkuFovtwfD7bmTraXz2TwXRpY3Ao54+\/SNvuV3GwVsY67MLueBEgpQWATGxrbkACZtD4C+lpPBC5\/54MNyZi6y2\/bINiwBN2SHIdC0sG5gR\/DV19ykdqXF3pfYHlmfR3703pqTCdiZz1zhoMZLCPXVwnRt08WzrSf9AJPIVrVED87vfcSxcnSNe9\/uUQ+fPjNxmvMBL8ur1shycxG8A4cFPyuqBeBuBrfVjZFKQN3\/5iT\/qY3bW5kYmBDrHkL2xegzf\/Moa8towjQGmRBeDyc9Fogbi4Bl2lSDI\/x3VZI\/8yRCU0YCrn33V5Yytpt4Nri5jL3CrvqNUKuK49C6RMwZ1n1NkjUcpjeYGCGRXo6SbIn8CHVjiCEwFZ8FbQctAnWvdqfTpT0bXGelftgC9CQThu\/W+ybRqQdwN+K5c2QiXPYvO4kT3LD6oCwacJ4x3t9XRv3AXxYa1UbtXwad0Q5XC17E9XVpbbgKhrlco595yY5V6j1HdG8AkTRI1DXbEp3foy5yEjtW0o9bfHyhwUqC6TBXcyz4z4cHmh5p6A6BMpnvPJtMyGOVMKQ7LtCwwAKXNWcMVkLjSAZ+IrhMtGXoEFJcdmyQxTOI+OfCfdgm6q9yTer0lySMXu3yBMcL6Vn1SuMzS2FSE1aXKAyCBb3XF5Tfnf2rLe4r3hkWTr8Mmu\/+5cpIK1r4NWR0zq6iT\/lnsbxmS39yt3YHMSpG1r36HYatyCzF6kZo6KyW2UJ6fBqDVBmGD6CXSVAKejLC8pL1qmuOu2eXU804WhkOIkczZMz7pQW6C0A+bVJsEuL5Kd7KV\/W2IGcqNMtuMkFf1vHE4VTHRAmWpIDFt5I4ja4qA9N7tAzSWPkgtQseSnNvTrX+nCc0rsjLviAcYafijP+ATzRDOBcDAwEZYz205aORxNiMwaiQeObwk59GyoJ+T+YW4iSATpt8cc0OU+XkwulympL8b+KCt76fJXCt3rgEOglVp2lJQDaaCL0\/EDry33zbH0MtKm5P5nEWpzvQFhaXV1WeS3oS65S\/3UVJT7\/Hm\/AkB6N0iCgWEeK4i80RHGCYRIweyu9kQIUklvy2RlmccKeVQTq37O+\/HqRcQLsrpTkATqOJMvj0MaZ7zkYReeTUbtUUtzasEHVGtHimiktW2DAjF2G7BrMbQnAbkBNJMIcDNYwAwDUJvD2+j752nnR\/ojUHAoRsnlpRRGw8k7CJ0b0wBSknElPWssxoC\/r5K7w37x9u118AdMWjqtzSlF2uDe2PtsgCUxjOE7EkCZxpOWsXAwMARUyGMct3ItX2QiSoGAs2qAHwCi9mgPaAr45Z5ZYVR5NUAg5k1dXUDUazzqq9GbzXT1\/7OFi8y8eMdJWfTGFw9qor9xL6ew=="}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":154,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311703,"flow_last_seen":946739311703,"flow_idle_time":7580000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739311703,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":52386,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":154,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739311703,"flow_last_seen":946739311703,"flow_idle_time":7580000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739311703,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":52386,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00849{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":946739311703,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":946739311703,"pkt":"REREREREZmZmZmZmCABFAAFIvxBAAL0GjQMKAAABMw980MyiAbu+o\/fohj5JlVAYAfZx1gAAFgMBARsBAAEXAwOEmak1ToTEOPVX0jBh7rLNZM1Gt5\/Gr6ZvrmdHklieHSAP2LkoS3kAHcBOg6onjDU7HEdrdZ3cuMs9iD3w5kCD4AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACoAAAAFwAVAAASZG5zbmwuYWxla2JlcmcubmV0AAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIGzt4\/5xvtyifU6VTcrfvT+YrIEhagkzRKKKlOYdvDd6"}
00910{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":154,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311703,"flow_last_seen":946739311703,"flow_idle_time":7580000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739311703,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":52386,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dnsnl.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00915{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":154,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739311703,"flow_last_seen":946739311703,"flow_idle_time":7580000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739311703,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":52386,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dnsnl.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04400{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":946739311732,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"thread_ts_msec":946739311732,"pkt":"ZmZmZmZmRERERERECABFAAuAX8dAADUGahUzD3zQCgAAAQG7zKKGPkmVvqP5CFAQAIN8DgAAFgMDAHoCAAB2AwNcTBj+nowDUUbglTTLuZi3m0Fgte272n9LPifxOMv7HCAP2LkoS3kAHcBOg6onjDU7HEdrdZ3cuMs9iD3w5kCD4BMBAAAuADMAJAAdACCPdFwMNjRtfUXHati0iPvUS7ZISUYNc1KeHBUbO8YTWwArAAIDBBQDAwABARcDAwte+JJAD4P7EW1qK\/KMQB2haaLigWKb\/DYNFwlVC4RO51bq0M8eao6QlrOrDJOFceHVJKhl1p8Ibfrg\/vTRNCJB\/UcW+Fedt+hD1iuUDwTCFZavOS7xwPDkL6497l\/MLuLG4DXgnGeZQ+ANIJd3qmkp82hmnma4vPPfih3FXm2d\/orPnXJKqjQROYWvMcbtvj9Ebb\/txBSHxVMCrKgG408ySWMQj9wSJ3YFhq0yzQL4\/vZaLuRC+Soen8TCR9PMAvnOESL67SWkKNvrhHs7A8wve1+FS4QJZG0DVnfyZjC1lTDakOFEVj8uyQCDIeUSTCCRymHyRKKDInznJ9K1ylbbeIGdenKpQOC\/PvdDSl7uxqaByB3NSIma+imeWtGfSsSVz2bgzfRCO+1shU4LOWr+fJj4VfVm44ziFmXpQXba4f4sLTdWNOjDqe5hsphKeTPq6cjwHY\/8d4YQO1mASNyJu5PHaom1vL8or5mJSUE6nK9PPUFEoI+arXXrdILbrGh6AFzUXQGBrrAdekMh3lpPbuWJTMnyJ+tNhczzi4OaeErbR+eZBtyO483ig0A5ofFGX3QqSY+x\/jYa34H7RpPgi7E73Kv3qvag06VhkcjqWXPokFDtuDpOCx1sHam7i\/mBXaEeSIMn\/6ibfBibK8Ssyhd351G+u7nIG\/kPMrFG9dX2lYQXotCoRmApyZWnnIvnb1Ems9MFs1nWg90WJfHxHinrSdpjBeU8iAbpS\/jrwrYxGk3gVDAv9VGAkZlRz60RiJgOn74olT+JGbdB87Dmd8zXzGHRAs6xX1wLyFHdLBSPxN+wXikNtBamIrek5su\/OhIPfJ9Db8D4NRmo2RQxqPr7fuFEkduV14PFpTKUsiEOkhDJwNg8LiATZ7RVwMg6yMpsydYcgvfMea751TpJNvE95FINDC3Rb\/\/f0HmE4sSUBcBPMBavqAtQ7YhyYupjzYKChAX9lCvR4V0MA3gDeswYrL6CJ2QWYyZ1X5kp+MoOy0A6lbwTY6FAqgtyYhKr1esD7uta6z13oZTeC8zVTDF3SZq3we2RpHyfhsBTKY94xuStpqoHpzXuf67EN9Ci9BXk7ctHV6chPXxbzfNbfHejhQSWblCUVsEWcGJTaWPfYy8Qk91uEWvknUwg3\/gnkTaxOpg74KZR+eQhsLtgXu83uRIpmos4uiAQqNFCr46gFv66IhjUaLn++05xvOtQF+pJff5ceYA3+HVtzS7siCW14iQ0F2g+nmUdK\/l5e2iBJ9jUDVjX1gbsI6q3sWAVlaZSWaqGUPI7tEUJQO+uLheM+t5WJ2hIuHlBrb7V9x7oPe\/w4Jyh22GAaILXTviEQ++5bF7t0H5J22\/uU82cBtUmtPnPK980jnCJpoWHcd5b8NrM+3vBCp31WdecAix\/bw5hrhpdYb3Wuo00LpEwMw5n1XbAIEscw8D\/TDkT3R8DdqFFvsOwEJgVupjA7F1prq8T49hiTkdYl+giz2p0Ayt4KR\/SKb+oWG3y4ZtrykubZr+Qfc18G7yRy1UzXXJ7wFTK5WhTLREjxeCpH6IaQ2zDQ5+I3brP682k2XRTd3nMiVhZaMNZjB3MO3yAICh5zK9ucc+onrCYJIYI\/CtjBj1mJ\/oiWvsTssUIxMNevGNJc8s34PU+GVpiWU7G1gOq2\/oHbQNmNjM6utdbIKFu2BrwDIIIyRNAnfbb8mkTirEZY8JOBVWtUMwNF2wWG\/znmaTdvsV5XVYinNGBvCLJ4cl4jpIhiQHJif7TdKLHCM1mnqE7oXlP0MjNOI8YrXpYFJApJqV+nQMhEAl320hWRRZS9jvtYuADMZM\/zqsrhOwTRUYvn5TUWPPSLkDCWWQT\/boP1Zrm7ipJ29gjQr5TspKmpn4J6SGBQtqSqLcPrjFY1FGqzT0Cxa7I4qGdQmb7BlBoZsZba4XtkUxqQDb7GQ7lF9QZ8stU169sKy3x8YQd1brzqNHrkIJDSvbZZhCJGpijHPtgp\/QG6Dw2\/BImDmY1tBmkVrEm\/bZ+xumAD64t1fYO7WaWjuGbU0Y+9l0+9zDoVeHa476WXFF01qNlSxZZAxFkrGmva65Ha2zNip3N87qP3nyH+3kbjqzMKrpNdw3pOcpWv+PdRxpJZGkBM4aT6LXbJdAxBLLkkepjX3bVMWm9bedod1MvUUZQHAIRVofMSy8iwjG593htNanCQUBVZUhdnlVrmQD4OR5EjaE0aFJSUsVHU2VO9DX1cb2EnPoiZIzX378PPrzLoeda6yE90ZvWYSJeMUQJgjFljjq1Vmv7zPz+m4Us7Q\/oFgLEuTkw4eq\/OB+aA8STNn4AHoTw1B57\/koj\/Tsd4yxadruMqmxj8G0neUx2FN2AmiTBa4RjoLGNzELD8QTXTHG2\/lxfzCVwHvLq9JxQf3uprD59F8Loph7ycBJ+j\/BoYH+iVGt+6GzZ563iyu9UeY0+AiljVO0GFvxbuhFk79OBcmYfgnlTvugErVv1eoGzzwF3KK3N67S4ysk\/cJIT\/DoRZvga\/lMRKstxDLEaDolPIBoEiu4mAsdPBxa5KjB\/uaPK\/Gvldfb7QWo\/hvHLZAM3qCGVxLZ4OSPZzTuJ4fJWIQaOXTrFJVv4TYo67KpO9uvbnZUtP8hCVop9O2qXs\/NKl69+XIEhMfw1KYOxJAcgDxH4xjWm9TWAA+DhZvFs31qLGWSu3CzrM+geUCeE\/Vlrc8pmCZFikrptNtJl0uwOfLeuZUF7VWjDr6R5HxdwbmReRnk8DeQUb8\/JzwIyCR78O7TDjY2uL4IEBoTWwTpLR+tDFV4fNsyzL4VzpHaIwnMWTyomGHXhNDLAvBXN5lZAH1nY9D82KvJ+P8HK2FgOErfXrK6gPfonD48R1bCJofrjuMQkEZVQBGqn5ypZTPRu6EwnkBn4q0ARPtqm0QEoQ1VuhulmyIu4zwbE+pgZlGBWhO+4WIy2SuF0h7yFf\/0cbwCehkDSsGDVM9QRwmW02sBUez1\/0Ml7N8nkc2bCsJgo\/fEUXj1TOn7cIchmlzf+MvAjyYfcGhECzHaENxMQIFKZWAib9UAuoVCbRMTYEaO8+NZKwO6bZTHvUzm+gaaUre7sgcCCP\/wfz0OXBRWwpNRR4m\/LwYXSYWMMhKP7tqCCj6OXjzq62VPsWFinT4KE+SZYXF5y6EZay9KdRh4kW7ybiZ7hqI6uqO0\/mKAHQ\/xlXAuQ2EOnYG47KeZUkoht4zFh4Q7AcG7Q0FtDwRhJqM+GVySAg9IbIymkvgNTTZyOY3isJHVYzmKvFAgPib7ERkwsvRQ\/S8lGEoG+lZogb0KK4PyuRpdocXBa4Io1guVhX2K44\/qHOYqiQPL\/Vb5wtdOiDpag22zTziquJAPx3Cc98vOxAd33lx77fZMHNMz95phNb\/gH\/oBI60jIQ5icFLLZs+m7nP7\/6KXDZlQEY8H6HyN8CbMnqheODed7gRjDQsbXi9MHr27blhbJLCz\/qn8J0uletyL+6GpmTu9W1AZiLdNt26PN\/1uozWEq9dfJLpT7KZnW6S0qvTBGlR4kX8O3fku9pK2qyz9s7t7Ockp7sMMWorJbLnKYK0PgDcQi4HUA+VDHi2RlLA\/XZ9u3fGBeP6zmmrFeEhRc6glZV1JpHMW35YHtgDMlMPiXVu6VYVSboWqwuvKzMobkKuX8tZFxZtF8Qlpv25zGgKwz"}
00952{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":155,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739311703,"flow_last_seen":946739311732,"flow_idle_time":7580000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3192,"flow_avg_l4_payload_len":1596,"midstream":1,"thread_ts_msec":946739311732,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":52386,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dnsnl.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00956{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":155,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739311703,"flow_last_seen":946739311732,"flow_idle_time":7580000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3192,"midstream":1,"thread_ts_msec":946739311732,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":52386,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dnsnl.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00657{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":946739311734,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_msec":946739311734,"pkt":"ZmZmZmZmRERERERECABFAAC4X8lAADUGdNszD3zQCgAAAQG7zKKGPlTtvqP5CFAYAIMEyQAAeS0tOv0CsE56CKvTlOFyTsi\/xDWjEiSHZ06cNkY05jGBZ0BY+\/8ar9VauCfvuAhmfbkHRsufSt9+BCdWOZTLG2pLv7Rqy1KMbXDj1dE3FFg5TtH6GqR+kavc+JEGFEgehaZ\/FbuVi\/sk8mhzGqOKXx4crPRKN7mN3k61duL6EtdmqASfaRcWFkjwmH\/5s907"}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":171,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312203,"flow_last_seen":946739312203,"flow_idle_time":7580000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":284,"flow_avg_l4_payload_len":284,"midstream":1,"thread_ts_msec":946739312203,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.203.179.248","src_port":41720,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":171,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739312203,"flow_last_seen":946739312203,"flow_idle_time":7580000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":284,"midstream":1,"thread_ts_msec":946739312203,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.203.179.248","src_port":41720,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00842{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":946739312203,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":338,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":338,"pkt_l4_len":304,"thread_ts_msec":946739312203,"pkt":"REREREREZmZmZmZmCABFAAFEaI9AAL0GaqQKAAABdMuz+KL4AbtonCHmRxNJVFAYAfbqtgAAFgMBARcBAAETAwNLJ0LoKZs0jG4db6SH737y8naHXDM3S+mAdGRoYzSPaSD3zYs+eWXICfX4e3zLCPsIhyJf4YitXdBLrNgVR3LKFwAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACkAAAAEwARAAAOcnVtcGVsc2VwcC5vcmcABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAg33Waic8Yfh0yJ5buIXWM7xt29S4VxDeDA2qvuzRytkE="}
00908{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312203,"flow_last_seen":946739312203,"flow_idle_time":7580000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":284,"flow_avg_l4_payload_len":284,"midstream":1,"thread_ts_msec":946739312203,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.203.179.248","src_port":41720,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"rumpelsepp.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00913{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739312203,"flow_last_seen":946739312203,"flow_idle_time":7580000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":284,"midstream":1,"thread_ts_msec":946739312203,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.203.179.248","src_port":41720,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"rumpelsepp.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02422{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":946739312226,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":946739312226,"pkt":"ZmZmZmZmRERERERECABFAAXUJ6JAADYGLgJ0y7P4CgAAAQG7ovhHE0lUaJwjAlAQAfWSIAAAFgMDAHoCAAB2AwPlxRfYXMEhZdQ8ajfb6CRVs1xCMiaZqVFxrCKnBSpfMSD3zYs+eWXICfX4e3zLCPsIhyJf4YitXdBLrNgVR3LKFxMBAAAuACsAAgMEADMAJAAdACC7U5tcN1lyGmU4zwJoCO50vCXYPM\/QvTMxioFdnZMwahQDAwABARcDAwAgWYRxXowUwkrzaVinqnzWcQ+TBbMUOwCXts50ql211fAXAwMLXdNQugGPXsJ\/8C6qtHlVybUGs7I40LMTA5OhGA+5YDHeNrEuEhv+tu5lin4eHBImQq4kbeHEAo3aNZo3KmURuDQDW8qwTnUEVfBOev0Cp\/PjSdjbD78ol0y5nY2oRm2fbsKHJzJSSjb0AciAo1LrQOgCF2CvMV+eyOyHUYct\/0CZzYMkLxKZwgRjyAJuXMfA4yEKZGM2df01\/BUbSo1Rl+1vGFFUkgKmIgKkRy+Bl\/5\/aUS0H7x+NZdUl10aLbTaEzyxHvC5FKjKyKio8Nq1FnOONx6t6a1NxwFwus79kTDzOhi2RBBAptjB5bREXvI7I78ofmPnYWckOqrJFFwvKuiJMXscIR8meUqP2LfgWzMDMhsH4p0jN+l3Gq+FBdoxKNoG26O484i0pfOfynG5VCfFmeEmq9XB2jrTV2FwEB1w6FHC1GMZVEK60qV4O+pPgrZRJMZSzwllOfjef8V42EZAcff6ioa4KXyU2Lg36HO0yhYzbeNUU3pAi5\/qwo\/8uuPNfVbKx0eipCjwx5+0hZa74DG\/pD0GzntSqS7YWEdlhEup1mtZmQo0eaDjwGNrCt+ZhJgQy3V2hPBCa6ygW9VMF25ycsILPfVx1AuqPxUOHW4j094S0MBQegEN0J3yWeWaiiBlzmaP9zyQI2IatrzAzhNsYChDHK+csfeO9ThoioAfgwS3AljMljsUX8LckrIXpurphG9MTttyGcbyuYOZgMBCh0hvfGempBEWQ87aRGnYict7DJMJ4ANT6I8mIRYfs9ktyEUtlVvr4PQNKARgob1jc7dcCzVhF1wheYyQGYeS88ndMehrocaatcfPAW+sGsd\/PlwCwZjCKZRZc+RY8UIBMVVQFkJfKmd3vMc6ZdNW+eECwipaKd\/GGSBQQLLSZMZlc2\/fq5kgX+ANS93WhwsRG1d13Nrw0y\/ATREqmOdYnxg9NReWvH6Y9oKaWK0ORmDf6ge12lS9oVHWz42D+xzkGejOSsWciqHXAH+yg6krTEDYRK\/FPbGud1EfOntNRDB8fuTqg6A3gnOVkf5Fe+6Udnrmytaz7VKwjYRLdi7vz2qagJMVcAAVeEuovh5FOb\/1EXijxsxUB7j\/jcKgZC3AwFJv0DQSdWi57X+9030WJdNzGWfONsJDey166z5gtgIr0gWE3XSAHs3+JszFzgP3FC9xVilACKjY2RhRQyvT6fGwve0GSnMhLdXxdeZ6r4BSk1XrmYwxLzeXAWqaNfsfk0zirnPcN6UG26k3lnJ6hvodPS8WtfbDlmo8y38gK+0yMKaENYnpsWQ48t8ZDpKCeCokx5kJ4EaYicnC8gtp5emEtPLOmyhRS\/Kx67Xu26y0PrFyj7Ld8XnP+XpwQqAHuqyPPLcA7ULfoMWkppyHnn9L21Mz+6Ml1h7gnl\/ZwxToT4wqDJUExA47\/9+7Gr\/oh5kj8z6qG0LWqBHYWfEqQZ9C6c64n2xAiBIjVtW2HmMJDocq5nLsWLSEY96ngephvH\/r2i4gA320QycCOlUbe7IShXjhfHajvNFk9aT9mVr+xKfGAIJr4upUShXmjRDRgxjZ9A2ryxbqx35tiU7DJrZpjO\/5DMzEBxvVggb2jlqmTLhZH4TtJi6zfeCLrUu+11tfn0GJzj4HRmOyvzdz8MwTSgWBVisogZKhAqzzkq5ai5YnEcmNOW52YkN74XGWlccUSq2JFZXF"}
00949{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":172,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739312203,"flow_last_seen":946739312226,"flow_idle_time":7580000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1736,"flow_avg_l4_payload_len":868,"midstream":1,"thread_ts_msec":946739312226,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.203.179.248","src_port":41720,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"rumpelsepp.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00954{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":172,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739312203,"flow_last_seen":946739312226,"flow_idle_time":7580000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1736,"midstream":1,"thread_ts_msec":946739312226,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.203.179.248","src_port":41720,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"rumpelsepp.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02434{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":946739312226,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":946739312226,"pkt":"ZmZmZmZmRERERERECABFAAXUJ6NAADYGLgF0y7P4CgAAAQG7ovhHE08AaJwjAlAYAfWhygAAp6lKTcn83BQxpQ2W+POQkJxpRZXfacCT49dCzRTmvnt7\/eMDX1qsnmxcn8IW\/\/jaiVs0n6JrCEPqM3KpB310Ezncm8MGw7ZSfjBA5NhRsYZd6g\/lnjS76Li5236Ye\/OssNOz\/mjZ3Pxtb9lckb\/iUUI\/CTV\/O+8693wmOcz\/ttlVvcsf2F2cDnHv69Z9ZcBThvWSK1Fyp8msppNqA2rjumUxHY0NG8Y6Cz7YUFXsrxgVnCyIlXLFSqfPySagEMAo+BwG8r0qoeYlZ+taxtjBF+CPFNBs5wvSzuudNsLZAlsoLeVbC7V4nVAvK0ZozwjUaQXydZ7If0bf1gWwEwbOWvwXqAGoH05iR0Faj+nrSPK0l15jvP1ksCKE\/mIp4VHggNWOkJSAoQLhJ7eDNcolNe3VlYAesuTAoWHjzA4h2mXXEBGcexNswvAECexp5rG8zj4HDx39qgDVWk3o0eoSeBD1Uedt57E3iKOheQuYjuGPkNLW\/CT1EKc1xsQFJaPuXeJntSsuTJIbn\/JmjGMrhs2EpgTuc4i6KbgNr+Dg8naPJNChEcAoURckVZ0QP1tlwwQ3au79pUNst+WdCcPkSU8h2p+dgHNltfLpGpzxtjAkiMDwJHlE7uKJfM3Jooj+j8pbChIDWDckUBPBe4tCMPlI9VbP7p8jHCN+Jbgx\/vlzb\/jhrZ3VmwNp1ed4spIYgJkRtqvwQ8Z+wh5eYA\/rsAfAyJTWCHM70B9AefRgCTo9QDWJRLYx1cy2\/Boia47DDoYb3uBS7QfII4eh4Kp0F4K7dkOLwQWThipleT\/tvJB91q4YO69guoqAikyr2u0R4I\/dsfO61jRS\/0OGcoHRfzyYT6Gw0389lH9EFy84qx0Src85OaD1tRwt6pfR9awywt5CBZe04hE0tSwRbw55PNLODVlESQS0e66OA\/M16o1ABO7aMZrc1JmwD6a7e6weEeFmAazedN8hZmlYv1tms5VSBekoNgGF0CPdRNH7+BWQQ\/oy6wbYcn9T8DbY3EESV3ngHV5p7hWwxUALrbhEOn\/rgSRIuWBulfZWiwjpGLHCmd25Lp9PvWu2ARh3jmQWx3LqaLBWQZ2RO9BztLQCxX\/fKF1FJ2Nxx5CvAx1deQyJI3ILd0FX\/RREt+JafDB83Cz6gQe6DiXexfTUxaiReu6RStMeEaz6P71JkxtuCl0MQOV+trcnTBAsrOiC0Pnp41ddFZ9LyjPw5Mwgkq5S8GDPbsUHU26OG2nr4C2Qc8pral7heokrRYgBHlPnskyAlkCxuL+0XPLYLPIRRcJ64nRekoDw2yg6gDPsz4RcMVRLhEiIfkrCTlBJmmDuRqLpZJpecdlBmRfFHNMXGB8i+H\/\/tNPFLdJAZryXO\/8h5nkH4Mq7yLQ6vkIR62sgbVPD0Qe836LfCEQO\/hxA9iWtbqSJ07ScNvoG2Czrtvhfwq400gs5KtFeBbk1AFnMyczsxPdl6tp142MbR3VLQmj78nlxilK51hORcVLi9ktXxGEonuDfod4vDjaA3pJ\/0ADkZjstpvA2GHymd+GbXXXQzsOxrlPNaHDKM7gA5XeYsGBeDXesqay1VJZXsBwjzKmLHBEfMmuTQkRGywy3RBFrIumMzi24aTghRx9FA\/ZPDZtgNyArr3TSzkQB\/WYB0FDxqBDH7pfBnH8cJXOSx4GfComMuGBhw8lB8S7RS+Tun6aoozaQ7NOXFkWLUNwlMATJg\/u88xBUir9H293nJp613ia6G8KaLtsNZhb97810Q6p5rpfzJ8sEbxPvnOBsJoN2uNaptS39DLNaJ78nP1N\/6JenLJUIebOzoNXR4wfNgVp5Coyyjw8dfCFDyuNA5Oi18AcVmGaGj7TK82vR9gQ2IWuTm0sTMl0T1RNelk87ZLC7oqgqi01091WCo6H3\/T5HgzDHHgrz3hvSk8s9"}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":191,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317842,"flow_last_seen":946739317842,"flow_idle_time":7580000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739317842,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":60026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":191,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739317842,"flow_last_seen":946739317842,"flow_idle_time":7580000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739317842,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":60026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00843{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":191,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":946739317842,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":337,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":337,"pkt_l4_len":303,"thread_ts_msec":946739317842,"pkt":"REREREREZmZmZmZmCABFAAFDy\/NAAL0GDsoKAAABwx5eHOp6AbvJsoUZMUH8QlAYAfbjLAAAFgMBARYBAAESAwOCYT7eCU1xUXbhTPV2JlKPIHcY7sPH2WwKtpwnSeF8xyAex0Qk69Rnwb5oftgvyqN3KWFf9IzenmheX1LYHsKC9AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACjAAAAEgAQAAANZG9oLmZmbXVjLm5ldAAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACAw+TAbBBMqcOYtJZmoA1qcBE16Yt0ym3XOBLcMkrVpDQ=="}
00904{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":191,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317842,"flow_last_seen":946739317842,"flow_idle_time":7580000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739317842,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":60026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.ffmuc.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00909{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":191,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739317842,"flow_last_seen":946739317842,"flow_idle_time":7580000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739317842,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":60026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.ffmuc.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04399{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":192,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":946739317868,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"thread_ts_msec":946739317868,"pkt":"ZmZmZmZmRERERERECABFAAuAyWFAADgGjB\/DHl4cCgAAAQG76noxQfxCybKGNFAQAfXtaQAAFgMDAHoCAAB2AwNkyl8ogzMlAhTUQA2TsMh7Q0Cc2\/3wZHCiwad1Z9NoaCAex0Qk69Rnwb5oftgvyqN3KWFf9IzenmheX1LYHsKC9BMCAAAuACsAAgMEADMAJAAdACD+8H0HbVGEEmZC5hZLdNizcuC\/0pRP3fgeIP4D\/GwhdRQDAwABARcDAwAkfwnuX6wEOZOBUTjar1eVwNX\/5E0Ocx7Di9qIEnerial2sCiHFwMDDDWV4W2nvLW+\/N2l4x6sJgc8wiYdu5HOhM21Gm3mnFcxKO2Ie6ZC8TBNY2Mpp7Yb5rcL6bqv3cZKl4w3lzpNGDKGTjZnaTdTckz2Zj9T\/bsrBq0FYycXELwNiLo2fX1zTKtRPyLUu0GGauan4AQwcaDjRQzNlNJGd6461bdar1412MhrLksAOF3Zz32PJXTXtFU1mwvYVqphcZDb4pPZ0N+gjj7dNR4S3YwPGEbwlcx1UcGfiv3pyH+UUZNMH5Baw9z+5KY9RTPE3Rfw1bhKsm9xadHFb6suVuYDZzfowFS+\/J7rFZVNyczZA\/78zcdYuuXbTxeDjPhOqxAoQDX7VF1HojbcFFzFMGuyikHPdDYckD+WeR5lbhzc\/IDh75MNMf\/KMikRmHFGsWSPgCfnHcJinGKvxJJW58RraOB\/5irkT41Kj2mTP7rHD5SNd2CjxOxspgfL21g9EgRySSvXC+1MOm1qzwLgfjx1ZGRqf62CTxE1WBGLSGVSBUD0U9VUbvm7X5SNczaQPf0VLn8L3p7i1Ks07MNKvx2UZUXfrd\/RU2JWlAdhuGfs4RK7IYupZ9gwETRs4hxHaE\/JmiH23lQ8LvM6OtMsbQ6PirB\/Qq+igXuyD0TY3sAc4gdxm+SJGHsDpdSKgD9SodG\/vExsIGp+Gl5tevJKVwUT0pGU9EjX1Bi1e0B1xZ5ye5cjD8jxqC6fGWDYbc0qUQnT6Ei3AwoDVwqGAF6EPjjKHUKSNJDHKDRweWDMJ8eQeivUqlu+lhWhCAE9lUvj8qFKlloewows6Y7yqVUmSPPw60JQ\/7KRplxJ3xUWU3++WylOr+8YCwNo64NgMLldroBbTf3wwNL5K2B8K2fa0ar2Xxz3JO0bcvkksssiMRLPicETirp6CaB0jh\/JBv+EtfNF9XlRRV3bVxTCpp5g2WrRk6UQuYXfLZgXXpvWsW3UQwQvcMLuqGRqk0Lrq45fax67cEa4ablkdoldX6BJdVjUPEVJmY\/4EAB6c5ffE2gmcKP798gpjRuEOsJHx7lU8XAha86w59XzXonwVhFiFEiku0\/ryBztip397enoLu3d\/DdWuO13MC2xztCFDC63o+OIx4LKccR2dUluAwyjMQHJH2QfKyLnH3gJwChS1jbNN6JjmBlIjJ5F5oE0c\/LLe7ZNRcNl04\/gPLP3X4Ig1u++FkuVZR4VffxYIDiKTeCsRjSq8xT0sFQrVMRqRExsxUpTFlLjgmk+4A5gz+AWsHQgXQDHpc8q+tpaaLw2T\/VxrMhaAlTNwD0R+fPu6xqKcmZ7K4tPJ18rUG2cCEq2Vyx\/nZ5Bsb4X51YWHYwI\/b62OL85Ky892\/YpuTiyCwr\/n7zKZjbYHc3bE3kJITVYYhhm7SCsQwZLdboBPXK1hc5zPXoZ51+dKsAS5jlTrL7t90UaX+3d5RBjR5yWI+hwkpRHZC4YPu4wFBj9CS+kKkAjOdshMO3DBnfsoKT51IiDooH56PULR9jXPjPvXwHziEAOD5lKZLhl\/1PpgUaU+m0Qhb9DGdPkvd5L5MtmeN6AG3ojp00pWioyce1OEa+lwCX86DDB4V50XA8WSmUf8Ruv9dDKOkEto48W94o6jbWCBaVHLa30AI1sBDsLlVma26j5oIbiMjlGK8ArsP5ukW3ec2Ucyyw4OeOhYe4PTq7O8QJdyRJffrasJ10uS+VJlhZE6nntiGTZcHenBLx6mVY\/sNy\/xKxBzOkMpSKdjL8GC01HDHp6JDU\/ZHpm00Le70fm6tFZ9vCb5wPUsyYycjMTWmiSgMdLOaewpU9tlODZTwi8DEVWJyEa6fkCFWYdu3u0ydeu8NzIOlQcZ1lyy\/E5qNM0pqUIMKgu+I5sA\/1d+JmmvGoRZQYTQTUa3kxoSS7rPzyV28dHyfYsyZ6xH4xX0Te4M4ymNWY+c\/L9THfsDN\/oVSD593mlv7UAAlNYa3xzFv8UKd\/o0wqF1apADEX5sol\/96BK9yt++kADu5RkL3Q9suLz5lPpANm2QRRIs8Ow+4yzU\/7qCzwe3wQndBdO2mvPNrxNQWX0RWtNADT1hADdzQX8UO24dOXh4qk+iHH6bl8lfIvW8+qqcF2nRbvY6bMLSrGQokwAzcMtwiZdjIJEsFZPEIqPD7EZnzjfnQijrIF9Wn4vbTwPzBnADd1msbtKeSaVNdMJih6KLod12TaeDOeCDRiB61IfXV9dgIKfGFyMlxjk0+d6Grs+cJ7UQzYlQ0mX0vg3on5LNDK23JzvxJlO9RApmtXu0TOUl67cxwpSzAdhxbWvI8l0V4Ai4I3tdYPelpVFVsSo+cgXM3bWISOOqQjzDzqnRV3rpFOpKmYj18yo6Iw3eQgPQrdVloO5tfEf2RUtUbOK+ineibqkTHcOjvhuseYK31qZJs+iTw0+voLfLVtqWLppBhUR5ajc3xYiWsGOK3UP0Zb+9tGTDp7eUX5mpFIs5TGNFA+qxq204tT5KujsIYtCIDdSXn6JYPAXRTlwA4oEjKa3OoGb33tMMT9hVxCQHDLFOs45v41USfRH5jGOfkuc9t77jPR84y7jSr8tXiXsE5CuwKv3P7uF9BVlABkx3ZlxEIz4\/1UR7mzFGAx9K\/RIDlF6SxU6mh73+mMXE0JVkoSTGdIPiDILMtKbfWz72\/UvSW7dTt35fwXmnQwL7He\/RlLL0\/sjJ8vBxcVsv7+Y0XxXaeqzhRtNiCnRgUcTqfLUOJS8aBbh4HPdSKkdltzZb\/S5Lper3Z8zxxuZkIif3ZJ\/gz\/T0iQbX6Et9RMROBoUHjPg5pKYqkENDxoMG\/MC0WVGiX5R06OFe3s9dZ\/ozvLZvYcEZE7N7F5n9sPRwd+I+59lPh72uicIxFdChXuEOxCFU0V3rGzpol1Y\/VsMpTxsDCKvlfGj6qXugNMGkxmq51kciXtj75pUlzwIMe6kQUn2jTFnukdp6OPxrp0T4\/lDiC3VaK0fB4xi6LdOz\/EwCzEu7lICtRLOOwfKoiPsMnC\/K4Myo47r7qgooc6Dyct7xyGHbGYJon8e+PQMECksrlAXwIcA8LQoEysxirtgk51VSp5RdhUCampTO83NLVIjW6\/5AUld9ViiwVRqzLBg7wtcqkBPZd3uqzxG5sC5MeKaDzMg3QKygjiklub6zdiCWJK8V5PVpgiHBa0as\/kw\/NbzRIp8\/DH7U1o9eDK98CHzu8jiLgQ5n1w2IYkMJA1JpBIvlpsoUz6Qe08g4O6AzxZi5RyC6\/8K7\/Ed0NrDjr+G1S6iNZ+qijE4QRaBke9Co9IWob47jnSAaxgFwziKOB2hnQn493UlWhwDwQZuENq4DusUKLl4gaZTo1LvBrcu9EW+pZ0sdlBNW+e5bo09BfXSYhwTQVczSoVWspRueOrFVGx29DRpvDMWXSToev+\/5dhguN8sE7\/6r6UStt1tBEq6JkIdV7o\/cGVmADZ9PpG+uKpSV95fJQxwhEgMidjt9Nuj7TkbtLKuomHY1OGt2HlKFszmF624Ixr0UPZ7oS0P3i\/BbBVqEJdJZsiVw4MhJvqQMjH63aJ9Ie4EL24xwrBjLm1YPTGhWjPxzGPCBhmgSj9u3DHYv7ANgf\/CwtQN4PY6wBmanZg8AFnKkxZzdFSDH5pdfVl85gHQh72n"}
00946{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":192,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739317842,"flow_last_seen":946739317868,"flow_idle_time":7580000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3187,"flow_avg_l4_payload_len":1593,"midstream":1,"thread_ts_msec":946739317868,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":60026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.ffmuc.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00950{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":192,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739317842,"flow_last_seen":946739317868,"flow_idle_time":7580000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3187,"midstream":1,"thread_ts_msec":946739317868,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":60026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.ffmuc.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":946739317869,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":814,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":814,"pkt_l4_len":780,"thread_ts_msec":946739317869,"pkt":"ZmZmZmZmRERERERECABFAAMgyWNAADgGlH3DHl4cCgAAAQG76noxQgeaybKGNFAYAfV6GQAACB\/j9FRzrXDeV1gMTvdtnDbaxVBoJBh9cy8pOcYrD8iqnoIgGbCFSCgUCuevEmCLqMD6ndxwNBjeWxvehtGcTzYfxO5MsUhftQ0+dqR1WhFRhDtmvuIG3Q\/1JnJ+iTTGKy7+d19ANVD5kJS2Kbw1kq1CCeKCETSjOhUhw85xD38cYnUuHGOyMgN3a57KOUyOmb4EwXoByM8BsVlxu1vc1oPozugCeie0GDWpbdeaEmjgROEgR6DsCHE32e8OUOXMw3\/fTV5lRZlHvoE+WIdAJO23JksMoSbzH5lXNpwBfPg5fllHB2gzZy73MltgSTbtU05NdkOcr1ZFoqdQ2V7wBDgCUult1m1frKnm9RbG5so0kMdI1K2imdVR2omx+E2ZIA0aLFwNHZ87uVzv\/27AUYdBTlcNoD9yJPyo52+VSIEhFJ+iC6HMt6T8vMgHE9t8doC6zzQ5PPfhV0Y\/wHOciEZ1QCJawdjeaWA1oK+LH3dEkeN+2N6ZvT6aGJRirsBAqqpY1jcHkYSWOu0YNfkmmhcDAwEZhRt19HF8btCDpTYJhT082yjULJw4KauCEpxSogJCDv0wIm\/nxsgKWJ5swMbqyuXpT7mdSSff3VOjrgPc6f4pSWMC0gPkidij6lKAHSShm5G9hfxPyAE5LFfSUSjOyv6KeU3qvvH\/y9kOCN3ZJI34MmNCSHjx7F7SwgBhT+XBQWcGdTlLW08ufWjBpFEV0wweQ+sorOCpyYk1BQhN7aPpwW+8cPmzhDQyCikmnIgsWh1OdzHEfXqnhQmoNEJoF7iPcZZ2Q5XdXc7TB5Nr97MOlFTANPGwh+Z0IQ0oeyTOBC76R3rCyPcgQuUbw2ZmngRvKZCro22Tf+lTL3RL8Wypoy8hNNZMukYZOxZV3pu1hHfTdtt5At2T9yMXAwMARRSoalzVajpzS8ANj2fKvjjGfm\/L7CaKj2s8TbmN14sqePDJ6R8MH8TM+nnzmnQKkuZgpCVkmHfyoZtoN5aVAw1RpWQU5w=="}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":222,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739336955,"flow_last_seen":946739336955,"flow_idle_time":7580000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":284,"flow_avg_l4_payload_len":284,"midstream":1,"thread_ts_msec":946739336955,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.233.106.232","src_port":46658,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":222,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739336955,"flow_last_seen":946739336955,"flow_idle_time":7580000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":284,"midstream":1,"thread_ts_msec":946739336955,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.233.106.232","src_port":46658,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00843{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":222,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":946739336955,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":338,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":338,"pkt_l4_len":304,"thread_ts_msec":946739336955,"pkt":"REREREREZmZmZmZmCABFAAFEM0dAAL0Go94KAAABuelq6LZCAbsgVVLXybMJllAYAfbmxAAAFgMBARcBAAETAwMcr1WdeadOHog3lEpiodEeAcm2gZJgU0L8O6YStA7tWSAYYApreqfeMV002xSAt2FZT+xN2PBaLBfkQPkpY2yRnAAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACkAAAAEwARAAAOZG5zLmRuc2hvbWUuZGUABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAgsGpq4zmMsA+1iGgtz9f+LYYNyHCIQZ\/zq3SyFDX6FwI="}
00908{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739336955,"flow_last_seen":946739336955,"flow_idle_time":7580000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":284,"flow_avg_l4_payload_len":284,"midstream":1,"thread_ts_msec":946739336955,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.233.106.232","src_port":46658,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.dnshome.de","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00913{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739336955,"flow_last_seen":946739336955,"flow_idle_time":7580000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":284,"midstream":1,"thread_ts_msec":946739336955,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.233.106.232","src_port":46658,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.dnshome.de","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04395{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":223,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":946739336992,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"thread_ts_msec":946739336992,"pkt":"ZmZmZmZmRERERERECABFAAuAvuxAADkGkf256WroCgAAAQG7tkLJswmWIFVT81AYAfXxAAAAFgMDAHoCAAB2AwOH51VjdKQ\/AZQoSOmoC7jYQ9n9NqAbTWqEvktHdZeP0yAYYApreqfeMV002xSAt2FZT+xN2PBaLBfkQPkpY2yRnBMCAAAuACsAAgMEADMAJAAdACBHlT\/ckNv1zu+YfSt\/zxC2rtSjIy\/UHNmUMGM8UGyVRxQDAwABARcDAwAgwilHvuszxY2P55AdC9vc0WNmaI98gk9UASFHh+rOkuIXAwMLGSaHw6LineCaEcA9j88fiSZ7p3jmYBOCmFwXmWuJbNVbDX18tcQr3ZATZwug3WdQUgZQuGPbLNtio7ePY9WJu1m+mcBvlmSf8p+kNIdmks3LygnPjDC2c6UxorLMoKdZpIF74n0UwdI1haIk7t9SxqKBNHhLqhVzXfA\/gYf10GXPi1hxhIDRS0KcW02uf1aHSSQNM4lfDYD4RpVTTVdscI7J3G592b5BxWNyVv0Whq0mJ6igzcGRSA9ve9GnhfQ7PQUMhLbnBs6Wh4\/E06aah5j\/y2NN9Rc5DR0mq07rU5Ce+\/XxD4lUU+ekKKMEv73SbncelyWJ8Y5vAOXrDEqq81ak\/UBhx9qx8\/JbLt7htRmRK4POVPXjov3f3Cr0\/J9vWUZrGJZBIzd1UHWlYZqWZ2e4zJnIzt4CgmUiyp0aneIGvtzNkXr50R32ENIRIAFyE695Wqs8jERpSPGsHn3huPrLifotNcrG9GhWfn+P06Pt7D4zUiFfvh+LyEBgC4g9mLo7FFTR9ZBh4cvU6KR2JbkcthJ2\/eit4GXyWKglPq9JYKNPyFUXXYoA+haf0kKxXZykljYvB6S+pRhq5fgW9P0TnapNy0IoETL\/FsgOgMCO0tJLa6wJ+moPbCUrnqhRlYqM1pTafI1RDq9YRk8QTG21gC3tmzmBSfh\/ZYdFQXZmYXvWfFwGRjyPIT9+zMlqq2Pdp2JskHpsbB\/FwB1MOL4EMGO2rEvqAN\/G+LUDaZwDQErYmrvokCqs5wzQjVzO+vQiri8OiX7KtSVymFdc3QbFXkOIAgL4ZCdwmcaz\/rCx33yioKUWWt5qTqCZ9pmtXhl4HcAp8XhgUIEYBgprpf\/Ti2fp0ElRAFLFXlwNoLI9iggooHHGhx21Tg5YhcbP60KH\/320Ma9w9iPFEDojm9a7Uksk9S+uRWv4OhUAAYKjuWZotkEozfx2xPJWhN+3nf+Iha6M\/PTSY3MMhm1WzIZxhGYM104LxfJgMU8G9gWojlgvjhJ9uq3S6TQd83u3bJfgu1uC+MqFUVxe5NSUl7ikQ0I2+aFOcROfwG1sC6mO3ReC1pSOUUz4gO3A9SSBBDyhLMPE7cirAIcpsT33LqFeeSDEu0N967vwR6xVh0M7jpo7PUXyGgThPlyiOpRF9s8WGXtAs8kIwGDjwgfzhZb+5Ica\/Es\/V\/Dcco2lqRgq\/dcAdyZM5sv0arfbaybN8N7gqsGjPTm+jzsbUO6EEvEXHs0ldZG8m8mE2GFXoShd8wgIhqj+fRxwQgiYi3jFhqxSX8HSBaQWBy4gUMLE10OhfyAXvg9pZiOtBVXbyXYhifDjhNa8C4V7nKfsRjcc+IPNLOUCpNnF7zVC\/0wEFNmAysEgZKbiQ7nvWTQEj\/4XkHTl7q+V1nyze+YBcVwnousw\/sC5PPMkFjNe\/rVKH6Nl21Xz4CEnFJQWyg9SJCs8VgXn5Gx1la2fl1eBBcFXXyYGSGvhO\/t81KOmn26l6yIAJ+49g5RwCWqzmcqOfJ3ZxKGRw+Q485Of16n26ALDBRuhLDlJPjC0rbaer7p0vcHW895cpbl01o6MkW2RA6neV7IiozPr9ltdIu27V3GvvBr7fVargxd2L+tYgyfTl9\/WILWXDEQZ1hdvd3QHM4PdFHFrVVzTGEggsJMhAt5dWLBf1xkH6HOVjXSYC7QWsq9x8ZMQQFScuqTVdGfJ7phQpuljGNTYHS3Fr6g3GHbNodTeleAa40XcWPRR1QvCNrU4+1mAEfui\/VF5yCnzl57O6v4AZaL+xkQS3bq5TgH0cEyHZIZPSXLjPO+kUoZirl9ExMfDKt7TaVQdS2YK2Ak\/Zeh3+0YL9HobNvrh9Kdgz2l9vzkzpGJFhtkFPLbfyoUqy9qVF5BYXMDsDNfzLRqQCkxTChoU3Oq5WC+NNoDfVEiV1uqKr4CPZT+MhJo3dMWH5rs\/NiqvW5Ts1TD9YHqyVEww4VuTJUEbvVoPl69h72o9XVtS7KLsKkPydjzTTKhHgn+fyRDhXnwLBWppDpzlYOaK5Bu7LUZ7jwPpDGb2uHb\/NdM6kLWzWHLfaWGXR9MiHxj02STxuaoJkhvcxJyZ4jf7EzDEtGtwrRtO9550RF2CTHt4JP2DLjHk039ZthYCTpxRqRekm7pNrIMm6JYaNTmH7DS2CnClfcodyWQo4n2PKz2RufAiyCR1Iovd48L90Pg2ksKOnBbJR09P4LdtuhxQLd8MMrL6a2NJAZcO+1X34ekx37pjBc0ECEHI\/F2EsMCaSmXvfpKvJDUd4hm6Lh+s4zDGKyYb0h4IN9C5WV\/0KBLeUKLuzHg0tLbCpWl5JAtrGio\/3uzgZW3lPesajgf6\/6yAiqz5a5LojXhnEilNNECArJbZRC7dxSLQfHafj61RDK6iVUhWyQIyby8NmvYxyArKL23gG\/dtpUv9vzD5buro8NzKqBt4kyQq5AyRDl9Pdx90dbqzL\/wNfIMw2mirNqhLtAV3Lcmt\/A5VrjLx4ZixfonmUVwV7Oggr8cd2H76iCaLM2zov\/KSvGOLzKOj0+VfjyUlo5Hx0LkrFyR4dGU8OrY4\/30wah66XxEoGD44ZGGY9mmIzDkQJmAUZmkkS7CDbDg1Z8FYCE7np6+eulLdG560xvNnTNnZupEtGdS5efhEH8mvJ96YqbwwP7SeMnjliahQXu1+lakhVlu8+nICagunD7qLvS+Fg8H3c6rjbWQ5ju6044gUUjdx9m9ucGTb1DOdOSzatH4eu\/xj8ZAYSsVq\/DNz\/DBK6wsphchGHTe6SX3Win5Q9xfrgZYWPZHl0ArgB0ilWMiV\/ALLyorbVNLl9DHnMkx10GmbnCSrwAOigo8SWLMZlWe1j\/W9cK63Ok4pAEypI+tsaU4+KGNcg\/Y809pje8RhsRhZyPyRSO4W7\/HH8AmTmAipBXMFJFIlbGBgYuDxl\/k3WXdS2IEVB5uVrdrK3IuYdnPCCcVuL3hLwj6k9lhcwgEM27zriQrtCvCjvLyB8dJvyzZCywv3b9Z9hbJbpIZQI3lMz+XJWCtXR9B5wT2TiwcFkZLA8v\/Gj2OeLuTROa+JmAs1Cy1LT3LNHOmrtPT6ceYpz72COQRQio7ykebG+XDgiLiCvhnLtQVxEQCyclUf0DdNX7KRiUsNtpm9qhk\/7G3HsLQ++6h8v1DP0f5LGqLcix7u2oI33Cf4OwaMqtYGg3yPzbp5wNZ8XB9tSXKBPcsjkv4tUNMLMknHSDtW7RBZerB5euuv2oYXeLw6W1kFDZQwREcwkkkFkPaFTf2R0OaQ0s20yEJ+2MP7zAUxwADciRnXdaSacxi\/MFaNm0cuKFuTZ4y\/Y5UDPv5UQlN6az+4ZYU2R4xFvAktPXCaDzYwhyETBBXTQ3kCDrI2ulxdBfYOIiMYjZjYc8xv3tq1mBsJ+7sgbDu2gL\/fzU\/XzK9B7Kcn43ttHaGeIj+jaXeNq015DYfGa1PFCW5NxEG6gmnM2Xks2\/Rnpc+U3EocTaXUc80yTiNXgxgwYfe8v7xwjDD8vmvRwIAbeusZYjtv2\/kzAUu4e+OEPcd3Jl7OxogoNIIdrVgd4b6ak43cbXB0SXrSOX\/1U+4+a3+9h3qxiMRT+7taHA6EbLauuw0gFFTQLeevuvsRegZK"}
00950{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":223,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739336955,"flow_last_seen":946739336992,"flow_idle_time":7580000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3188,"flow_avg_l4_payload_len":1594,"midstream":1,"thread_ts_msec":946739336992,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.233.106.232","src_port":46658,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns.dnshome.de","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00954{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":223,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739336955,"flow_last_seen":946739336992,"flow_idle_time":7580000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3188,"midstream":1,"thread_ts_msec":946739336992,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.233.106.232","src_port":46658,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns.dnshome.de","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":224,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":946739336992,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":782,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":782,"pkt_l4_len":748,"thread_ts_msec":946739336992,"pkt":"ZmZmZmZmRERERERECABFAAMAvu5AADkGmnu56WroCgAAAQG7tkLJsxTuIFVT81AYAfUY7QAABNww0uNuIsxm8qmdOPnMYeMk326YaxrhZ4BeE0iQsCOXpRsiKt+zuMH\/p46kXln3RjaOovnK3lxdaHFHnp3StO0w+9qyP8dfRt45iKXPZFHyuSZwyZICfazc2HX7baqawWsKHZ5R1vywVP6AqZpQ8xcDAwIZV+38qSfJjoOS9nhUEl3M5HQzO5DKRWLOqxVrOGS63iBZfxHLzBoty2qy3aDDfnx2Xca0b33wH+vr40qRx9mkz2WtuJs2PYtZyC6YxK5JHe0kUVYNQ8e0DmF1+83AmxFepTqPZR2RfXf2xtUUMst9Opu0LUgXejoef7ambf+g9Hfx1wcIPED7otCGjweGJmU4YxhSCmvm\/0prJdQTwLXZC1W3mnq5JD37u0ZpUZMdfulvx59AlBuxI9dDcGROTozpsYCeE9oOe\/+Op0XuIETBK4vQLjS+LqRPSPWlSzl34Ie9Lj5RtzFBiCOGkmC7wa1QGFdc0GBzHqe9X2VH4rhHT\/IVDbq7gKOuuDcZFEQo8KQkkgT\/bghJzCpIQIarVLOPJxv7EiP8jhgdtK0VY7ia6u+987fqrobyPuMatQbDO9AYRrsJJ\/ihFxuvGwFO0eh7s9vftBi8t0DzNQTsnPfAcZ\/ZhEkLxw\/vJIZfSRisiciHHsUp4piy+90mTdN5MUCDY5ry7DKAw6vfyOQHg9r82wvKNjwJ+rcekPLEv\/FHRvy1AZ1HMnW6KZrjJNV8SoDwDvDT5+zsDiOQRZ1eS4AXXC0O32K6gqAACjcqP2miu29e\/oaEK6\/b1NO2Ve4\/XFw2LcUxmiYpmfORgcrg0e71Ts168PRZOrwhuw4jECElrQOXPiGerekKt0pjC\/PXBVUwNa02PEriryGUFwMDAEURcT9DfIBolrnsJBL883VWax5ssbCevOTqwONlZ29TVRgiw1ubDPfUhqNcVCvs6bW1xyVTdeWqdjyxvrhijbOm0mBmopM="}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":235,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348407,"flow_last_seen":946739348407,"flow_idle_time":7580000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":286,"flow_tot_l4_payload_len":286,"flow_avg_l4_payload_len":286,"midstream":1,"thread_ts_msec":946739348407,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":36012,"dst_port":453,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":235,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739348407,"flow_last_seen":946739348407,"flow_idle_time":7580000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":286,"flow_tot_l4_payload_len":286,"midstream":1,"thread_ts_msec":946739348407,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":36012,"dst_port":453,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00846{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":235,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":946739348407,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":340,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":340,"pkt_l4_len":306,"thread_ts_msec":946739348407,"pkt":"REREREREZmZmZmZmCABFAAFGD1pAAL0GczUKAAABlTjkLYysAcV+b2P18dMOKVAYAfY7WwAAFgMBARkBAAEVAwN1j0zYbg0sj5M3182ApIbVPce07i2k0VciV63ZowCdCSAqVc02WrOXRNItgTWsiYtxSSngWuVjvyRNgTc9xl83+QAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACmAAAAFQATAAAQZG5zMi5kbnNjcnlwdC5jYQAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACDGkG2e0e5ygLjqcZTIOnp7CQIXlvblqyaK24BObKyFNQ=="}
01040{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":235,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348407,"flow_last_seen":946739348407,"flow_idle_time":7580000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":286,"flow_tot_l4_payload_len":286,"flow_avg_l4_payload_len":286,"midstream":1,"thread_ts_msec":946739348407,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":36012,"dst_port":453,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns2.dnscrypt.ca","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01045{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":235,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739348407,"flow_last_seen":946739348407,"flow_idle_time":7580000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":286,"flow_tot_l4_payload_len":286,"midstream":1,"thread_ts_msec":946739348407,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":36012,"dst_port":453,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns2.dnscrypt.ca","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":236,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":946739348519,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":3152,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3152,"pkt_l4_len":3118,"thread_ts_msec":946739348519,"pkt":"ZmZmZmZmRERERERECABFAAxC6ChAADQGGGuVOOQtCgAAAQHFjKzx0w4pfm9lE1AYAfVGVwAAFgMDAHoCAAB2AwMRVjU7SKUNCImmvfttR+GlB5jHaN+TnBAPl2NNilPzIiAqVc02WrOXRNItgTWsiYtxSSngWuVjvyRNgTc9xl83+RMBAAAuACsAAgMEADMAJAAdACCw4eX0v0AF\/2ysIrFslRpf1BB8aJflBi+uBQjF\/mpUaxQDAwABARcDAwAgSKLdPzNvW2jgnkkt1ArGKeMX1pOVS05PtE3+\/eUokuAXAwMKE7xrj8Cd0gecm+XxCtcCbfqp0Xw17l8bEv\/shADxxxp2Bzbyoz5R49XobAcn0zX4NMbYWhifQlUUPNi0pizuvO4Z2uJ7BgjBOgi7uGW9+EclkcQWPWUejxuRe7O410Q5Df3K0lFnTAKG5Q8hFQzWRLGpFNFdEHr9f\/gxxabZC79EC8Yp0yPXv\/HmMDXkQ4MFiklGk+tPcmld0DJxvUQMzeQxCm86Y50216avc9vAu6fj0J+kYdXk7oWDmD2dtLnR5EwpZu8cRY2UbUkl8ALnrb07VMOoFJY7zPFJIjuPu6NJRBVNZJB3vE0d6+a5PM4g6gDBfk3e5g98tlFHWiMNmuoZFlZFFaCJemgWUBnumrnynKFU46wjegkqBdCTk4d+NWELHpY6VAZduP79nQdaN3tx1a2c01muRMXnx81+ULomH3\/REIZL8cJwn+2P90vZcz0nqHAdHNiNOVCuiRaWyF4Wvtc2sEcGUjXGdVCvWK5\/TAJXm0J2jHwKksw9UwwmgBH2L6bGrwRyHCJ2cw2hrKj3bjjl++Bt52RqDx0PVra\/rDo\/D9uT1POR1MaM\/x6LwSGCpAydntCKtia54FgA3Uhl\/nC30fr8SinEx99ZlxNZcUwMiSNiiKzXEm9FsWYC\/mMQzJV1i0LpOAR5NQqTWYZcgE0\/OveI8ff5IAowgJ+Hh\/4cxgYyfxncxnZuou7BNW6vK67qt4eHbNzMxkGd+MYfZPjpdNHgl0+9xwS+qPx5Geun7Q7WO597TYhUFRG65T4qW2mYIUwL1aivadFz0v3ufWodzPjitCdjrW\/CjxtgUeuQtpa9t6KowJyhDmylZ7M\/A\/0JA+G7fTgIe1TbG0xXzz8kDHjrceHEBB3fFYvU5PKsGoQIH7p5mVRtoWylDhNC8a99xzxvR321Mh05C\/rxybySPX5rS74BeJ3VVwh0u5wrKR0eaWETinu\/8G\/XeeDanjx9v3DJgHY+pmOJ6EfJAfykxOYeiP4203LV9khy85bpP5JKwpS2QMRmDFSBHdsHpJDRK\/DdvVbwNlWzfHpmLZWIHourYiO61Z3oUmy4jI6OPDHv5EeJ3GNgfdU2yVIDdXq\/feGnWjZ1ojjDmfZzX6Ga4usOS7QhUW\/qRlMWXjj0hWmVMuLgwxGhGIXFKHCnNkMvxhSfzVsE\/fi2RWPnsN8Y42mvONkcXcfz9fwVNPYZJ6vnJUdC38oFYuyxT6LU0tUbEwaY\/ADwFl01XGl4ZRLV0i0vW1o2ORCGan1S8ji0kjp1PF5SgkDszY7oyvcHWR2j4C6IQfUNuW9sz\/BQ14X4v9\/xe+MBb1f30kVxu3I5Z5sCgwSJyclzM\/f\/w7+dPBCbaDnko\/4n8h05Ca12TAlFGzHkKPnx1A7nHgTXQTbJZXVUHU1yc6wwHk03G82kbZx+9FOzA9UNN9spmOc1YFepJxRmeK9M4veJGaNpfRVGQg2bta2RYDoDQK6oksPTzxPlWmkrVyuPbKNRQte57AnTO0NVTFr+bzDGOQFV5KuQbIF5hun\/LyUUKo6IgZruMikB6RR4IQ2uwGAocW75mLZis5bpZE122ilxmqMjkobAkDhx94FariZ5KfD\/Dr73ksFu0dQOrbgEoWdEDM1QJlwefbcBwmDPAZLTV06HvqQLrQ3a1J+ItnjBF\/3OcuGO6PNfCT4mXVZw\/XCZX37Gyj2evv5QnGXPK1+Sz2Q5HIbp4HDap\/+BBCzFRfzqg0GnGl3jD7AOmoAQDjzGfNFmTCT3IVA+v7COJSJTgvupRfK8IGZ6AChkDUM1D7TO\/gBXEdODTbF1kgj7tfbZE7QwEaK830652BNyQJGc4RRNwEbSlnyim1OuU6TMP1kn575di9kDVNjDx2AGxl9r8\/Snh1yll75FKAvMdPXTtCkrIgF4ok5dKpFUBKte07uQ2NnmiDy8tXArJDdFY7b0nRfBceQeXxY+261VTVS3qQ8BgkT+EbOmZjAyNz47hC\/w2WDlet\/NE9emDu\/WKqWCIy3yA1831JCwRHJDtJVAd9ss2dknfVJUGkTZeyaziCfo\/hUPLXsYyHku+nVEJbqNRpQOhPnb2jeGQfmWpk2og0U8kSEHESILcSFehIwO8Vb02doDEPxmjiluOoiNj8DTjVwesJzOCze3nnZ5thxuSrDhczvTCxNeMi2LoAi6IHJwv6yKmP3cCkUEWe4z9AbWZf4hUxJmNVNy5Q7vVV994JHX8omBPWK038vtH5PW7a2OYFKIdjI2Yz6SzJZ+OqlYbYFCmqa0c1eGXVB\/8TqdStQuai1fU0TE\/mTy2FB8c7NSR\/VKsBC8I6sIjqPn9nPpsLX4Aa5DuM2tqeuJozI3MGtgrFFDrWyvjyt1h\/ISepVOPB\/T+JPzE5fwBCeACmNByH9IK2FVF9+wHSMnDH3Rdcgq4pgz6QU4cUluqyfpyzHlgAE9GfUnMqJiECiCuREVqACQxSZ7sa2wTa0di8dAGzoqN4wIPrx\/temySP8MWqmu\/laj2zLNnRd172onl\/m0hR+U8Hv2MACSDGStNO4O5BZwFSeic72yCVIqhVfsgHETqQg8hlMMT17c\/Uj9ao0O73iw5Wjk\/7cB+lK3LZb6byC2wyyD+pd3TtLmM3qgg8MtUgLGKfhsIhfUQTp\/XqEKFU5NCsHHu5VZEHHRdrJOXdW\/pdNLP05EW9nsN0M81ZPdlsv4so8uNoBrTLmnVUIf8Xa\/+SxfhPXt5a7K9AzUWWAjnEVKewBClu712Lm3rXDDG8akrRqhMVator6IljVQJj5vEGH7cBag89maUZ4A+3FglL2gnFPZqquwNwRZ\/3ZI\/mK3YEJZaZg1I0ttRdpLCWXjXUB\/Ipx3mzzk088GloS95doYpwADCEaNRAt8ezUks5kQLYjOijiV4kNTL4MxFeNVH8TtI\/eKEzXoMQeONGsl0ElE1PvGiv8WDRmkmPVWFKUutMd8AsdJvQyoKp4+YBesIZnfv5oqwoZYzY6xW0eyUs26A2QPqxn4XpA6GW55Ed1urfGB\/LM4y6m1PQnCV91nOX\/rijw0hyc632Jc4nJK2Fy84ObW9S4LluL+dKVbnJwm07LENwwbm524\/mub+gizMq1y+sluBrCe\/URmcV1qijGxp4HTb+RHA1oHAF\/FwkQx5VCNkGEMN0VqUf0AhXzQ7n792nY1bKlqBB5bwOJqseO8f5u7xOkvAJgvo15UUiFg3Fs2KF6ThIQ+YMon+lnrc8ic+qxARfjEb0cUl2zxPZdn9Pk3JDZvc3FGGanhfOsuSbbIvGq9hrnu1dWnHdMIQG0tNqt5ibv87oqeA73DYcjrRkRvnmr+NgiyzjsYvnZnavg2SVhWLOyeYi6z6452amFOWjGib+uO3a6rOPS\/dTZTQ6OPLUcWKxkXHJYeC+Yo0LWKJwuFiHg7pi2FgUOZ1c24VzSrIDORj9fOesNSZQSAFwMDARkW8VkjAKLO1iVO3Z32JB1I03p1Xf19NsjcozTvJTA7tEC3r\/iX403MlEBRFX3aGlXo2cYSoUTLuYUpZWzaPV43zoko1HlYoj3YCwOBNXEdg1n9iG9nfj9q6\/IWDsPyy9SboWjcQJVD0zE5qJ8DwGucAIvsQ7D0zCtLvnxWjjpqSDdb9tOBYDpaZBZU8KCwR8LHjkKDpJkQyCpohil6861j3biEmWgZIX0h067Jmu+\/GI2jSqgEcF0VdDgb777Odt1jnDUv6rPpys\/KpOKpGwd1sOOD1atUuwZ2VWxJpoQFOVZofLGtGDAGLonrwSCzj9\/ObIFITDrXAwr6TE8\/SO2citlABmWDWJNFMQq1IU16fmzPW9wZ2jhYPxcDAwA1KFs5Si96rO1Ec9S06xPPSvxONjZOZ1eDJyi5V7B3adcTvi5GDWF42J9ne7Y2tNbnJdDWBMM="}
01082{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":236,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739348407,"flow_last_seen":946739348519,"flow_idle_time":7580000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":3098,"flow_tot_l4_payload_len":3384,"flow_avg_l4_payload_len":1692,"midstream":1,"thread_ts_msec":946739348519,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":36012,"dst_port":453,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns2.dnscrypt.ca","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01086{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":236,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739348407,"flow_last_seen":946739348519,"flow_idle_time":7580000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":3098,"flow_tot_l4_payload_len":3384,"midstream":1,"thread_ts_msec":946739348519,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":36012,"dst_port":453,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns2.dnscrypt.ca","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":237,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":946739348521,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_msec":946739348521,"pkt":"REREREREZmZmZmZmCABFAABoD1xAAL0GdBEKAAABlTjkLYysAcV+b2UT8dMaQ1AYAfU6fQAAFAMDAAEBFwMDADViidEmWrIRj1bupCYNTHJ+IR+sbSf6KT90A8qW52RQBURyQL9vFT6E9CFjlI93BJu2cr+zKg=="}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":252,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348961,"flow_last_seen":946739348961,"flow_idle_time":7580000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739348961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":38018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":252,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739348961,"flow_last_seen":946739348961,"flow_idle_time":7580000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739348961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":38018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00852{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":252,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":946739348961,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":946739348961,"pkt":"REREREREZmZmZmZmCABFAAFIPztAAL0G074KAAABLZm7YJSCAbsJfFJ\/n27j2lAYAfaq8AAAFgMBARsBAAEXAwMZV\/YJsl1KDGHp6vinUuSzBgwYUj7HikeN2yT\/6PXJXSCCG8AdBIamvVFUtiPCGd7atl\/XGLRDF4fN5wiY+j2o\/gAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACoAAAAFwAVAAASZG5zc2UuYWxla2JlcmcubmV0AAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AILqIx\/2aPwjQ+1CtVREnVkbTOyfaXxjQI4MYF1wNoZlj"}
00910{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":252,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348961,"flow_last_seen":946739348961,"flow_idle_time":7580000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739348961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":38018,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dnsse.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00915{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":252,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739348961,"flow_last_seen":946739348961,"flow_idle_time":7580000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739348961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":38018,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dnsse.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04400{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":253,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":946739349012,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"thread_ts_msec":946739349012,"pkt":"ZmZmZmZmRERERERECABFAAuAVvpAADYGOMgtmbtgCgAAAQG7lIKfbuPaCXxTn1AQAIO1KAAAFgMDAHoCAAB2AwPVEzRRR6mT0E92uybAnGbGZWeWVD\/m1\/eNOhfsedWm3iCCG8AdBIamvVFUtiPCGd7atl\/XGLRDF4fN5wiY+j2o\/hMBAAAuADMAJAAdACAZ+iIImd19O1rP7adwYQe9xC\/+1jN6jL9eBLofHG6SbQArAAIDBBQDAwABARcDAwtedm5F60tr1KSpSWgXMdmmX3Ys4sUEWudZbc\/GVmqkUsaepFDQQ8mcPIjegsJEHlTqywqGyBqt0c8EFI9PK3y9wMc\/+3ozr1s1L0Jd42MTaMhOndcbb8aYEnSYi\/zIVpLn6qdOkfyxUEfDDwQC7tdpz8rWkLOD8s1Gc\/+GapP01LuZUSoxJKMEPFivq1rS7ax5uSaTQJul+x0Q1A7WKBQI96lxNlKhu8S\/F6aiQdLb9bng9LygmgdlJ0IMNTAzSle754kwT44x6hxHdY+dgL3FfpB162mfDfNtflZ3mHhPTnkpYtlwwqsdseLzRBUZP3Q4Ja18aDfnLKv6lwZqUkYqVbKbxYZxo1iV+7HgYRo00AC9h97+\/fjdDvQp1\/ZlgGZVor6fI\/2UbNyKd+CKXq\/WxiWd3cfOC5mfsohQgZfh0mCkf9dr3uz3ujKCV4y2skvjk\/nvMYWaCk8YYJ09fpkBhHkvDLX34BQkxdq8SFFlf9KC0xLeicU3h\/prF3BxKbFcEuJVsTQ1IwCvvKPttu9bXK5Pot+r5ctGacxaL2PbnIguGLNO3oXuqP1Q9c+9bIOgs3SrVqvTzY6u7z71LwLT4lIRUT1tdFuzNBsI3uP36b\/9IAg3kdqQ6B86AhSq6s9YI9cVyIl6Ij\/v4hTBVX3z6+HeVN1ZOCnsTQ5pzdsr1wh7Urw2Dq8ujiDkOD+Fou6dMOYoID0SKEwKKw1eszHLhxLaCFy\/r3d7Go4MVMtt3WT79fbDbeLxIVt3hgCghutkKtcuHd5chD4oLWELh6tM9hPl+4nCK4m\/+O5cbKg6OL6jCTY\/gO0DykmoFGAjlffWT5qFPKGIHd1y6jfLFBTeg895J4XJsRYeS8WWpPvi7T\/OrrEOEoSups8MYg4y47m6jBSiviaU3Egrqb9OmbARusmAkBOc+b7sPEV3vJ7rmbEmSmp9es6Ma1hTLKZ1zLv5y87EpErdv2GmabDERgys3rQli1zICByjjT3wKTtOmnCFVus\/kEZ20ZKIT3R1SBoRFrSMK3NkxEq+liNvGGcf+EHNQ14qDPBLs0m+Amz59cCkIeFxK62ZDg\/D8+8JoEQZlyE9AWaFti+8vDVxBObTHdc9i3Kw7ewteJw63QBC9EWl8n8clagy9wb+UFjl1FNsicAfIiO1Xs\/Zye+Z2EVvEt6aOGsYYXUIiuSHHHy+OTANd5q6FtSmxH5d29V\/RRYtUF+RFNqvu7jCJbpfY4CMi\/uFQpCXgIsM\/FuZw9ietB43gXYBJPigmUjQOJrnl2aOEVZN25twSZkyFkDyfGhTbcdXECqNFF8TnC98sE4z4cSyaAj5eIgD8KWiILJX2yoi+dB+VLGxM9ljCfyywhEqQD9FxwMPenX20RdEq43Qg2oM44SbTOcaPyRK5R1+UoArEareBxTtwbIj1\/gYPRWTkZ8pK7ELTpeDzq5dz0ptJVwSUIH0JdKkVE3RFHc7LCdWysSVUeFYgHXl28Deq1y2qizxSTQTQGj788zPkj9nRqwsew3ffxErP0pR2erOmxzmRPzUcbJ79H2yupuK1CFndSabVcPzkp0n+2KlKx3Rn8tyf\/hn5qm64LAaVaGFpUoNBQQlUEAUYg9kdMVxRV9nD92+mrKa+2JReRncweAA5LhgzrfrEPwyc1B\/FBpBxwIyV7Xy5RQehy\/n+t2tqgDOZsROSPZV\/c502uShsqQ80dFUM5RKxh0mzHQFM0OK4kAUJhq4wyFBHR892ibgw3EufqDFUX7y2fDW3v9sHJ0PjEBQf0Z+LPQlMJXmUS7wgfHtNIgpjboq9\/XXfFayEzII5Ncg7bWrTiyo4JZFWiVHcfds+TlAJ90V8nR81jNjJjiPpWGiw\/wBoLReBkDgcemdC73ykLweu4Hz14TsLOSuTZsu5EZr2HV10q+61hH6ogeRQcst3XaFzwE6kceLYfEcwH6tnp0hMB9x62cNInT6JQ8Ps6Dsa1MRUtnCTsYL1E0KIBY7R9nY7dSZJpv6\/qCWpPnVEfxATo177u2nsXiV3PW6LNV3vcyinTzbbKWNsqHSX\/Rxrwf+OdHXgpeBX43CwbB+Rl\/n0BchEVnzKV702Gf9HUv7cdBb0q\/i8hYFIFBzZttYWXxvMMCuX5vFFfZ+rdfdvsqESgmVU60GNMEWlpOcj4wiK5O4Sufp7t63lXuXFEGAyK\/zCX6bTsoTK5InJmYeoxH7z6vro\/3e6Rs6NXLtea8yb94qYkPEVBEqGEipZDsyb\/R\/lWwE43D7Aub6g9hkVbl53hLJGZnLMYjNGkky7jnCfZMKDiaQ3bMKv84lVUSDkp3sK9qeuBF1mmZVLhv9HAxir3SYBNQzWsBGcCUpO9xkV8FP0kj\/iTW\/FfLKk\/DKd+BUjaxMV2uhSSQCmVokip5q8tl9J4DEAniFz7fyP2MXZu9ul4s+9NyHUnr96E7oyJz9targa6lIbTNrabDpef+RQ95Jg3dEACMFcNChtfiB\/b3jxW+VTLzdeEUKMhmN9RiB66l3ilE2UeLuKgX3mDdaXzGma9QHxu929MG9uV3gmQHGDy5TCH2vSSxC6z2\/OmzDacBVelfY5Epw7lZBVVGZZnkHXtDZ9aRkPwQ5ycPlis7xyXgrmjnzVXCU2sPi4g8aIZETiD58CL1o5eQFVuuBNN+YXqwNw72pWFPr7n1hEhwv6Vw12CTiC6plOVTlmWo7Hq2\/pHWhiu+RR5lh+vtYdVwTRC30+fnyRct1ka9vbNMqvCrrwxYa5D5R79sdMZcHtogzlIhlvBA\/hEtCrwDCOTsOVV\/YHdG3yKWN4O6RFwnZZifYo9t6777XaaqBBnRbmAIh24x\/s0cQdV+c5CkmqhwnyVXuFfH9t0XQ1553XL2pziV2ZWgjNschuXZ58zhktYtAMF0VjgYyEW7jDxhCpc\/J+cRaztT52A0ytvkRgmQaVyJn+aLdW9sCq3AlQ8gfIfMUsOa4qrrfYi\/W6wC7p\/JpUVApLzH2mKuhH3cCajbIykaOD4hdj7uAYv5ROV\/V+1+PXMG5ia\/9hbHOgDJFO9d9IqY7KSn3C+1mBqumfNrcdhFQFiTH43iJKL7gLi6km2zN5cYKZjrmjbjv3JkWSUwYRpPDfBjgX5JiTKnp6do79w4bx6CpetzdKmLMsuX1smdlFu3kujpvbqv6a1KH6F4pTm1MQ5RJmmfgdquxg6OsIIvP\/kEDn+LVg8ZMm87yYyquFkOWwe1Uj\/Vi3kL4fPIR5niD5XVoEWohLwDdVCqKts+2P1GYyEHqQAMrqWmQegZl\/LhTQw4INPlPDFEm0yb+KBOh00ktbHzCM3CFPGnzYO3alldd67nq954eKLkUOGB9MeSY7cUwdbulO4dr11zq3CmOecqOMxOt2f\/VIopIebzlUenef+vRdxbO4ewVSqUhsy+yoPWXBOpZPgLhhY3LxBP7ooDeCCIO0lcZB\/CBSyUEgiFK4lZ3kAGz8uFt3A\/vRHHEykEvXspKCwmakvQLGtne7shF+m0j\/3K2vxEjTMcnD1pU47tDCPXW32n5d+GKj1kQXvMBCTdCNuO1i0NSTDkuKc7j5+f6O6RyusC0fFzTP7MVdbXFBb1omPMQEuUSj0+hj0rK73sjeV5xq8OVFpFoURjJ2NwQsCAu\/jAm112150nTKknyPg+N6HqbvoOC0Wpkh7IwnBnV+fSTZjZ4AEkEeoKm"}
00952{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":253,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739348961,"flow_last_seen":946739349012,"flow_idle_time":7580000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3192,"flow_avg_l4_payload_len":1596,"midstream":1,"thread_ts_msec":946739349012,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":38018,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dnsse.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00956{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":253,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739348961,"flow_last_seen":946739349012,"flow_idle_time":7580000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3192,"midstream":1,"thread_ts_msec":946739349012,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":38018,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dnsse.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00656{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":254,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":946739349015,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_msec":946739349015,"pkt":"ZmZmZmZmRERERERECABFAAC4VvxAADYGQ44tmbtgCgAAAQG7lIKfbu8yCXxTn1AYAIOAngAAUbudk7Sx467B78RwxwixN7WbszxDSJth5tiFKuiBrGoB9KFJtYBVt1C9rFJk5PyiCKlQsUVoHGHAH28fXEOq226wLx4N\/Z5eAHXlqMB6V1mSenxLPr5ItjgHCvxui0hIr8CHs4BD\/dcyFi\/lJAfYyCLIMg195o3ptTftZf8UL\/yW+5j1eIJyx2wYxG1Bmojg"}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":266,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739354159,"flow_last_seen":946739354159,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739354159,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44640,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":266,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739354159,"flow_last_seen":946739354159,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739354159,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44640,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00842{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":946739354159,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"thread_ts_msec":946739354159,"pkt":"REREREREZmZmZmZmCABFAAFFsX5AAL0GP4sKAAABuetRAa5gAbtwXMMeYngARlAYAfbM4AAAFgMBARgBAAEUAwPEqi+8SizamcFZuiOMoqnZy7ZEtN03UH+nij+VYBL3GiAFdLPwuVYC1BfptVDzpRdMmd95Dbs0SjTzk4T9Cfoa3AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAClAAAAFAASAAAPZG9oLmRuc2xpZnkuY29tAAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIAlFpvTRrkboC35Gi6Kti1ZQzFT3L63Tg7Ad2VS1Z0Nh"}
00906{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":266,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739354159,"flow_last_seen":946739354159,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739354159,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44640,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.dnslify.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00911{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":266,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739354159,"flow_last_seen":946739354159,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739354159,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44640,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.dnslify.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":946739354179,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":3168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3168,"pkt_l4_len":3134,"thread_ts_msec":946739354179,"pkt":"ZmZmZmZmRERERERECABFAAxSLpJAADQGQGu561EBCgAAAQG7rmBieABGcFzEO1AYA+rX7QAAFgMDAHoCAAB2AwNebHWZixx0UeVpRBPFfxfOwpvxbfyV+ENeQi\/Un6YmQyAFdLPwuVYC1BfptVDzpRdMmd95Dbs0SjTzk4T9Cfoa3BMCAAAuACsAAgMEADMAJAAdACB1L93FSUikFZRCKYl+OoNXGHhZBDYuCiNIjz\/6VCChXhQDAwABARcDAwAgdZlJOwY6+pChCwvT27tLGZnet+yerzqND\/r13r3OLdQXAwMKE5aV9MRHEDXFawxN2Z6ZXTlxr30g5cib8A44fkQ64oQQPk\/j2rM6co+1b6nblkLeVstFbtdteXwKa840eY9TBhZcpregM8Gpq1oOWaP3aNoy3x0m7PtgdMXWTRJ7rBzMj95YpQgnRNENvlH3xRXTNJuz0OfawrfLZMK40dTY8qdEtSvVWaOv58OBFTZzds8x7Jv0lUMqTicPkVrWkLGPasMnh+a2IVbs4dzr6AhsFrB+RZ1Cwi3B7S6zzr3HKx3FQGuVtHh19izb6w3PsdZ173iclTsS5Bteswb+0EdgltfMU7tCCWlZhlMw5cbiqzX6GLMdzRL4kMNW6gZ94dTc92SBIwy+nEoGbWZhqTeDuHiAUARf+gliy5YoFjW\/PRAypf5PMRtEZClIDkjH3prUoCFGtLR5uf4Ro0aKo3ih\/KCyAGbVEIvG4bDrcfRxO0cIiVz1g0D8AUPbTDsJO+EPspEYZgIriHIBYFx\/k\/flIHH3EjcpqIe+X8XzMf\/XqWL46qAhN1cBUZXyVc3ZIhpeJ7ZcaAbPdH2pnTMTM+2Go4igirnaKWq3AflEDkSSdueX+UQOyAZUkd6Z\/x1Mwq9Tb7hXL6vtOYcRcpywMzYkakngWETbQss0CojZbN6WAPS\/E+Yya6CgGI5Mt3dulPgu8jNdumumeB1P2glp9qwQHuvHZ1QS+cPtS5x1raYCp7T5sLegZ7EBanNjOEnVAU4IhPuW0ciFUM9Mj\/BzgDWE\/hUdNhPhhQjiaUBq7VyAXKWvyO4Dx2Fel0gu0u32uA\/SHIYv4dBAj17ghhBMv+sGNC8NMtNWhv9aqIp0FgaNgTJ0u6ZahzAQoaba8gKEvhS9MXrxWiCXAHjt1VsuslTiTWmDXRn19O8C7v9DYdY\/x+ZHYaRltrJ+iDZDtT011nG9MjUMy2gT88psevKL0b5pLEr8mJZKye0N3pZbPCi7mofLMsInUgCJYAIJe6z94EV17S9g5MdytiaRjgrDRHDrubquER\/+3IoTeZlSES8Dx7zlXZ1xB0O+hR5nXJGyIskMCiVwzAersZ9n8hiUAXpNADMi79ZOaHWxepo2ogdjtLk6L5RJOzsW\/4O9s\/bE+P+1smYJ8Xz\/vrKCk0smpZMpgO1UV8s8gCIdy3Fy602DcQY72cCEk\/bea7v72CbMggpz6myeQuHNx9T5ZrAHxOyDqp4pkMAhTfD0dC3xg5zkOkSQr5pJx6ievuDl8+wenRgTssVF8J1H1XRwU56YwKhMsgqTn8eD+cywTh5zCo9dNvl9ZfHWmV3Mdg4aJz1dYzmdkUhSu46Md5G4HmOnLwI\/XQbyhHcZ2WUU9mvD9BvjP9kn2RjUXcRT+d\/cwjt2Esxb2ENHpq2bs5raN\/CIbWH\/kUQRUUCpYL9CdmiBZpRtJPrOXy6iWAKofUme88d2tr7pTpEzcTLRU5BoYhPgOVQbcXw1q3yaTUVQB4Wvp1Zu7ruywhz7ujDaUupe4ypGeBHoMNq\/GonbnedBdKUd5q1Hau\/cYgTRejjU\/rutBsmd1TsWFTtw4Narsizl07q94yxV1+nrTG1gDq+RefJI3JM3SA8ccXZmrC6\/9FsgFjt+2cDWt4JB10cFksHu2\/ml\/dASyc2jx2disClcngjvd0YpBOF1xYxILWWqUHc2SCZLZ2Aroa1pMW21jKFGB4Ar1xpSSuVVcPsSSozoKj4\/j0FvDgtwJoY1rK5ezs7yUOh0iG7\/TmlCa9VwcqKlbka3ucK+EV23eB8BAhdfkU1ZRvrzop+h56cTHnAqdzA+huEFkYic20FxEaceaf8SUoyM1\/uxur0377YEwqxCUCLmkpdjf2hKaG2o6w6dX9vCExiNhM2Jlol1IlMb4fWmsojPIiIMoMr4vCBzw+JJJUMfUwOy6sleF+nP5muuQ5rVTMwbb+OCuGE2jDpUYai822DbFN3NNQkq3i2+StVf9WCISeMMwfPk+unXE38SgIx+97\/gooknQY70IX3TsgQKFcc1SEcM6rgwk5pR4rwHfer1xQNsM1RKZGf8xeZa+ag2yg\/IxDT4LymayHchHxdaigJz4AcxjPrNuXaoi2s3E1xPh2H1clb\/ZJJwrzY7BZjc1TQovWjOw6wm8GHMHRYPWaLpFhaLJX6iixp0BBfYBFzNmIvcsaGPhpGQIWG8LNHl1vR+XYpcJzMWemerQw5\/TiIwzhe4xLQ3Ee69tOX2fKhT1GAVUyB0oeuLgjlb0FpWzQ\/lyORIy\/GJNnRuRgdZy8RNv03eZWNeLTHNU8amNvoSqoCJx28QcG4ZFWjkiBlGlisQg9MS7LfxB5YDcM35ukvbr57gX64nw00G3GJe5JnYnqeIHNIuWQI7nvVvBHP3PfWTKRa21nyK90D70j+bxIjA68ylRrcDSlrq9zK60l62NWR551fMFXxuoHTFc7qQ+K4J0ESDuqw7x47BFgsRGeVuVNYexUC0TU1lBMwcu9BGg+0G0+duPvOP3aW+jzZAhqEMopcx946w0BTw\/+bJ5qiZX+nSvNF+IzKPfnXq7G+okmmjpg\/ianwcwtjvgrAC4pnZGY+m\/27CyJiTEi9fYvN2T1KGpFt19LfH\/UKHKmZdKRHhHpgpAUwyz0ixR7JCGsZBCNp7SmZtoObLBfKyYFLS1OdeJn33VC7QU5ZIB0TIGMOnasD1IIceFavDDD1uWjFat9U8TSvdQkrVOP0H+iiog+bscrfkzNeLsrOj5JaS96ZDARUESAXVBQE+wq3Z0J6WrNdNJCanh0R13lIIfbBO3tp1JQaYJcU43NTOBatEStIgR6pggN4HF+DO2dNPqB6DJlllwkNWiMSwaSg\/Qokswn+fLJvn7pPXb8ILKczNLht2jz9aEp0+I8QfJ9sljCRmG\/qdZknc3MVkUZCxQWgeYvnw16OCgKVrO7aXg97ZXgFQywgIz4XcG4cQlmlUgZ5vBckLpEq1wb47O2DC7oYeIkB7WvMn7pIP5qKMmIewtCOip18QV5mNZQ7kfdTHrJyhNEAXbfaMkBbJyAVJGCBIYwvhIF13Izb7B6Cmnolxq1r5eurWQOB44xUuJop6m5Nm5hxmATag\/xOQnBP8r2vNMxUihmUT8anHH3UfjXAY915xtFCA13IdATjUK5r\/nOjWuYELtJmgRJ2oeyJFl+xU3enOifKqvSW9w3npBMuO6+ND+s2KXgdXZpDonBBs70SsK8NzgIT\/8A0se3txfhbwpY2EseDOLiVbMtTN8WhjrhnZpDEjzwdCV8jV8ki7+xTW6Ae32nBN9uRAZ20gpXPNrrgk+1oPaXal74NAuojgux90nmy7fGQvJ\/CCkJUFP2+xt7moAmNV6Bvh9GIV51tdhbag9+AtGmBI8WUGXz9QPwduT4nOO+Ia6cTJuP1+CL3tb+p6ijB1Jg583CQ8vtkm3Pw8NXcvYMcBOIpsKkRrBsD67+irg6nQFwMDARkSIsFlIX96rBVOSHF8j3nD4OzTmAKQfrZ20qhfNZw8PH0q41dWeUeDXwstCBpDPbSnxrC2ED\/1S7AKbK3628b0BuTXrCb9vI9IIN\/fjnNzXGCyCTfNGyQC7Z2s3ZZgGilAyQTgWS6IBv0X\/cXimIPEtNGeEgUfHp2ZiHChqtgUwdJbYZhYRpk9Vh4PP\/G\/geKDMJuF9LkfMNZa2A5\/kJwnnbAN+9JGdzxyQUZGqq8DCQqxQ4uAbnIJmcLNJBx9PHCzhhj8vk0E7hUaqEkvClX1iiIhNhFlmQ9FsqBvx5KYUvaVI86YI314BKZUdBn0Gn9Psqh3g3PCqYbuhSA+KXAHAB6ifkPpQbZxhpKA+yQN\/aKxaWBvyR8fvBcDAwBFUlHyM0i8aQGJ+PRPScWQmM6JruXTVxzLP2v5t10WMRjAfhtdK+kbZwmOwuBqS0fXovjROfDM5rGu95fh\/DYXUBWZSAER"}
00948{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":267,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739354159,"flow_last_seen":946739354179,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":3114,"flow_tot_l4_payload_len":3399,"flow_avg_l4_payload_len":1699,"midstream":1,"thread_ts_msec":946739354179,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44640,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.dnslify.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00952{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":267,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739354159,"flow_last_seen":946739354179,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":3114,"flow_tot_l4_payload_len":3399,"midstream":1,"thread_ts_msec":946739354179,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44640,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.dnslify.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":946739354182,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":946739354182,"pkt":"REREREREZmZmZmZmCABFAAB4sYBAAL0GQFYKAAABuetRAa5gAbtwXMQ7YngMcFAYAfXMEwAAFAMDAAEBFwMDAEWXq32pwHEzhcGDp\/NKLjvxgMAkksKxKcFIOFCDodEb90S6h8Gu0G\/BLuFfZ5sttQB7HESBT0tBjYEfHL61VthvR6QOjls="}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":287,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739374011,"flow_last_seen":946739374011,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739374011,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.202.176.26","src_port":43106,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":287,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739374011,"flow_last_seen":946739374011,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739374011,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.202.176.26","src_port":43106,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00844{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":287,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":946739374011,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"thread_ts_msec":946739374011,"pkt":"REREREREZmZmZmZmCABFAAFF9DpAAH4GIdcKAAABdMqwGqhiAbtWR3H7NJTy0VAYAfbm2AAAFgMBARgBAAEUAwO\/FCTCx\/QYlyW+S6EGE0TFYQ1H3k3FO+5pvJMM4NWMBSCY7MF+HV8NsAFc82xlqHj0YcQW9bewwKxZQwscQJJKpgAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAClAAAAFAASAAAPZG9oLmxpYnJlZG5zLmdyAAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIOxloY7MOWvSgZ3hQaojp9inJ84Sw+igf7hW9Y3pU+ch"}
00908{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":287,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739374011,"flow_last_seen":946739374011,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739374011,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.202.176.26","src_port":43106,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.libredns.gr","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00913{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":287,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739374011,"flow_last_seen":946739374011,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739374011,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.202.176.26","src_port":43106,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.libredns.gr","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04697{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":288,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":946739374036,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":3179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3179,"pkt_l4_len":3145,"thread_ts_msec":946739374036,"pkt":"ZmZmZmZmRERERERECABFAAxdEw5AADYGP+x0yrAaCgAAAQG7qGI0lPLRVkdzGFAYAfXx8AAAFgMDAHoCAAB2AwMfdsQbzuiYRNDg0SBjCCwcHmnTX\/WaALeQBUBykWdcaiCY7MF+HV8NsAFc82xlqHj0YcQW9bewwKxZQwscQJJKphMCAAAuACsAAgMEADMAJAAdACCFS52dOnPWMZ+6KGOu9y\/QLNkNywSlNldrBcP9ygUsJBQDAwABARcDAwAkRYbUEe0KLtMYBo7DwIYWcyipqqBN\/bxVehyh0Sw6cb936jKFFwMDChoofwyGB1vpwXv7Xn4hXSbG1vtIeMernYPn5eAfJWckDiE1Vl5RxqW26TSWUTfmtG\/80SN\/HcC8sF8BZiFAAmCY47UJ7uXvVoDqw8BmwUzQhTAJ8CR9FaoGVeJsM5UnR3QsIEHqP5KqlB9iD+UdFFEShzmfIEBTbyB2lP4pQWBOWz2wOPIXZhQnKMJCxu1mnXifSB+KRolJ9fD2dQ4Cx5+85+F56fGG9StYfwFmGPIeJARJjwh49nZDI4iYWv+ddPBM2\/KJRuF+1TvTRam5R+I0m2+MFl1IOG\/mGs22lUpFRiEafHau8IgYwLtIsVJVRXeEF23eSSLjZSGlI+95kanzpb7Gq+bxaPB\/4KE\/EZB\/HHORaklfdEzQyROMT29wGcN987isDVey45rLfbLMKOZqZTAfIY9fCmEJfoMGXsfxScuGJL3kk9ktG5XOrDaDe+Mw8iBMs6aCgsJWCKp9AlmnI6jM+Pkj5pJEm1bom4ksHEDAz1NZ0ftN\/sVLZn9Ug2C7F7lT1GzkA6PKlKc6EZ2z5CZ6jJ2Z6Y6MlAZziPoOQu4qTh3J+nE8GcgGOJ+4zh9BbyrU\/zs1GjsbXVkHAo7jDaYOsfbK6OwpKfl4fhdC60RX1KjskIAX35OHA\/IXKzAnkgHHInCPGyjRoDeCN\/xxIMzVFrKXTCwf2SPOaQSeCd\/JvCgSVj\/dHhq8zdYnlFf+z9VXpf9xqp8dTGqqOXUGFnDAdjBQ71FnqfI6ubmeRFAjPpvyUbaEAnejXwHU9g6Nb1kInR39UeMaOlkv2XbX4eVVedQBnQ80TEebS+RYgvF4z+JaZdzTDBKsiCrr90MrJqELQ15ruqB7RM0T7bzUmBAp55RHbt\/ccY\/TkG\/gVsixMDlDFkIhMYt9MdUi87PoFTfnAamhlvAw7oZO8\/F7iHmtBa\/Ep7E0DP9U5QDAi98hWmChSAXTUreygTLQuqQnUJmosGexWw5Cm8TG3r4N5gnkEVB3HVNF0Bviuw4E\/LgbkZLCP6\/4igcruIsBRgEN00dS6JnGlucNL86jMmrPxWv6fGd6uX4GyIhA8xlh3VmZmkdtEaBCAvedT6MuQU0ug0OS0vhYWi4hpFSwBYkEc7nVVyMbvGRC\/t6cdur00RqtQCHbN+NyMsAYQCMLcN\/MBgJi53gtKoOeVRxL9efr0oSMfPFjg62k6KC1lR+0S5m3Izs0xuBIpZ4qwdqzDBYxqETxd2mAw6qyV9\/+c2vTZTjQfcpnp7y1uBxTcCkKvdXtnytMj88r6V3CNsrCqoiP+HgdZ35NIzfdjE8dt6Do9yQiQH9DyOtUx8mNKBWoW2GsDQem5ZGAtDwjmFRhkWEqvnuAWeKZRQvsxDNQX1VGCheiYk47AXsweypHM0kF7Sz+NMdgmJ2lYhFlZ1\/ixGlfZSk6mjv0hogoEvvV0z6\/T5ayYUiYrSxxE5CRTBXiQ0ShTnl8JnNrX5f1+PEHiTs9VmgpKgcqyhnAx43FvFz+tjAq2kHUpARsisN76U\/4szTnIzPWHuhFJGJXIYtA6KvZZsRr8X45Bjm7782fphZHssP9T11fz+rMBuNZkB+9kENQs834qUDrDWQYlgtgokMydJHahHIc4rs8RwpnWkwnfbjQyRwpkoSDjqKCsoWgqmckVcAlWtfj+PYNdYUV0GJVz3MaCILZ2I6i8QDOlFT6AvpNPYOGoGbJ0wKc\/iRHcSqwHkLOlqAj9rNOane\/dG8vbDHghfqFdeNPvQAcyGldxWfqiN032Vix7+oZXOFXeLNRXDRdMWbSqMlyCprTcKldxAe+jYGRK\/SRNNln4bS6loI5LqK5kRj1qHOQs4VYAvb6aRZkpJmFfA051r9ZTveZwX8QvPcsUhSp6WJroM5RdVgMoZWRw3V3kLzy526l\/XjarCqs7b9zg4\/0UThyCoRZXRIaapKAxcisr606oQ90EO6V1\/rxbH5QoNdmuIBJXUiCC+vi9DaFQhw7IS7rYl6bCaQkE1gKVqVjcfGFNbkwZ6WVIIFLAd4AULNZ0EbDr3Jxz4Q1Kv61lNl9GOAmC73UocSHTqPhV\/xb9YLlv4Qj8A9VyOXsI3ysVAT7Q3JqQoSzzANJennQVJORrvCGjBFhIJA1XuVUswlY7d8l6GIPFEndkzdJv+mqLebs92Ve7y8gHX+5\/N3bWQDbvROspZd9Rw2VYwhVeRkdNNkB9Zd4yf0MJA6FKQTPIvZ1j4Zvrf8Zqj1FK4+Pu5YWK2VzQ1bAzEZ5TAhqXro79v42FstXXH9Bjh6xGWnYs4EgdjNtrw9q9vDDHzkCgGXErTBS5tZpn4eq4iayRQKOUo2Bjzuikc3GCcT7DGLOzNijLOjpstykBtjYEBagL1lzeuQbGqMxLzwOzMZiM6Cr4dH6Ct7enfPKr1l7EDqLb80TAVFsE6E9zPStbSvvDsesVjI0LnHLpiFF3QD7w\/cMgXGCCQFz4kjOyjxN1ueQ3BiQwzUZI\/KQVjymbQQOaDcU\/hamroqvDR3psu8zkzqDRgXxZpAhYSs0ypnNhUomh4K+raYSufO72xoIxT3MchbmB2xOG+FHTInGWwMp665VQ8P5TZyqYPfZdJpda3UJ4l4i+8AGeTKq9cySdx4swdISz3V3xxrTEFxvjq7CgCc0mdfHRwUrslFZ\/8xz\/GkZ7unKM4nUXsR2wjAWglEejYWAjwBH57asssV4a1smVbgfitfljZxOQxeCULZkhU5iCbDWtt61dkKbIg6Z5Ib6wqsZbKsTNF5BUW\/OluqVhEnnxYi4bC2p8oeMOIg9Xp0ohk+2eyHzNnL7PsT\/0TJd+8z\/6rR4GfsNhau8JwG0sVxaM3gQ\/C1BUi59C0tclt8uqB8v4sL+nw1kYxtxvVF+WgZBhsUG6jtsTkz\/h7Vqr1uE1yqk6VMywMNzSK3C6Y5jNYNZlGRunhyx+Wvqoy4kyzKlb5KJu0D6Ibb9tx4jkjfsAgRv1kb1\/YV+5pR9kOWTI7kTR0GhRhEcYVSuszO6GztHF17jUv1HGqvUE2Y1nYTruioVBGxNU2n\/3D8R0H0Ev+WM\/lE1CkAFwkkBnRPnHTXpqQgZZhPNhQeacIL4PiCwXLGj68pqU9sBR5k+Qs1xeKaXL1uB\/+DlBrxDF37H0xYTjNyCifmppE9xs8wUURoGCYQz8YrJzWYbNTp6iS3VA9PqxHbxpwe+T0EJG3w+ckQ4AZZWQJfpeYEAjUJVTV+JzyForU6vnGB\/f4UtM5hkLlLR2yX4QW5z2sMH+oemvxHSO3c4dMYOamZjpEAr8HZR\/eYtA\/+k47KLbbuC8LadTWp9kx60hq9j0ZTOjnZRbmpU7x4+baRS3lSZ4uCKQhRDRs1bz+OmCsokrpdBvyRNmpmdHu7+xcAAbWr3GDiMDDj2MeLocIu6VxMJmWwaV6i6S3OZRKsCOQTd0Jkp8jCBeqO4YH7rnKVrcOwj8x\/xgYsXAwMBGfgS0Z5JTGD28Vyg2LfJHOWz9mr0ZY69GFX94xRplNLJ90YhSqkDA41SrPaRCa\/yRHZpmo6Z1mQO81cAsIuYw3\/dzrRByb+dTIlW9yt\/sOP7usPp6PbdD4rTPrbEK4QR\/+wMzHeanap2HaJcY2tnK9Pk6wr3URSABWoCiW8bBJ44gM\/wYSxUIN9fZQXNHmUFX2+4E+pzfHMX+TPSUHrGMWaQGF+jm8f8JzgtBamlKFf0T7ESBzmOVDFYKLq5HkwIpwu7FecWONEwB4QKksZp77Ks7VMI9z7kgYi8fKP1AlrK0wJXYhtL9bgNIor7UcK\/cBVJ2AclPTcIWxPGf\/H2qC2ccHzN2oQA1YRLpy6QS\/qocCCtoi9irrhlFwMDAEUNWvqMs\/h03WKKdBMbYkawhmSS9CnEEwNmSHsUo0aFsC+NuRuOS7d+gyt4adOBPfCXNUuX7r\/jeMTBHE2RkzGNnd\/d06g="}
00950{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":288,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739374011,"flow_last_seen":946739374036,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":3125,"flow_tot_l4_payload_len":3410,"flow_avg_l4_payload_len":1705,"midstream":1,"thread_ts_msec":946739374036,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.202.176.26","src_port":43106,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.libredns.gr","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00954{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":288,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739374011,"flow_last_seen":946739374036,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":3125,"flow_tot_l4_payload_len":3410,"midstream":1,"thread_ts_msec":946739374036,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.202.176.26","src_port":43106,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.libredns.gr","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":289,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":946739374036,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":946739374036,"pkt":"REREREREZmZmZmZmCABFAAB49DxAAH4GIqIKAAABdMqwGqhiAbtWR3MYNJT\/BlAYAfXmCwAAFAMDAAEBFwMDAEUX9381c\/+R1qgydby2LZz\/D1isDmITv8iB3tIfcLl3X1ZN85j+RzDG7ZR0PP5I0SioKkHY5OtmjMfBNJaLny9tLOB5RTM="}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":303,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739378281,"flow_last_seen":946739378281,"flow_idle_time":7580000,"flow_min_l4_payload_len":290,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":290,"flow_avg_l4_payload_len":290,"midstream":1,"thread_ts_msec":946739378281,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":59026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":303,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739378281,"flow_last_seen":946739378281,"flow_idle_time":7580000,"flow_min_l4_payload_len":290,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":290,"midstream":1,"thread_ts_msec":946739378281,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":59026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00853{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":946739378281,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":344,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":344,"pkt_l4_len":310,"thread_ts_msec":946739378281,"pkt":"REREREREZmZmZmZmCABFAAFK6MRAAH4Gn0EKAAABVQVd5uaSAbv2ZmEwaR3\/oVAYAfZ05AAAFgMBAR0BAAEZAwPCcBaP\/DC8hVoTSokbsQvpjhaLnYrt7eKsiMQ8EXb5AyAAGOihE6CuqcDNXckkTdE7CmzbbGzUcC6GWkBVFb5CcQAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACqAAAAGQAXAAAUaWJrc3R1cm0uc3lub2xvZ3kubWUABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAg6FKiZGfISPafy0Na34RI3z\/9T8Zo5Ona0mhcVKXwyTI="}
00910{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":303,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739378281,"flow_last_seen":946739378281,"flow_idle_time":7580000,"flow_min_l4_payload_len":290,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":290,"flow_avg_l4_payload_len":290,"midstream":1,"thread_ts_msec":946739378281,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":59026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ibksturm.synology.me","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00915{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":303,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739378281,"flow_last_seen":946739378281,"flow_idle_time":7580000,"flow_min_l4_payload_len":290,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":290,"midstream":1,"thread_ts_msec":946739378281,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":59026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ibksturm.synology.me","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":304,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":946739378310,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":153,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":153,"pkt_l4_len":119,"thread_ts_msec":946739378310,"pkt":"ZmZmZmZmRERERERECABFAACL5iJAADQG7KJVBV3mCgAAAQG75pJpHf+h9mZiUlAYAFOUtgAAFgMDAFgCAABUAwPPIa105ZphEb4djAIeZbiRwqIRFnq7jF4HngniyKgznCAAGOihE6CuqcDNXckkTdE7CmzbbGzUcC6GWkBVFb5CcRMCAAAMACsAAgMEADMAAgAZFAMDAAEB"}
00948{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":304,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739378281,"flow_last_seen":946739378310,"flow_idle_time":7580000,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":389,"flow_avg_l4_payload_len":194,"midstream":1,"thread_ts_msec":946739378310,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":59026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"ibksturm.synology.me","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00953{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":304,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739378281,"flow_last_seen":946739378310,"flow_idle_time":7580000,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":389,"midstream":1,"thread_ts_msec":946739378310,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":59026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"ibksturm.synology.me","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":305,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":946739378311,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_msec":946739378311,"pkt":"REREREREZmZmZmZmCABFAAAu6MZAAH4GoFsKAAABVQVd5uaSAbv2ZmJSaR4ABFAYAfZzyAAAFAMDAAEB"}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":325,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739378577,"flow_last_seen":946739378577,"flow_idle_time":7580000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739378577,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.28.34","src_port":33724,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":325,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739378577,"flow_last_seen":946739378577,"flow_idle_time":7580000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739378577,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.28.34","src_port":33724,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00845{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":325,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":946739378577,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":337,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":337,"pkt_l4_len":303,"thread_ts_msec":946739378577,"pkt":"REREREREZmZmZmZmCABFAAFDLylAAH4Gh5EKAAABaBwcIoO8AbvZKqUSoyMYWVAYAfZGMAAAFgMBARYBAAESAwNktN1XF4bqrby0niN\/MgT4p6NPXKBlRwOJCoza94pvXyD9DZHEPvQMzjP6pbu5TmyGbnG5vDXlt6MJFI6XifT24wAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACjAAAAEgAQAAANanAudGlhcmFwLm9yZwAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACBNe3CKgugpSU\/ahaeKXUN1ypv0O\/7wv4rJDS1FbyCQKA=="}
00904{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":325,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739378577,"flow_last_seen":946739378577,"flow_idle_time":7580000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739378577,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.28.34","src_port":33724,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jp.tiarap.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00909{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":325,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739378577,"flow_last_seen":946739378577,"flow_idle_time":7580000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739378577,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.28.34","src_port":33724,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jp.tiarap.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
03848{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":326,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":946739378607,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":2557,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2557,"pkt_l4_len":2523,"thread_ts_msec":946739378607,"pkt":"ZmZmZmZmRERERERECABFAAnv8ehAADcGAyZoHBwiCgAAAQG7g7yjIxhZ2SqmLVAYAEJO3AAAFgMDAHoCAAB2AwM5\/Tpf+0rVAVLiqp3AKzeP0oc5LUJ7LbPa16oj3TgNDiD9DZHEPvQMzjP6pbu5TmyGbnG5vDXlt6MJFI6XifT24xMBAAAuADMAJAAdACC6HV5GLKVmM89uM3s2SIWu43Lfyhq5unw8YJ6WUfrNYwArAAIDBBQDAwABARcDAwk9PLTYD+JT2QAppt0TUbAwAmxAstQCMsQy32ww9oSEEAAMGSMNt+TTdp0V3tZ3ctmeFKC8drVcJHMoKPW\/gLMtyIUmD\/3+eYMhUKtI+3FRz671m\/FiCxQ+DYhEAA2djrJV7bAD8riXyaqFyW2aaJF84flOMuq9DLwOUI0IypM1HnMNVT7vNmCordbJ4vYfoJCHZ3Jdxa1PMxflxUdqb7t2xbf5y\/m1Lgj+QBUEN2VGq3ZK1ktt1GgLlt5OMY6q\/EMncuhg\/OHccuz87CSxEURWL2O5XG3NQ8ZSkyDIF1XtrmR6FGXAhlzN0GIMFD4mIZ5QqyhyGprKsDD36CWqaTOR27WUIRMeWgua2kpjr+elVVRiIT0yfyvShMeR5KvvMj5AG9M4S4\/qWWxJjIv9qLfYm7RWSC4r34hNlFnFlqsqqqzzh\/BxMvV1bwxfAaqA1qBideWKRVA+7EuN95c4ue7X\/hRVHEx3iQLqTqKG9s8vcXeE42KLZOgVl3B7xu8\/i92\/WkhbHAp1VaoXVrJw6GLiISb\/po8DiOQt5NIdGX5eDQSEZ7O9baKasLWzq1YkwfZijF3n9KVs9qv2KSy5IfvS0SD4T0T96JowaLvO1lvBNbG7CindkMAn7au9+n1sxBnSgPOEhxjP6eP7I9klViNjl15nUFM6o4r0CQuVxRwVYjFh10tMhUtqr5ufjJtftBeIT7Z6ffMsMrzPdyzkIvDM+swGXo7V35YzVo8DyoBYe9uM0JJnrorf04OKftnG+pjuV1J118k\/TcF7dgWMascYwrYulqMRqr3vNGGbqZxylwmKp462M5UtGuo+qerBWSrRXWS6eh\/Pd34MrDX1VmvCOR23Z07RB6KZ9U0a03sYPKhsU\/m8X7Y3lJg3mFbu5qAjYzD1O+cD4Myf40iIoCP9xcs4bu1pUmgjVbsp3ut86GCDAgM+2h3m+dYO91dTNrC6JdnpsdKfoGqobbC1Nd6P0Kznfd6xn\/BQDvXNQHfd3IPzPYj2FRyDUuFDyWgT\/cwlGc7O60WUydzXXvs9ttqI8TuCUJYd1Ao8xx8mAgIvrwtyiwJR5QZQxYq0NnVo97JO1hRxuXJb+LTsywktm+cb6647KFCAIE22xi+EiXjOKZOlKgY\/++l2PKcbQh7+iHITgTYo09PyNcnTJxUwLKCZUcpj08uHLE+si9w6kmA+pKFDGKHD2OQi0\/dVl+2FqCH2+A3DCa2Gg9EWzElOrJ9mp3PsOzxGAh1T1616sYT0her6SVuXlhCGP0slwtRkTfN5tnJIo22tEgWtQ+b6y1PTsvRTouR9DpgUBw8BD3g0lRYqf3KAJIjUNpSvsRMGe0P3S4KCcJTz19EnjfZoP6uX+a1+4rjk2AihvF76LGF5wO7bsnmmIDYTvndhSZUKAm3a49yHTGG7gVwYkqmq0TRbx3kmFRXEBuvlULDIz+RlQyLwuJX5uRyHubvUf803FCAz\/4a9pnE6WEDc+zOoXHErWhAfoc5tjJI1gMxGX8U3yJwrwEtij2gQTn0Bbv4+6DXg8iV1mRetvz2V395BS+h9qVm0PJky45RjI5FxKVNW8VUHbBkrW32Ln2Pm3mojmUt+Xsx7zInkOkVoS97LxHGe13JTpikDPPGgpjpEoHIcQRKqtRb0XznaWZx01cfmn3isfcOxCOvXJUXQwHOBr0ZOeVU8JyV5j86F3c2x16THC9pMZadmbjMRbWkSLTw4DMHNpPKhS6WbcQJhxPZwfAVbKEjktlF0JguUnWmRyDWlD919TvF+XWK\/xSop+ME26vjlWYdWryJvX71XiN34ciEg6jsS9BSYdT6j+C8MLHQApTVrKIlUjg7LizXHOZ\/8TbPIjDL1MmbwanCPsnz+x51R4gaxLum0nLoSL+ZmdQWjq\/uyo2YE03WUuDCwEqP451PgmdaqLRPfWLB1DwCAkXZchOxevuMOjyvWV6dC+e+ksCIkxwJmTgcBQXwfuBwje22m5Cj2nv\/zq4aMsV7kiFOS1VcPYLEbw+c4UolvdLrBBCbMxCQZeGhjAzGdsZDuX\/6sRIGIbuHAE8nIh+KJ0joM4KoZNtLXSA2HqbNN+kRQ5gTFmAp4mqAOgsHxAv6V1xCZg8P3MEffeog7NEB4\/K8wtwtgVyjvZaZ4E5jbN5Fjj\/jqK88SEXhkPYnN+on2bA\/r\/BMBIaoCajkogUyGLoyIPMT+pBrWa+wfZKdLurwPxZw+jCxKJC0\/mmFBL81N3ktV2QA+uWulN8QPCd7cD0\/Hjf2QklIJga5shMEJkHY6px3Tk68O3abNmIreZ6S\/N71agsTVbVTSaRlprW4p5D79LYThW+q2zikyKF2eG4VtVQ1Z087sY8sCBmmZG8ETPN5Xq0TN3Q1mXCkwjS9y4DvkEf4d2VKsFN6yj110+kONDzC8lVgKicr46oqIhZ9cyUDwr5+MuFqHiF2KMvJx9XA7v9+a265RIEavlSRTRm3PXbeYNOWUADrJWXjguUacdKmikyCoiD9vRp7ll6YxsV5jSfRT\/9SmZeNE+aTDy2wakB7qY1oeeLE4kVchDyQa22zUAtVHOgOvTZInJYA\/takDFgegJnQaYWISVIejbCOHLLvY\/LGAj1CyqRrh1\/LJm06TJxFQn5cMNb5SSEJFNyxF75PSPT288zWx2Va0aIhDIB+vku9QlaiV4ac8CwDTFNaqbQKECa5ibv22eB002L0jyDWacUoUluFvwofh+CTE377hEPfvjsRjX+V3P\/erPya8F4fW7JQkFJgCrTK1VaoDF64ZvLzNQJ5aCIC3Js6D+sD6g4jOpLHGy2zHMlk9wTN+yBybuSBsrJL9uS5j3JgQRC167kARpn8\/3wkN3\/lvlFPoVYVhj99l\/NeW6y\/YdomeNnyw0D7qas3wz1t0EQFticUf9LLfRMzRHEf20AYOoy9Fonct0XWUb6fLDU7CQJTqCHU8Eiy+rgD2t\/dxE4NlpfZ2ZSbDZ7QWFdftipHKlR4nJqLL0sU6kjZ8SydsZ8oAinHCIV9v5PNYgUBa8WbGYb2kgxJMSN3jbYzsoGwAsbdeAghc0S7LurZvISJXwa0jBqUzUHZmweZXCdDnfDiPc92KCXG9hA13VfXTouQnTd0zyBwPxIcvLGDhAu1CCSmBlGZrOEjmOi1\/i4ug\/A=="}
00946{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":326,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739378577,"flow_last_seen":946739378607,"flow_idle_time":7580000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":2503,"flow_tot_l4_payload_len":2786,"flow_avg_l4_payload_len":1393,"midstream":1,"thread_ts_msec":946739378607,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.28.34","src_port":33724,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"jp.tiarap.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00950{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":326,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739378577,"flow_last_seen":946739378607,"flow_idle_time":7580000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":2503,"flow_tot_l4_payload_len":2786,"midstream":1,"thread_ts_msec":946739378607,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.28.34","src_port":33724,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"jp.tiarap.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":327,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":946739378610,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_msec":946739378610,"pkt":"REREREREZmZmZmZmCABFAABoLytAAH4GiGoKAAABaBwcIoO8AbvZKqYtoyMiIFAYAfVFVQAAFAMDAAEBFwMDADUQNuPt6m2nY9MgXiEHZRB5L+gDtuMOMxUUfy82Uox32sOXoFpXHp3NUSfU3Rmr6gABtUijkQ=="}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":342,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380697,"flow_last_seen":946739380697,"flow_idle_time":7580000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739380697,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"1.0.0.1","src_port":53802,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":342,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739380697,"flow_last_seen":946739380697,"flow_idle_time":7580000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739380697,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"1.0.0.1","src_port":53802,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00851{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":342,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":946739380697,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":946739380697,"pkt":"REREREREZmZmZmZmCABFAAFIsgNAAH4Gh+8KAAABAQAAAdIqAbvH6z5LSWNp6VAYAfbC9wAAFgMBARsBAAEXAwNccnLckexdP3Wz7tsKiknbwUElui2FZGSKODu9LnFkjSDCKDL2dIORj+O\/DGu\/+ddISHKLc0yxsHWSEQ0iee1a7AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACoAAAAFwAVAAASZG5zLmNsb3VkZmxhcmUuY29tAAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIM\/CjtFE6\/BfV0qVOcMMUIig11i56\/tpHaQ1FlARye8w"}
00904{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":342,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380697,"flow_last_seen":946739380697,"flow_idle_time":7580000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739380697,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"1.0.0.1","src_port":53802,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.cloudflare.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00909{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":342,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739380697,"flow_last_seen":946739380697,"flow_idle_time":7580000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739380697,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"1.0.0.1","src_port":53802,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.cloudflare.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04322{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":946739380725,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":2892,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2892,"pkt_l4_len":2858,"thread_ts_msec":946739380725,"pkt":"ZmZmZmZmRERERERECABFAAs+VjZAADoGHccBAAABCgAAAQG70ipJY2npx+s\/a1AYAELM7QAAFgMDAHoCAAB2AwNqFtv3xWSYHbL\/TEVcxTgtPyY5syhT1Ar0J7GcYm2olyDCKDL2dIORj+O\/DGu\/+ddISHKLc0yxsHWSEQ0iee1a7BMBAAAuADMAJAAdACABwPRBPqMH6tP2UgTdU38yy4IBdMrNy3Y26n6nkJgoEgArAAIDBBQDAwABARcDAwqMAOf8HgLdG4eR2zQrlVcXNJK6gSgekjnntDDuH\/5mItzTS2PjuRorCZtp1e456Yzxd\/c9Pjo0KqOApsf0Oet3HLAxOPX\/4mq0oqPJv6\/pWYh6XkL49x7kn3sA8FLizWIik5oy6pRjSBWFf6tqxUO+Djt17wQK6yhMls9hUq1ClHJUh6Qn273NZpiWOuHCd9wGeCfeInHvS8qk0EqIdne\/5O3+AKgM\/cALapdKbBhIoAyrPwqC2hLjGuasAzda3QO\/+ESHum\/F9d6o\/5K+8IYpY8o8qtVJ6Drg8futbzGhAS87lZYW5UeuuFH05CzhM6cODq7gNj4mbPjTJ5ApTRpwsXEw0cwu6tAiKdHBHu4s131JOS1nhPpDpOs1W8FqhOijP5pChk7nVfwQ9Bu1xYiYmTlZWYP4bC0IhVSltsY4+ffd9etk6QNu1u5Seoh1QaWRe4DU8GYPqDdj9ywHuBnTu\/kdk6yObRcYizbhLyG5JiQSyxA9bv7iPMzOSI\/oPD6Rw4c6cy1qJywZ7F9o\/W7KUU6pYYhqWRcunfBOy2cedxZtVaWxcAQGD7VjEr1GjI\/ndJEL6DV\/vUO5PSsHgdX\/GScVrZdS\/KHwHxAHOv1BpKxNHl+ElIeVfCJc4tBsNkoBf5+COT0BV1cqDq\/0TqIcpVxlMv3\/7JDTZZTI\/wMxcbTZkEC580\/OL4P7o7ZBv1lVciiiGUxirK0Wn0VmKVkOPUH1VVDEVtxbspQjAQAudOqLnKMivdYYnLWKcLFjjfuE8XwFn1JkF2YyGgtdu+0wxe7V3QdQyeX6wSKDfGOBn1RHTiZSQJLrjf\/MjK6PK6+6dmcX2K\/Nos\/HKCWzOCSGOxH6pgvl94s\/0dDawx7iAmW0aKHP7fN\/Qsuj7qBRlYmeX3wDSe3ACAyO8PJtifBKRUnx+i44zF\/TEZT9\/0f9hj1yXYZhM4IttxvCtS3N7k187lM2JB6HB4DmePSpA5UfxEPRq71lNWUsDLAAiN3ekJSKoZ7PUpp\/6SJsuSwyITjf4EqBLpeWL9MrWeNXoUk5W1F7hWZmXxUwbc9PMEuirTVJUIeKJcMT3hUo1x6K9jQ+3H\/3FjLuAvSaGN20\/JlmWzUhH2c19MbTsBdNUca8p5h9ftAYWxNZFi+BPME56GacRIjusosOaDm6TM6NIeJtcd5nQ0Y6NbfwEe7MdB0akdNH1SZ5FpPCUXE+5h9eWmGzxT6gCZx6qvA46+kjmSPa8Cj85dDYPgUItxPMDzQDmcDkFl4Jtoqp7CsVbgDs2FaRSNSCg+ZMEThJQx0\/Aqz+vGM8Axcf5cpBgdqJqmkgft7WVM6LgxM0bWa6ReLOTbftdrjvt51qS7oW8iSFCaAMyVHnB9nNub1rCB71JGnHgmpLaDriPHmvZHyXG+tF3YYxqKFpVLMzSELDqif9S44Mrb9ZjnIWKvGQryM\/QSKoEg5X7zctl4vxNBFap6BlJhqRr3fm7FAc37N2CcUPqfx3Q8d+odOusP4Ls3Xq2Sur1UmBSNW9zqMAV9eCaagN4swiO+HX9D1JhZPxXTW9QWyDXi2zI1HI7LUB70fqeJS7u5T5BooNTQeoNzZVCvWOXWLt+ZiIbxI46okrDHFQXi\/x2G\/UqXdfkOEinNyh78FxOnrKcOtvfU1vQdaz7Z3d1S6XTGxIbp7Avs8yqCBkfYYx0okhQoRYkFViIAKhs8EJ22ENemkpy\/xMNRrY7HXIqAF0plC7ASy6aRPBxNQLpe6Ed5IaeUHDV+pWuEiLAgXAO3BIyMmN+dKwyJRSjGew81SAxYCXzqNGK2p7GdpO\/XP0maghqEG1aIROtTBX2ArldnERnpk4NXjDbfgsSkzP20ClfXeN4yjZTmAjINRHsDFyBG2kVPsbWM6bJ6sXUqNBkjHzH8mUguB01CThNReqO2rGsLiKr5qTMAwxKxjfEdoEJ+OdtfVMDr3B0PaBDiW6NDXICwJTMjrTiHsqLMySrS2T3BXPc1yBL+jDROuKYyhTZQzCA6ktzSKC6wAMC\/2RMbHnV4JUqSuJoXnZI1jiGQfafDh9qm0ZR91\/Upntxs\/kWZ9Zofn9x4gsvGL94XY2stn+kYJ+lpR5T38ZBRBOsXu8bAGsKAP+3wt7PlEML8VYdMSv1Y8XhaZ4vQZT4mxjokM8a+\/vbBm5OFXEOAsw3UpeMp5Pdlywdfks9xANyyHcs7XyT+4nzRjV93W+RbJVksh761\/0CsogB0Bf4AeRq1b8bSy2mVWD\/C9oBFlc4PSw+jhx1uKdorr8amCiJ2bwSUXaBBKYKGtf3eKS0Vrr8DWhAzmAupA8TRMiBwDgWH\/pSpuuBxo4fKT36lTdVMpKIp966xzVRYeAdyJ8dQTy5jeDQL1o\/K9FAvaIxIHdqy3Ai9UpxdTmYwoZXk1RGWSFQPWK2eEqydFLHkwLiG2A9OQ8pCYrZlqHUn1snev7fQAbwrXFOXDJskS+CYp+0GQvu\/Fu37N\/vYvDe9yQ2BjQyb\/Aq\/mNLHkdVzTu+oIIX6og2jNse2SlImfdMuiBssQFePUieOP3nrkgegmZDkJvZU8\/IJtyIPGhvEr4wy0KRjmbk1R5TV1oh+Gvyump800hgoeZ6yINLishVXjkSrZbw30TzgVyIHMXbfVH5cMb\/otpjX8v74ViZ68NiQoVQGCiu9Qccb9jITaHI7YqId83HAhD0Mgcvql8x4riVhsLhWBp7KARZMNylg6FCWQzYhkomLcDqOeaHr\/i3Kucv0p5GzUzkUvhbOyyBarVy1r5EY3Ff\/LeERfwiWeu9JMjSlW9a76FWzNvpbjiVQvAXjpJS+B6vW0S676\/2F\/QVlBvmv\/1e3jfE46NEORC\/KvStAu1+NCVXXkgYYjYaavSuMFqEVMBLpNt3pqmD175kYHYjG6R6TDv0nmjRk\/fdkSOg4ydMi2g43e05SDICPCTBrKL+H8pdmtKEp3WxofXZCtNR+ckTvaTdfJXZMWJbImpAgp0edudixTNqo9z3f5BRBQ1U170EzzThEQIMmS6RHUG4MBWpfatZDm+5s5WqxzAc+f48z+5\/Rjpm1MjT7FAj2QOS2mS1pZuw8jR7f9mlmDHlYUa7yULFKz+EOcDFjny+TGuKCw6tBmvp0uAgOgbWkR3PGwLQlgJNN5qcasz\/DdlRFFRc1kdK872NuK41RPGMSa34kfvjKckPj3jn4ntsF1i9WcRtXZaTKddZmAVoibh8F7o+\/2BqWfWHshjLjbv2UXOWt85MGeIvvR+JAZ4lQKxhMp4ApqHsqTnv9vjAIsk+AJwp0L3kf96BrAf5lxFwLByeiu2ScazZunSG5IvLxJ2cCZzgYOFm\/xSZPCmFYvKNJw727A0qH0cpDBKVk4Z5vvRen3ROFERblATF0imHD72RVGcQ\/rMrcnTAneuS+605QxQwV5cyssndlHujOT5cJjQwi4Me+A9i\/U+gGMItbvzyiV\/bH\/dnSH\/6+REX1pIGyZTP+9n2MXLAZnibrKAMIRfK2TIfrOe5jmJF94vcBm\/\/5ycPeTZII89RYTOm\/OYD7dCL\/Fj+p2ZF9GMMq1KmH\/crTCIqHICoTep9ezhaM3lurJnltFyZNv3oliEoTfl"}
00946{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":343,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739380697,"flow_last_seen":946739380725,"flow_idle_time":7580000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2838,"flow_tot_l4_payload_len":3126,"flow_avg_l4_payload_len":1563,"midstream":1,"thread_ts_msec":946739380725,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"1.0.0.1","src_port":53802,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns.cloudflare.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00950{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":343,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739380697,"flow_last_seen":946739380725,"flow_idle_time":7580000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2838,"flow_tot_l4_payload_len":3126,"midstream":1,"thread_ts_msec":946739380725,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"1.0.0.1","src_port":53802,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns.cloudflare.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":946739380727,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_msec":946739380727,"pkt":"REREREREZmZmZmZmCABFAABosgVAAH4GiM0KAAABAQAAAdIqAbvH6z9rSWN0\/1AYAfXCFwAAFAMDAAEBFwMDADVke5XeBLKUZMMwsdywo3cwWM6dcwvPxEIBrrKuQwAVECVGBCt8L\/1vmMSczXlzhvKSsbEzJA=="}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":358,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380870,"flow_last_seen":946739380870,"flow_idle_time":7580000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":284,"flow_avg_l4_payload_len":284,"midstream":1,"thread_ts_msec":946739380870,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.90.28.0","src_port":33338,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":358,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739380870,"flow_last_seen":946739380870,"flow_idle_time":7580000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":284,"midstream":1,"thread_ts_msec":946739380870,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.90.28.0","src_port":33338,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00843{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":946739380870,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":338,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":338,"pkt_l4_len":304,"thread_ts_msec":946739380870,"pkt":"REREREREZmZmZmZmCABFAAFEC7lAAH4G5eQKAAABLVocAII6AbvzwYfFjc3Z3lAYAfYLTQAAFgMBARcBAAETAwME0sG+tMqbxpRl1DV8Z2dnX5LfzpIiHTt74xC1bVbZqCBq5Am0FD9Ax\/Z0hd9jpGF+x36pK3fx2LqXRJeDdYghvgAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACkAAAAEwARAAAOZG5zLm5leHRkbnMuaW8ABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAghy6XniNnPGDj9u0r7tzchu6tmfTKqCDkZge3YRdGMjI="}
00903{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":358,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380870,"flow_last_seen":946739380870,"flow_idle_time":7580000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":284,"flow_avg_l4_payload_len":284,"midstream":1,"thread_ts_msec":946739380870,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.90.28.0","src_port":33338,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.nextdns.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00908{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":358,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739380870,"flow_last_seen":946739380870,"flow_idle_time":7580000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":284,"midstream":1,"thread_ts_msec":946739380870,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.90.28.0","src_port":33338,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.nextdns.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02432{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":946739380903,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":946739380903,"pkt":"ZmZmZmZmRERERERECABFAAXUAxlAADQGM\/UtWhwACgAAAQG7gjqNzdne88GI4VAQAnmV4AAAFgMDAHoCAAB2AwNSUVDmrRSBFJr3VlpPTiOBfna69z7Ip3AgaZ4JY8XZPCBq5Am0FD9Ax\/Z0hd9jpGF+x36pK3fx2LqXRJeDdYghvhMBAAAuACsAAgMEADMAJAAdACBgLhCqxZDxBYT0wty93r8WAtFFYd34UV+f0SYd9yF0RxQDAwABARcDAwAgNdJG6I7V9ce0uN\/W8MyCm58pWjfsCFZXXJnMcWaU4P8XAwMJ4l4xzn1tklFeMfXUSkilkOHkR2CrV0Fk61C4hUjayiVX3XCUzF\/nVmk3NsjsUuGQs+ELPFl7aLMJpdeipyb\/BRKM7DDOdlmSjSZFpz3sI+4Ap1vb842GKpbBCp1KIgOgnmXfMMwnL4uKzNN2+XpL8V9LwuMNROahwk9tJrSx3BZQnvVy5qktKVugzkoTSb9fPpFovSjkUbQUBQuFWl2cxLyQBO6gjWiaDBpgoqREkqW2UGurTHpBXCvX7xTK+SGfs3VLNGPL\/jM509wXezmGXrBZolGpSBcCmwqP5AGjSUkJQ2KFF8\/5I5DLe1rWw\/7rCzdCJgW7dwItPpQigYvEpUhaTQyjzhLtXm4Br1gtr+Iuf0HPHYTCtm1Z9061ijlO7AesYAg3NSX4lpTeBeQNzqwAGQi0kxU+8BsfAI4uhNY4fwD\/tgZRm00kCDUGr0Hw1O0\/9wcQo2OrT4hVI8sBPv9rovACUd1xTXQBUu4c2UNVQr\/DAwgtr3oGHXN\/yf6hHksHqaO6ThyUELGPZgyTaAEJeYSlV\/UuFXosuXrXk+4M4bQmtm8xQA\/hPEgZw03CxD+XIQ9CziCJc2Lx3r4h2FdBiMwzohldpvHSBUXM2GuHl07Muv9yz1FfyzqYAimU2llIffa6XcR6\/N9ex4PCYrVYeRifJmT\/hN608lQ56Pm4ckRgIW72lS0ILwL91eG\/PWLw1TWr9OHqib8dqID1N28WvnDQAc1WG+OfvFA5Lx7KtiZ9\/3KI7f7RCYG\/5anpOjN3Yvo+yrHT\/\/9yxTpA2EDhXmw1I+drMKCfdVXEwoRqrQDXQ3qu16NE+piWO4zYtxH6MrZOf5GKUoqj85zhZkJ6n3Wtdfmw0p2w7uWnPZarz2kRT1hGv0H7uWAwQsIO2witiCTCAX0VhCKqX5eg9HlVQxEJ8e6aZG6udk28L+hlu2DjHm2cK3LT5siYCZ+61rOCmuWYzAzB4PZwDYNVRnV0GsHgMCnZc9N4\/ighhHZqiYL81av1zekzo7Qcc39eQmJB1\/vhuqI4+c3vKnv7ROdK1hsAX7hP\/VFs8H8ZF9FxFv36aFuAu1HQxIxhZTCwXDQcu5TzVx1PL5uguNjR7pwef7T5COi4aTCL27yji1k+uS4xQgf7uM7lfjr7UlwSz76e6z\/NdrgDABxN2pYomW51+xON8iXDOy0cXgxInpylLI6lmV7hJWGh+rssjjMTkzOSia\/tb6HN8MDXz8ND7qC4wdRBL+K2XXzk7CxXSZKHbU7oBKE3VuTcSRmBvFAj4jzbuAW9nVI5Yw9M7KxJ0oNCiAer+7rkuV1\/dCwQt\/7\/zkSRGAemKSurrkjoqozLCUcuNRu2YlaJLAc\/PeEJmeHXWSos8ReOKG9libwm6aBbFjBhBGqk11oBFxYMJe3fE8zx0cKng5v141kUW5K8KykDBQPlm38itlnDfJBFaB9Jn9F1Dk+fc1GMvxAKNX1KD189yDAOfdy35szVs+4vU19xgaD3Asb+3zoIgGeHaF3v5zAsODf1V7zFmYGD1A5VyodE+SZcg8yBGqWdCjN6Dq7+yW5n4whEBATh9+W8PK0m19STC9EnY\/KFQ8CMbZglLaqGH9UHLlwuaNZUfgFyrj24dAMianUUp6I5pp2CbweoDVXgQfGbkHcfYC\/73I2CAYRQxi4XFXP\/UJ7vD4Iv633KLKMEpQYwdikhrjOP"}
00944{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":359,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739380870,"flow_last_seen":946739380903,"flow_idle_time":7580000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1736,"flow_avg_l4_payload_len":868,"midstream":1,"thread_ts_msec":946739380903,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.90.28.0","src_port":33338,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns.nextdns.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00949{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":359,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739380870,"flow_last_seen":946739380903,"flow_idle_time":7580000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1736,"midstream":1,"thread_ts_msec":946739380903,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.90.28.0","src_port":33338,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns.nextdns.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02374{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":946739380903,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1467,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1467,"pkt_l4_len":1433,"thread_ts_msec":946739380903,"pkt":"ZmZmZmZmRERERERECABFAAWtAxpAADQGNBstWhwACgAAAQG7gjqNzd+K88GI4VAYAnlzfQAACEkFkdj1Us7HE6XsQGxneQX\/pTaXJNHBzTBwjbjFH2PSLY9gxHervwko9HwLHhkgWdiRotlJENzv3dIlV0Q25g7GanzLzAoq\/bJLnF1bxRf0nf8R7xwqHIiEyWrnrfJqukts8v3m8MMBnkDAGd5xOmtynEVhFSJmjPZeWlanPH3W\/gPE9eVpcr\/bC8aD31d4wHJftv6KUYCRDzDXbCSoL\/6F7bgfENCEavhYW2LuID8zVPN+yKzb3WDD71Bfm\/QzlUMFQuZM5HbG0c7uIAOOAxkawVYPNiqL2TFCk1ynXFgmF4gXvbL\/HYrDLFRfjW4de\/NkjjSai08L+PfACua2q5oTvt2qGJPeolVEHsMmZEjEwazNhDwGqFKG5OP+F531r01cH7BTJcZ05QE7qXBrbvqwdtdoGPvG50ZEjeoenLq9i4bYfhTR7gqdrp+nT5HdXBlwZ3BA7TNBvRO28EIkDbwnbkKR1uAOgeHpmVvBpmpiphn4DYQZvVFKBDcAp0CgnjFhQ7BpU5nrco2WQPx+1Dj+wVwuk8wQg4nsuaxF9uoh5BJPTUJDd+oGcKzJnMyQnjiAungCkABFhOHccfPCI4WdjBjLMLNqgoxHw6DJHYylEKtOB9OnnXDF2J7Jvo9Dz26D1KrzmXsDWoLDC1fC96J8yd93fYvTZHskQxfY50BQIAKcBIdr8K4+MowCcaLlKXgQ2BvySvU9B5mJVdaqmTLF1fzesL+WRRK51q7IAwLh77wssc7jt76mm0H3PAWysYvmp\/NCiSKfjKaaLkm9x2NoEkekjBVCT4zJZaY12lyFWkBUvQQdolUu\/1tiRf86EnZ+MpspCpIhymi\/IUp68M\/Eb+2ljNKVmV1Er+pytZKFdhm+LxFZQDgPvwZts5tJVArrKTXEX7mbMUyNCFK87rJIQtF3h75H2QQdF8Dne8XAGsXDDnswycmS8W4DR2ei8Mvw6EchukCH49+5iX+zWw8yLNfbuXrdtwpsTWibehpgDGJwJ32GJ3PUhcT2O8ckRkT01hA4OhJ5s8FVi9G4sK5PSDUaW\/FVD5mXCOlbG6fI8ep93Cq318IKEa9gHWkRIcGP1KNeJ0vqPt6W+fiprWcAT+y38\/pHS\/DIldwWXxoakgp8kEgE10+BHsdUGoLtM0vHARs9JoXziCU\/gwCe4xJoYT7yIuKPLoyyOJzupzLZV+Yx6GthfYTU5x9FRZbuuSu\/4e+BWK3Ph42jg8FFm3MjO7iYnNl4v1+ChQKVR7XODNZWDH3jwqcZ8qhbkD9u5SI6j\/BA1C0rUPcBjh1+6XjoNgW\/MuFBBpUx0b9PcVFriOAhMdQziZ17xbnHnF7nwzD4ltsyPw098+Y62NYg0g7ZzmYgr7Bp\/OQu72rrzto9ZurPdNMKCU\/kuUSQfJNRXnpCKpphgwF89PQmt81ZhzDDg8jGUYjA+eCwP5b5c3W1mHz2rbpTYaJ5WAEPawg7kcD\/0daljt7SoSzY0j1SW+z8PqelVSwUwhQf5v+dUBJntKDTvIA8dd3\/P5RebSAS6fwWCMpEa2Wpe0EbiTKfmmwomuAMmkjN4HlloVMdOTeEonHISxyYlgXipaeXT8CPFbuFXE4ejDU2aTkR9\/ZIbgoZdx7IXmaK+NxS9KICVTe0LPka0QmobSr15yArkyNHaP1EjswXAwMAYdZTBGnK4vcmbufHHRKWT+kPKyQO98Boq8AW86\/7q3c0DIh4T2TuGPAeaW+ueW75g7BJBBU7YuGFvnEEgi07qTSBXDL1UISZX8PwWOHA6mln36hZp5MmWU+JESIy2cQgYeQXAwMANQq+Suu4\/zFTPT1s4z\/CUiKzLUAWytPdwzfRZmXCp50PDxLOSYvzo75EbO+96Njs+ccRggY7"}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":376,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739385090,"flow_last_seen":946739385090,"flow_idle_time":7580000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":286,"flow_tot_l4_payload_len":286,"flow_avg_l4_payload_len":286,"midstream":1,"thread_ts_msec":946739385090,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"136.144.215.158","src_port":52176,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":376,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739385090,"flow_last_seen":946739385090,"flow_idle_time":7580000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":286,"flow_tot_l4_payload_len":286,"midstream":1,"thread_ts_msec":946739385090,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"136.144.215.158","src_port":52176,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00848{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":376,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":946739385090,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":340,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":340,"pkt_l4_len":306,"thread_ts_msec":946739385090,"pkt":"REREREREZmZmZmZmCABFAAFGrgFAAH4GLMUKAAABiJDXnsvQAbv3Oz1sep96IVAYAfYiJAAAFgMBARkBAAEVAwNZtcLiAhjzwZoFuSzepzhVh3+I+642bR2Bdc1go+HJvyB94\/ND5pNfeKEuu8RDLRRLZQtcZUnz37DmCj0UC1geOAAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACmAAAAFQATAAAQZG9oLnBvd2VyZG5zLm9yZwAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACBPoxVI1tXnUcUqsbORFpVub7e\/4DvFTpQM4hnCin1UEw=="}
00910{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":376,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739385090,"flow_last_seen":946739385090,"flow_idle_time":7580000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":286,"flow_tot_l4_payload_len":286,"flow_avg_l4_payload_len":286,"midstream":1,"thread_ts_msec":946739385090,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"136.144.215.158","src_port":52176,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.powerdns.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00915{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":376,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739385090,"flow_last_seen":946739385090,"flow_idle_time":7580000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":286,"flow_tot_l4_payload_len":286,"midstream":1,"thread_ts_msec":946739385090,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"136.144.215.158","src_port":52176,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.powerdns.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04676{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":377,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":946739385124,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":3170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3170,"pkt_l4_len":3136,"thread_ts_msec":946739385124,"pkt":"ZmZmZmZmRERERERECABFAAxUg1ZAADcGk2KIkNeeCgAAAQG7y9B6n3oh9zs+ilAYAO0tMgAAFgMDAHoCAAB2AwNC32Ly6HNyagXW\/50d2q6qJAOmShuP86HMxipBKzBmwCB94\/ND5pNfeKEuu8RDLRRLZQtcZUnz37DmCj0UC1geOBMCAAAuACsAAgMEADMAJAAdACBiVzglBWvQOWIt\/inusfkCbeAeDbm6AiXUcYUQ0SeUdBQDAwABARcDAwAgVY3jrnTrJkAawm+Mv8gBTn6zfdywiZ3PkfSROpmIxNoXAwMKFapXpMK700YralL2NJ+2AqPfCUAacni3qdcZUnufsXl31+F2NSHowZS8bEZc4wYIOhESfjBH81NgZUBCJL0cGqDMG7c\/GafBLHylsDncbVfIqhYnumIxgnBjMekzN4Jr3Pc5g1dWYk4XIPvLeMa1AeLFQqOY+unh1DHuo4FV4KfjYjnh7ERuvhffEbloWyMHFdAQi8p2J65FwIVJHxtFX6hmaEMmHATlFHHOx1RIGQmbmA5r5k0vgPGiuUMBe1e8Ay6+kNyhTTutV32hMuU4\/4gl06pCrT6iDU4Fx4eNT+Bo6E12QIKo042tC7Wn8Kl\/KILiC4TaY1uTO0+LE4wVqs5DJHWwykde\/Mpu9moeLZ0VhV6Rnx2ocHW4rczn9gPX5qTiTrDgHO7CKCVp0Yo86Aw2suyeRkNR6Pz2DTuex3RC6JD+6hKlKYjQfx6kO1r8jKEZ8UZCGU+Rw2Pd2IT\/whiiT5Kf7zLPm28Fu5xYAFYob+TbRXBcQ0z8XUJIWzCMQvkjyj\/EBbyfhm8Iz194guweTL19Y3Q2XO+NnAUm9ihjSHpRimJ0Ale\/24shK7Q0gI7NtX4Sy93vR61pN+Zbul9p4+Mos8cFPIfYJPR5DmxNv9L\/cWnYOwtiE8KnRSAYR+6q3d\/0S6rIgkskZa1GGNAffeDtgnD5SVrh+YhdzCWZCb6834ULGghfWcw8DVqJTSeWttzs5JvcUzLfaxv2WQHaWCXuUpmCZy6HgKkW3jxYYWr2tyqizXXXq732dtVhz4LWmL9EHS1WzONzEhrNFQDtpAQ95k9MRPEdXjg0bNse0lpUI4AUqhIkxWgs0j+8YRzV3BBFFrpEwA3Ylhpo+Wbg8IG0hFyThCaHTvj0vN5WKh94GQCSIjO11AtJoS9k0tl5NWJ7dp2n0NCYI25hp41FivaF\/BBZqFxHTd\/4w8k1KmIQOky6ICw7WRykbaqxzUboD5Bq7peIuOsiwZoUMD+BDbF\/3fE\/CVHWoaOcr09A0PaL0PLhUDjARYyrR4LsVfpqkH4CZh+5Jr1aOIJ+zgcH7Gme4o7fpj5Ml+hu\/y+kOOZZN5J0XdtmvZE5w20Osrk+W9YsiLIeYNt9SB2i7LEsIRfsOrVhh9XsJ8\/VF+0Pp0BTxOsC+9Ft0\/Qj6hgm17CCVsOwdD0VhkUWaus1O+o2PGnC8v4FL3kFyyqT6BtubEcffH1AbvnEid+VZXXjMTJvMB6eWAs+UqpOrNnkCEZAK35TZ0tRUT\/0MJ65M3rSS8cnt+LL4apIWh9CenPODN35ZvH8b3XA1lwJHej3o7w4KZBEvRoLt8OxNNvwpgMfHbFpXZIqbODt95v1PnTJxwC\/vTEturbRIFjRNgt+KCX3zfwvULi6DBxiqBmChwECudELdgYVXSzaQF56hOrspt7m7cSP\/bSuhLgvGoeM7hRIXBgEFXWWobiqWKLPkIiUnd3zKygePoMYOZHF1u2D1V4jxKHpRJ6c0k9v9f8PV1\/2cqY\/66gHBBbRV41oC7rjWm5aIoPFQPYH0PovphDScGBnJ6jwAMRZhEh8stnUD5D9slPJ\/emP0c\/PTpb6PEHZyu0Q7qMTKM1bbEpBCcvYFzyVsCvmHuicyOKAs3xMxmCmWm4Eqf7griGXbNKYrhS8laSwuwkSEnXVtwhIr1b+a3aGOTQNdzJzZMKbJeIH1FS5VDDqACuwzlpn2\/PpEcmP5h\/q7H0tPqDs+gUGEHDMancSkknkDjnO8AWIHrv7XSmAw8MzBpM2IwCdCuY2dZXBowy6lZV\/inUY7ZvvXtbP6a8QnD\/\/IUygRpu63NQLm4VeKCFEprpn1cgwz5cL4vjrW8z1Oy+wINHvxXqkotg8FbTmtoSQdi7m2\/uaxkwXGvCE+Ey\/VyskJtt+1lkVPt6gqRb1ZVRQm9DD0JoMxHNgFOAaDrB+WFlvX4dGQvQzwATgRC8IKAuMZ8oKSe0p8HpA+6MvWjcmzVE8kVy6HlIQ+H75lU+B2jVUeDC7BKjayT8YnFAN9VHJiYBcwsc6cBByDnSSlpjY95o1fVD\/OvMoqArUx2Avc07VIGr\/MqkoiuFsBZpt7HMy13Sks4rLBRM4blbz1tgnQW4V9XKGhwXXv\/r\/C7JzoFDKo1O5LL2d9NrS47Pk6pIUPyJaZQjYfdcqsgSPEYWloR+Ff71Pv2pzjT7Sxhw7YViV\/havSqMuVAeVNrx2FMlZ7\/Bjxt5t67OkjvVTbouDt\/zCvvPnjRGuWwfp0n7UEFUPBk0VQxxGTP46k14fFISL3DGCnaRmvSrBlk9oDA6joQ7sLe2wbd3yp\/7JTFG1yDws5hd9oSrDxTaFhT45Qw3wjaIXqpHrDVkIJVV3fSH3u051VvqUmuXNvgcA8QfJRF+xOWpwuJtANd+GaqvaC+iETLzkP5VxYMxDGAjzMI0o+7huhk06Ls+Jf4doAnMQ5xvzlXN0Jrm+66K6cwpPwq24uT0WBbVDSG8a63HdMk9Pitugm8gT5TfsMmkXcm8XvYm1EpxDTSUVXFdXoLfWyXIhhuACKArB7XcNbTOuzKmBQBNDeLFYB1E9Xt4xRs2cOc5M8BTSXsHSPQTYdc21dTZiVfSAP6\/2Gshg6m4bugupSvk5LVq6A3lh9ffmzYt3Db3zvnfSy\/Tt0BCYi48I1IzHC+nCbjFn40UDUHc5XrNCkmhQS1xNJg2qHFTjjUPePEW4+j3bBQRUYXBtmXyjbe7imkVYxn1jKZ8UW4USSgX9QTTgWMboFPNKvAGle0s4p63tKesbx5ZYZnXD1JMoq2wiuX3opjO2N0ancv\/RxoLDDssEhCe9dO3easTHhI9ARvh9rKZYKF6v6Kl1ISp1JmJSDWM7inua1o+4o1SDMyo05cBVGhhMTS\/9p3uBa3Q1+zink\/HkPt7+J8Qdeq8lFck+4f63IssnVRJTPYYtIlJvBDnEIzxlrIFjJvmSNN4lcsRZJPOIHxFfXw8TJRTgsvPxtdi3tSQFm4F+2sukCmWqPEy6giI87MQfoD2C\/Yj2M+9KXDCNq9W6tv2b4CTjfHZU+XTLbVYONSXTzAYgn5lkwz08bD2gqCs44qF\/KSJheO2v6XSQicbKpwE887mn21\/pZ1Aw7fFPdQKOSr+ozmKo3Hb7k8xRc9xS+jbMArySJEwlivY0HatI+S+fkF+iQUSFVepgBMwShL52IjMRPaDyXtnlg9nE04NDcI9V\/O40c8DJA21O6zuYXUndYIEnkJP\/UZOqiU4vEYGHHSxvu9z+OTP3HTmjMdAhSyUL1oGolZq+yT9EbInHY55rq655Oq72NwpUp+JpPgCJKsED+NjtqOZ3sxznqDpY1ghAohk4yNRdPDZzbaGgQemzPXCmXrFUsJTwcXd\/xU2NomnNTP3pmszYNUkgCR3tnkTvld9wZ\/IPs3fkgYPdntgi8PuMGjCH6ME+NhxjtV2MwDTodlIXAwMBGU0t8RnrdJi\/j1+SnvZYpC3oLybUZ0YAwC7FNMEEzD3PWZ1mQcdYkqPO6V4n6ARpcK+AxFYr2ZmYp5VZ6aP4ufUuA8CpPBGwUlNcZ3M2nwocOtccZ2oJCl6+gngVMfWFCnvPyKdJAIVEiwSYCs+M06T9K8Dn7IVtMoEfwHeIvTYluO2bnPQHkZLgVvtx4CODgchK9krbewpUgSyVMOqarNN5yC6WFzhdNiofu8YhqHlXXyYNaQehlZN2BSM6BAq9rstGdYvwLr32NuZBk40ppHqXSd1NL8zbf+k8yuXVg+g2tFIIoJcrHKG\/jMtPDHaZoxXSW0XP9QnmktFPm2sVrC8auYwtvIIcyHfmG4LUFWv9oOl2RWB0AiDdFwMDAEX95TGyYknbRQv3FxTdx\/ySOpsXyo9B3C1mQe9wKL+RuBQiooWFUmPWbB6tbYWNx9OjEFACLxCx4a2G5wYexWMh\/ScbEd4="}
00952{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":377,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739385090,"flow_last_seen":946739385124,"flow_idle_time":7580000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":3116,"flow_tot_l4_payload_len":3402,"flow_avg_l4_payload_len":1701,"midstream":1,"thread_ts_msec":946739385124,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"136.144.215.158","src_port":52176,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.powerdns.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00956{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":377,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739385090,"flow_last_seen":946739385124,"flow_idle_time":7580000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":3116,"flow_tot_l4_payload_len":3402,"midstream":1,"thread_ts_msec":946739385124,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"136.144.215.158","src_port":52176,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.powerdns.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":378,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":946739385126,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":946739385126,"pkt":"REREREREZmZmZmZmCABFAAB4rgNAAH4GLZEKAAABiJDXnsvQAbv3Oz6Kep+GTVAYAfUhVgAAFAMDAAEBFwMDAEXEY3mnjR52mKqLxIMUmRZZcXFLr4uTi7u4xG7UfhN8KpUlgxkvImJLngXBZJdhlsdOO80qBVROy\/zQG1hjQj9e57h2KPE="}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":390,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739385216,"flow_last_seen":946739385216,"flow_idle_time":7580000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739385216,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.0.106","src_port":39214,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":390,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739385216,"flow_last_seen":946739385216,"flow_idle_time":7580000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739385216,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.0.106","src_port":39214,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00843{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":390,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":946739385216,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":337,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":337,"pkt_l4_len":303,"thread_ts_msec":946739385216,"pkt":"REREREREZmZmZmZmCABFAAFDj7xAAH4GQrYKAAABaBwAapkuAbuxqh8KTGGTY1AYAfYqeAAAFgMBARYBAAESAwMGpOiD7bGSBZJpQPwx8jjTz98dXRQiG2dJooZruAvSbiD6XuSv8nbXMIfp9OgUL1wdFi5SuPi3kly1rdyONGuyoAAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACjAAAAEgAQAAANZG9oLmNyeXB0by5zeAAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACCocx\/g1t9BSq0aHoBq6EokYegQUNndj200eG6GOsFbfA=="}
00904{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":390,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739385216,"flow_last_seen":946739385216,"flow_idle_time":7580000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739385216,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.0.106","src_port":39214,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.crypto.sx","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00909{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":390,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739385216,"flow_last_seen":946739385216,"flow_idle_time":7580000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739385216,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.0.106","src_port":39214,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.crypto.sx","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02429{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":391,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":946739385246,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":946739385246,"pkt":"ZmZmZmZmRERERERECABFAAXU\/OxAADcGF\/VoHABqCgAAAQG7mS5MYZNjsaogJVAQAEIzqQAAFgMDAHoCAAB2AwOeWrg8chGRKGTlO6HJ1p62TG+C+NnG3SsfyKZ3JDWszSD6XuSv8nbXMIfp9OgUL1wdFi5SuPi3kly1rdyONGuyoBMBAAAuADMAJAAdACBCHrrBrdBjTxY914LUzlqx\/FQ6u0oPg+tIKo8Yp0xoIwArAAIDBBQDAwABARcDAwk65sXHo5FyUtAiAM03V5kAW3+LXGLR2yplHW327Ar7lBVn+cWyqRXyVDveXS6Tg0vk7DEhWyy4Lki1hEqLM5o32Zp445RQDsbrctFBNFcOMJmryYHv6cTI1ALBX4o3m7ShqxgiNr648SOfRyoVsKr13ok5Co8m3yWWjvTT7U22a\/V25Yf1TTU5ZX3C3nLhUlp8F4S6K70cvraldnw\/uD6FRUq1lAFYY+RdFtBona62R3kW3zAEmLHlxjwypAF3Ed8HpEUN3N6Hh8WR8FPduTTrU1rGJcfthDCSePngGTmyI7kai\/r2bxnw0X75rGWPasNSz\/szhNdRWEo0KOZIuIIBBW21rDG1KEO\/5TMjvtncyk4jgN5jajgEgs3G7B7IN47mqI9K2FWa09ZHw5D9ghGF6WusPDND4+h9gRzFYMTRQAs+YDOQfRoqmeDcHvQas+1JnEYjeG1g+nCoph2J1xKskq4pSu\/4\/GnANXkQNNVNHjjq8pJ5wm6ibeZE1gq6PVr0nZRMBq7E5\/av8PC0+acRxKixaAa33wWyU6SeZcL1kZkunKDWXWcdvdQy51Xenyz43fec7O\/+7mHHRsySVytdXjgD0ZKChXJn+AmwQrC7OY5cEE84MSyXQywUeiGMZz6HP3Gxw+6pQWrQZTjvM2lPibOGlOclGV30N96QQ95Wm7tUJbwgXYzy1Ap3e6BhUMIyFcI9\/pMzhGjOExmlzyT6BDYONbNyjHW2odTpZ8WjTWXt5ItMp4Qf4ciPCegZXwYLxQYwEVRpcpQCUbjq9DqojYcETIPE8pYwv+pEogBkJ36XO7ISaByslei0uwlMTDGqahxFUG9xNqF2N+uBuGm3rP1N0De6EH72L31wAMHQLr+g\/Z6vH8L0t5ZBiVyHRYWFiBaqBS7sS5CL7XIwxWU5nT4+O0vg9\/RKsE8R\/V3oTcaEyuOxZPN2ld4OexQ1VlWcqVQyk2Twbmq7OKKuOtMkJEEelQzBbVDHxrvHpN4rIHzn\/9TLkc3K+Gw0IKsO0YEfzDLQOy1LPBOrUtSvkHpTT\/9tKCeQ5oeaxAcdxjrW8Ob6O3OfTjPur4i7Dr1vbtCqdprUT3YFFMRDZ26nuYQwhC4uKvrLCR3YBND9okLFnTd\/lUt6yGc2upOIbcXBXCyaL3ONPVCFw2rLhSE+P67Rrx0pQ\/PN3BUeVHTUY5OZL2UVofmKcp3kyCsJpqyPvgqtN6sEvjlAvawn31gSxqPJMO+J4TEIN4NsQHeQPoQbqZEwJ5dggsoNl6xy1PlfH8FxBn\/\/\/Lr2eBnvYK65olzMCuvQ8qYuGMLDeKU+eAivsl062ELuv+\/dM8uhg7Eno5vDfDKFHEJLzWRw5E8iFnEoRLS95ap\/irULTPgAA0QmZ5jn1YuEDktj\/0IeFc53AUQ0iqNqf8q3TqQngAAZUKBI7Sk44RP395w1L0Eyzfl4IxdNlReV035GNhrN\/DGIe5cd9OmCUDwyYWDZ5z1ksNzw8W+uzpiwBt55f0ZJkvLbFgiMA+gkUt4hT8f5WK5dSjcjsu1hL60eqoQvBa0lWD42dAL0xAVrNk06unSiy5OJX2WBK7Q7No9ybhYFoGzDI8ZzAHGp1Xz2h+but\/3A\/uToYXT+zhFlUes\/MlMz6r15CtQUfWQhXV2DbcqYzcNr7XtwvhWwQRBQjoyEwldiUNrV4kfA5BNVrLK+IAb34EZEEXlsaVEYZdfTSkwf5mFzUW8YEGENVFtWYgvqKiwzQRm4Hnu9"}
00945{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":391,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739385216,"flow_last_seen":946739385246,"flow_idle_time":7580000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1735,"flow_avg_l4_payload_len":867,"midstream":1,"thread_ts_msec":946739385246,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.0.106","src_port":39214,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.crypto.sx","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00950{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":391,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739385216,"flow_last_seen":946739385246,"flow_idle_time":7580000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1735,"midstream":1,"thread_ts_msec":946739385246,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.0.106","src_port":39214,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.crypto.sx","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01877{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":392,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_last_seen":946739385246,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1102,"pkt_l4_len":1068,"thread_ts_msec":946739385246,"pkt":"ZmZmZmZmRERERERECABFAARA\/O1AADcGGYhoHABqCgAAAQG7mS5MYZkPsaogJVAYAEL3vQAAj+eEnaAC9OtjNn9ZDhuY0QkIU8Et3SozIjmeFN3jl5ynvaSd0TNRCmKpUZKf\/fvqVCNBLPVpc+a1\/34xSlEnpJggvfLX55X87U+wFE+Gr7WzyudHjYSOPmOcexDC2hRAzeXYq1TgqVwJwEh4MCpq5hwfPH3wEyqIpcTyPqNEKua3iGoGl0jDllgnOyDy6qMtoHeGHyOqCPa7ViWWNsuvANnFYfP4DWXgq8fcNnwinGDW24misysy6Sky1Qfcgf01K751PVkPm8BzlnUWtr7bdFh8y4G4SaM7Ac3Zldy8pQDT1EbhFcuRGdsZ0naorgHPYs0SmR0Y3t6UYCsF0YOkjsdAEbpFIfyrBCBlh4z7aJh9xKrg\/5jQsdBuWbO9f+feot414m65BkfEsJNZt6q0OhiZBadbjN3fS3WVyRW59gC6+MXzyIF5Wxx4OnO6rWDTIiTViNpHvl70VUj6EIp7jtN+701iQ9XIbvLRRNs1dMLQv4llg0va54eLOiI8Tefj84dHZQatLYpsLcK1X1xgMBQvJdmlFwbKncCrUOCkGSrsZ4LVBWhcaxKoO36xnPPDV8cinSkrG\/rQoYT4tiAfTIWSqbjcWcgucf0EZWFYbi9MDrGUzUcZr82zbUhnYlEj1+aY2lv2lSt5AqGSaUKeQRwioCypPc3dHt1C72aRiX4CCSBeRj4DN2l\/vJTlcaPiDNg7t6TPWllts+Co\/OdFgVAkJAl+HIZBjiQtPGdBZH0Q8WHs19m6ieXdVdu3SXksmcJ4OArDrkVebghoJZJUEvtdYdAu0CxG32Y7Bdxe9zNMbKMIjUZThhjnA7hE+UoUNNr4aUW73torTPDm\/PasISFjUH1CHoDvjfn0IYzqO2vVaat\/SFbmMFs6UfAByhfgtTIBdM4vlalC4vJ\/3gPNzVh1u1xqYYIU6wN60WQoEexxjHdAMBBR1w+y4czMCbyPxsYOQzTZedkx2ofb\/xA+Z+8rEmaj0xb8Fyln6Nq8bsbjlAzp8F+BPhhygJC1D1SpxfIjpLhJ5pR8cCPnmFuv4Wb6pCT3F\/xJW7qpcmMvdn7rOqlw0sLhKBRfOeheFxSJrKe9iavOuolDEItae4jRrh8cRuAabSIDs\/KL9d4qTkbOnc6ryMLcKUz4QDjr3QIMIHJiOX9+2DVL5+3CGc336xPBx67NPWns3pKxWZovEglaPedBeKa1Ay9zwVrpcshhz8ZViqEZyeGf3Bhnr9gYf6a2k+91KFhxPRsj3wr6DG1ZrNf\/1DpWp8C8Eic8yqmZ7eLKXZwe+Mz2GUUCbxCXRoPG9q7XWM+v0cWz5lxW0nXaPM0vHHCL7Iqhc5wjeX5d9z5lx39pQN3jzFWZB4SuiTobndYtfC9FvqzivwC8uagzgYQI8AhesQ=="}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":407,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739389936,"flow_last_seen":946739389936,"flow_idle_time":7580000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"thread_ts_msec":946739389936,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52028,"dst_port":8443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":407,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739389936,"flow_last_seen":946739389936,"flow_idle_time":7580000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"midstream":1,"thread_ts_msec":946739389936,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52028,"dst_port":8443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00841{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":407,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":946739389936,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":335,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":335,"pkt_l4_len":301,"thread_ts_msec":946739389936,"pkt":"REREREREZmZmZmZmCABFAAFBc1lAAH4GKTYKAAABLUxxH8s8IPtar+ZR\/RI3kFAYAfZgWwAAFgMBARQBAAEQAwPDKTE3gtHe4YkRucyB7lgiewe8eRdkAeXi8xQ\/UXf8siCUJYNjNKAcmo3iKZ+yKMitYiljKY339PIqZtuOYBZE7AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAChAAAAEAAOAAALZG9oLnNlYnkuaW8ABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAgBTSef\/+Gs9funZgaOAKPCcHz5qP34E4cKsNkKCajyxU="}
01035{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":407,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739389936,"flow_last_seen":946739389936,"flow_idle_time":7580000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"thread_ts_msec":946739389936,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52028,"dst_port":8443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01040{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":407,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739389936,"flow_last_seen":946739389936,"flow_idle_time":7580000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"midstream":1,"thread_ts_msec":946739389936,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52028,"dst_port":8443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02376{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":408,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":946739390265,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1464,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1464,"pkt_l4_len":1430,"thread_ts_msec":946739390265,"pkt":"ZmZmZmZmRERERERECABFAAWq7z1AAC8G9+gtTHEfCgAAASD7yzz9EjeQWq\/nalAQAfntdQAAFgMDAHoCAAB2AwOTWCXgGAu71\/Yvi6NLTHUrXueot2ESWHeiaJfdHE5RUSCUJYNjNKAcmo3iKZ+yKMitYiljKY339PIqZtuOYBZE7BMBAAAuACsAAgMEADMAJAAdACDWWloo6cinLldR+cnVD8kRD\/l0Q2+aXf\/fBY+S+WSMRRQDAwABARcDAwAkRhOnfgeD\/nNOoyXIFtppA82CTRb9QELrjIuZ4Sms6\/A\/wFXWFwMDDR5COUoGySb4hNNJ9UU6WNVu5EkkD6YuaPuXJ8CsVpFNJmnkrUN+8qnnRcWKvhiCSeJ8dFamc6FJiqYTi+y4vhj\/9CUzXrDpoIqCPPPJVzrO7TRKenUWLYob8NzsM\/dFIXxOJTiZrwtOg0PRbjHk1oNiocDmQfIuK+9XQjJXpmH6WXi1GuKS6BI\/Mhq7VeFosQzd4f6PedlOLyqUiLqOkZBu8shjDKqJBgT+asclbYKMS0So4WatuM12p1csrxpvTCnaj0btgSWvRlOtA5V89mkHs0RlWfRzITmJodp36A7TpRfkiq+5ADaJkK4PCqzM7n58+S7faojcjUVNv3TZMKR9X7THNbnF4RYlkXi+yQzERvi6AVU4qjl1T3oshQYm+0uXk6wZy\/EHFkS0kI4JdkMrhx\/QDyFE9JrZnCDaKSbgnVDXGxQ6JI3KX68rAnXlo16wEjgmYiB\/CpDOACPBUUmkRPrMxrIYGRVY5m4VHDtxxsBR+4pWd57JVtTXFf0dDyH1zJz6Z40Wrwh\/p6Qz5d2q3mQqk2qU0E2kn8++EZD8541s2A3AenqtWVuRk32zNIyJfY0yQnjyuK0juMCVOEjM4+TSdiFJcZE3rzM52S9F4fUWq+Qa6izwHy+3rJUcjKQaK3KU1ecorGHjAhe9fanpg8OhUEfZK30POLsPc9a0KJ8Bhzb\/xTp4iMokguZqwGUeiTSNyWJBScTyI9LLhhKpNOWbmn0FCwxaV5Mbt+mvTDDVs8cw9GaOZN49PQe6J7UFtKhXp+jLkt\/igfMPvVErRgHNbDWAx05yKKN5cVgAGz+obL+4ZX79sXQRNBQfrfR7W7COyUVVMPxrdFItZFJXlJ2qtiFtfv22UGoflFY2zoiK9sk9Zj+K1u+9Vmzjs+RITpDecu73geffdixXjb3urBW4FykkW7oiu0nkWHDQgL+KviHt9Tm0lU0Hzsi8YTo4OdVu\/QwCcmn\/9YMQoYmxguinCV0SqsmSoXYPpWKAlUH8vnANpkvHS7OU72AWRuphcFRa4RXp48xd9rXEW7d6pcKpL7UD\/qAcfrqs3Aq3OBcZjm\/9+CZ\/HA+ws2AIqrw+2oY4SiSGn\/cjxInZ1S7KChZFleUsKWilMt0S80n1UHIe0ozJo1YpV6O+256ILtDlEXLc4L\/\/W\/Y\/61lq\/\/f9IHao9y20WHTGbxQOKX1rXuMjgZIEMZvVKqcKW+vUa6jVq0bpPfVryu2fyy6bH4O8lkPOuhDeO5FxfnatEMjgu7F6t\/PeACLHie\/Eg2ezTBDOdT85sb1vFD3nB3c3wl9xSQGoUXMREa3dlU4yyKTsRvhF5IVHX+WZrnZEXNIyBa2yqUn\/9nlC+Nlg+hPHBSdvrZNSMA+riMftxpQlj6FTL7EYx8bKMIfPYnyZddeZmxpXN9XqWLs7KrnqynK9ZMJhVvaIAMfyuBU2fqyPpflnNhs96RaJ+FGM\/iw\/mZYOsIhH2JBIZKVlvkBCQxCbysphauFVIsTMYeZEcsoCjFB1qKXHuCceZxP4Jy7kiXMgSTdDFzzGYgYfCng1fFfHI7zfjdtWkPQ9HPe5f9egBljz+JDS6ehJP7PfY20bsjB73IKGpwaFJB2W5txeWuX9YJMSmwLmC9CvECSoWQlENl+g"}
01076{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":408,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739389936,"flow_last_seen":946739390265,"flow_idle_time":7580000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":1410,"flow_tot_l4_payload_len":1691,"flow_avg_l4_payload_len":845,"midstream":1,"thread_ts_msec":946739390265,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52028,"dst_port":8443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01081{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":408,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739389936,"flow_last_seen":946739390265,"flow_idle_time":7580000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":1410,"flow_tot_l4_payload_len":1691,"midstream":1,"thread_ts_msec":946739390265,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52028,"dst_port":8443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02363{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":409,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":946739390265,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1464,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1464,"pkt_l4_len":1430,"thread_ts_msec":946739390265,"pkt":"ZmZmZmZmRERERERECABFAAWq7z5AAC8G9+ctTHEfCgAAASD7yzz9Ej0SWq\/nalAQAfnqiwAAu9LAVBlO+s0L+nkwU4YXcw1SOmlRl+XSnXuO6tKFQ694AGFrib2S2f3BX7B1582XtNQQL\/1IwqS9eCXYJzjdfbbKDKnkw+MRH36zeNfFmebdTa26VGWOgnZNECwEpmFBvEXSt2RPI6ofb1vE32eZrFh79Bpuwp1PCG2ngGNn3Z\/o1aRMv577hTiLGHUP3zlCYCAacHiSAEi\/LQgxJOLyR9jugiMcNQxMzI9B1anoxyifvPkh2BJiEbyAypQ1hQGudgFCLTi2Txkt7Eu\/NIUQoPpDLsdh3lHWxNLyLEP9wpzBgp6l3ilL84X1Mk7ZHQuPK\/Oz4yfrJd+G7Oo6i1yrQ\/Adp3qU8KnQ9ptwaIVLOtg8g5ENilAbdYS7Ka3cZHFz4gvVtmLddRHiTcXVf5C1ypTeGluZMusSnmJOjPWY5fp5RP99ayjRwQRdkg+IcNHiO31ps8qxZvYyOJZ7Fb87gLgZwV0IUvyDuDbizEwr2XSGbMEZuVoSHx9QyUP+A3BPmqRGGD9RWvZIaULosdFkVeC1hEiNEcM30Eo27GhCBEkpzGPbQ95LfK337HDa9UlKAktQhKwG8\/hAtMIbbv5Noetnx3T81i7FzhkyHH\/C6g3BkR97pP7xxNGSesRAej+0SV1z2Ux2yezANH89JV1k9OQdFbMalrjLnx8kanK4YG3Zfke83pATlf6RAPV3lPyNNDQQypoZkugKEUxOXS7Rx2XEo0segrTQp7Q+35xLorFirg\/3rbokzMw54\/alVY08gHsLJlNmadq9IZ0Hjxo7ykUIQsSRH59BS476g7Zzq0D6LzWm8dRwgOJiFmUme9r5za2XErhkjyFFtknvfbQcxGFpshYQjf44nBtFebBI6Th81Pz6P4vS1Ab5Ldbe5kqW2W6OFyHBCtpJQLdqxOC1y4j8o1zpDr\/5I6fMit0JvTc1WNaN6qBFlg1P6Gaatd4VK3xOWgpdV7lGy9Cs1aJIggG2JQikJ7xxWvncFI3YNX\/j7e31omXzttI+wKWBnq3libBpSCKXTzvdWZpJ16RDkXLbmBFLlruWHpbIZvg3vh187AjFKcBshFCVg\/9CKx0tdclgUGbHqJ7E6OtJIm4m4kox5tzQjCDUJNS29SjoWoK9anOoaXw7azu80JwAvB5wDC4mKG4pcolzPcWCdGzgc4j\/1wLg0a7\/6J83Mv9Vwe7sgJa0WfVmJh67OWIpAbZv84XgLPcLVo5yXd6\/yWWRMvn+kXy6mm6tMTinzOpwIpfSCVQtp3DNLsEUsIkV1DrWVNbTPvH5GCVkQ8p3Lo5BGZ2lF4qqWWh0bwR33Xc69aAXaHUgKcezVe1FfG3x1Q3qp0cn65Dxae+n\/hfZa1KqbpdsxY\/eLTfFV7m+HIJAbLFSSzH7PU\/MSQj8rvEXnuHMSR3htHNgcZRMLZGZNMcEgX88HYGJMITbgLbQ1nfRTwzL8m8XTnhZtErha6pHrFlPsZ1RNjcoqZKgLKdMg2ezfrI8Jq0lQFzAOf3F4VPbIGq1krTP43rpCLbzYETrqQH8Xz467NmG5PHVJ3Hne12KAqQma4zC6YHwFBTwWUunyHc7Z86uw6NV1GMEfe39uxIB1Th3Q3mEC1zo37vRQUYEr8R3n9WX5ZtJpDmxGTtrG8c0JVrUZpjFnqPj2Uj069ivRfFVD19zTIWIWwVZHNTkf54z1SZJ+bsWwla3CC3KyaPHGsTreYdevDYggE2Ww91a5tn8NCHUwyaWPcCmBikp3+fKDZwg0dx3gKVzU8Hf9Km4EdsDin7gSeY7n3yByLcyqnB3hOSBc1nuPCEOi+hB9GXpEuBRdmMhQLcAelRdGq2lZwOE87jAboVg7rc+WH1wOyzCb4UJFuzyaFs37Li8enr+"}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":425,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739390933,"flow_last_seen":946739390933,"flow_idle_time":7580000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739390933,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"217.169.20.23","src_port":34036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":425,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739390933,"flow_last_seen":946739390933,"flow_idle_time":7580000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739390933,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"217.169.20.23","src_port":34036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00844{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":946739390933,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":337,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":337,"pkt_l4_len":303,"thread_ts_msec":946739390933,"pkt":"REREREREZmZmZmZmCABFAAFDddBAAH4G12cKAAAB2akUF4T0AbuSPuOKlASrClAYAfavsgAAFgMBARYBAAESAwMYXSzw+8AvMstO05PQ7qPBj27f4mGkG8QM9OU7ZRFcuCDJZDN\/6VucUquGKl+O4ES6VCX4Z6V\/a7wGR73kRIiX4wAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACjAAAAEgAQAAANZG5zLmFhLm5ldC51awAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACAuLsKlIgLTs2y17K315yEyJxqnsCXfl0yS1kyaNKG0aQ=="}
00905{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":425,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739390933,"flow_last_seen":946739390933,"flow_idle_time":7580000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739390933,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"217.169.20.23","src_port":34036,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.aa.net.uk","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00910{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":425,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739390933,"flow_last_seen":946739390933,"flow_idle_time":7580000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739390933,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"217.169.20.23","src_port":34036,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.aa.net.uk","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":946739390967,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":3165,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3165,"pkt_l4_len":3131,"thread_ts_msec":946739390967,"pkt":"ZmZmZmZmRERERERECABFAAxPNc5AADgGUl7ZqRQXCgAAAQG7hPSUBKsKkj7kpVAYAfW6vgAAFgMDAHoCAAB2AwNggvgT348vLVfztyje+nh951Uui2O3z\/vCGwcNEmcL7CDJZDN\/6VucUquGKl+O4ES6VCX4Z6V\/a7wGR73kRIiX4xMCAAAuACsAAgMEADMAJAAdACCYu4Q1ZjtZfYUrS3fwrroPQafz4tTgHn9jgiQX2w0NexQDAwABARcDAwAgr2vUeHfWinGo7k2fDAirV2y2+2vt58RojQUfF3ywprIXAwMKEF7v66Q95J7Madk2ZEcExfHDptRh16jabZXVGAjSu6ZVpQdW9tsq8WD0VxRfdaushrVbrrTRIk5I0CixRifCcooy6c56kGsUxb8wL+Z+QNmR5uWAeV9nzzlGQpBhNwq90IzHQbBwHdfR22cB\/o+gnP0zKhtFT5pdVatUFFMBXYFPBfgmW+yElY9JLYGDSC\/IIw728fBQlRPlTOPnC6Bd8HZeDEbFd7L\/8oeIRd34AfymHYlFpxJ8CjS4xP7I5o8GpeBcv96KPHtYZV5dsMuE75XBxooOpL9Gr9IWBy6AEdPGcU29oVVhWirzJ93HxYSeGAAYTfsu16+HrpOMUAzFMOyXwLKfIjR9Jx84Zvi3ytxvu8IPsZAmQB9iLco+v\/PYNz44XswLq2rQZtIH4a7\/SiljnI7OvMEtw+9+0ohSjEBjqZNpZ4+Di4Oi4uvLSj90PiJtsiIz50r+luuFIJLrHS\/Bx2ooWNGmf8wIpBNOEoC8uYmbQEc0M0F6MgPM2\/Dc1rxiGmLW966znBcYtqEPAIF5LP4HjDzAMEtUySTvYC8cLBRrZgX4sNAbkCcpNw4QFS6erQa8jKBVOZjyMqQVsAikZDL76qZyWnWAbrLmD+ESPhH+LiOjwj\/BVLLmuPIqP2HgrWrkMLok\/KHXuIbZn7C1n58rcMZq7V+5f3gEi6kXuPOTozMsLixf3wStDsNPpLZW5vF+Opg\/HPuTYMBM+b2VDW0oQ+mGR3v0lSfTyZb2sccxT0\/YFa2\/gZNRs9igar59HBmzwzWtwto1Lj2+tqjOzo9Vxzmqr0QO+5jA9knewsPjci1iEHsBRvkAHDUo8mzkBfWBM8t9UZZElcDeWIg7oO2uY349FEzTQzJrCGLOJ20pc10E+6FXsRSoQcdecc2pqUoNYisiO4BgvfGVRTx3PyLsE2LqpgS5+upDBiBuHq9GTnvPUwfjHUOVZfhEY9kzfkMm52CF0hrFbS1FqZu2k5xWd1RZ+YdcxocleEJLDXEEeCaF2XJug2p3sgxI8AQfg96H0lHo6\/ce7YWyFTSQ5214Zlm5R8arc+k+FFIGpKsd1JRZDuMs6lUG2OcuW4k6GmXOA9lL00+Pu1LlWECRAA38IcMLlvDeoyIVPF5RKHTFbtFfFeynrkfS57BDgpnUQsOLofW+MsR51VSL7z5rFWkT+0yA0OJ4P5J1dZjOVbRrnPj+lP8KBidjvuv\/+vQR9AYL2FUFonbuHYQ6NUOJSyw\/q3koSUCoI9nF1rL5SbnJpgQ9XzQ2ozstAI1DR6AAJPio22EFuEDMEoFVvE\/liE+8UHQnOZNeIN8tMqUAL+WlkvDEcrehWMNUpY287pebSO3eZPDe3egHiaBMZQIlL4jO1lfEjJdr5RXvT9Uv4MVNGGGXCQtr4IWIfMjPSJmmedmBdcxMuZnxTJ7jKLERRom+1LtykcTtbFMZ6nwh7KNIt58CGrTH3Bh+ClGWC6JtjiLbGXtcN8TOs97BoUvfH2xS4muIblEv23sWDZt8uHBdYWb8qBII2zRRCNz4TWmEJd5WuNBsZajJ6+izq\/kuJOWcsJ\/3ClD+JPyh\/faP5RIOC8TtW52DI8iUXjhh0HYoQNP5CK\/yGELUKYphGmQcP1BV0e5C\/xs86j3J4Tqg0y4WesV3d0jU+gkOa\/xZNpDrlV+JnewVAhCkK2UsUk3C84VdKoqUnp9Pil5XcszuqrrK5fn2Ja3xJCvI9oUZYFRkj+cpcHiFBzHL8vrxujIbPqQsQDehofVoxDKQvUog5ZiOw9rqXCH+rf4pa2omETeM1OE52\/bijRwWFKerGk95vgv7mf\/pTz2jvStIe9mIenHJWL7PEZH9sdGDeZQKhralY5AEfcr8PAGFV0XOY4OvHkHHS\/kY45xH7Heg3RGSUSAkY6LhaxYZOH3vCb8pDwz4M8eJ0\/MawhboSpIfQdoDBfBZibpy+ix0cl6f9YHPnTxwCWpi11t8Y\/Ioe5G719Te12HR1+3LJDUG4+t8UMioCT3GNag7c5mMGY+V+40MlPf33OO2SuBDaNUe80cz9ZjBk5x+9\/8yZnlpBgJheqdBeGVTSfNj\/\/ykzVs+ovI3rQWJ7MtuR80iZzcYqQWbI4RBftGKVwyCcJOskMGArD6+UArYfVGIccM6l6ZaD9x6dkigf3LAHA30iuQXdDyjNpxgxl4iSK0oLixFkkGZE94ONcw\/GLLOMYGf3ZsNLQSPf2qyfAF5BKKKg7FAQid7pqgyCZp5F8XKbACdlEb9Lar38xOjvjnewcnGzD4Z6c9THtqSZcDPbz8aL6DmV9lXZmD6\/ccDsDkRU90nhHSMrUF5R8hxDMoP6Be02AohXJwQbll1wPcUEyYk+tfY7XoP1gsqXecmTp+tusAg1\/AwZK8oozX5LgL2HyoOuByw1lgzh0RLilH5JrY3yk0E\/jG5JRoV\/y41cG7xAhvYbSNXDFCXbKeSVI5tgPheZvJ9ZUyIfStt125MRChKnoA2n+mG9KzbpZpyVz66ndTD0j3XU1kDOqjF1\/SbGf1+fhwWGaMMcZUYzUS1y0NN++mGlj87\/Z\/u1peJJRpJLZAkwhE6\/qyvUgAeD6bdzGa3m+9PvZxqRFg4uO5BEHphZPz4E5S9y+qwaFy+ng2E0E\/+Mq99pz8NTeooSlgjy86miBLzf74wOBFSoHbVN0PHL56xSrx12FRC1SCfzqnzT4BREj4eRgr5sVcZJpcqB\/DJ16zqD31Cdz1F6VAt5mHD5hgyW+BhQO6jtpBgHqFisMVPWD18uXILfOEcLKzexTq0enEqkxPPztMgd3lKJoJoLn9D15r82RK7HhKsmZiDKUuCdmH3DjKAbtkj9uSMWDKDEZ7ALu1TTrcVpMz\/u916YJjVrsJ4zke1Y\/PKCwgQji1xX0Q1uKg+Qhmzj0YA6C\/ZB8hBOasuUjTVZER2lXZpSogcQcgdsx7P47du+ZkiOIevUp1ckurR953sVaD3ci+d3blInJn3V2H1nd41bCStQkPyhbrCiGVWDvB4NjqVSIh6ypL1X2Tez7o9uIFek3e\/KdLnjoJYgUoUCdBCeRBScD+0K+sqvZzi8z7OnTzhYK\/aCGv11HpK88nhB\/fu4rCw6Clf8iUvZmwOIdmA\/mXVezV7u9+Y+L4mJOPGGV+Ie7YQjoii0W0J9zldsek4JrCNAfpxxvmfZTghYCrVQJNlGcKyp+LE4s0nXJXsv8iOBmDMV\/qiHS\/RfVp0Al+GVjFpErgTgXH8uFG0eZxhSX5TnPtc5X3FjIRORKWkOyTX+MlnBU+yWrj3iWALBhonn7tNa85eK0vFJHHFGyQm3hMEk7psuYZdoK61bs1KKeUi4RTDX274TTDnDx\/vYrXCGEMbInwJeEUUq10Y0AUNC+ikXVAlZm5\/6b3SLH1mmyzy5AwgfbHNdBdm2h13eHYAHANjDp++p3nOFwMDARmCniHbpabBh0wmz+4GvD7gEaHTo1WwpHFuO0rRndT2cE+rB3NSEIZ\/OfAhdTV9eadRkxEucZ2zRFouLobhVj7VuatuyZROJYubLXxY0L2AD9VfNIXMUeRNHnXvmwyBiqm\/8ZuzuiYxPVzYGJuS41vYyyQm1ND0\/vWricRWNYCIXjgbSqk6PFYh1FVGYRV8SSt7kE3Z3NtrXGW3LuaKD8ymXSg9dYJ9GwRxcPV5is5NEijit\/K0HuZymRnz0biX0ibyZ3bQdAu+3E+KHkL1KMxQnoIP\/X4lavINi95Z\/1+WkK1enaEAwf7tuLJlq5tLt+JOe3OVPJYXu+hVDAzfIFEvugfqxQ4aetpIOYSy0uy\/8Blk6BuP7s0kZRcDAwBF06XPl0W4alPWKLcZUBV1\/sR9gwxnLLJ0WJlMdAUkQ1CCMVwzdsK8lkkZUPttQ7nY8WKaipYb2yNRvSYmxfuU2S\/nIBiL"}
00947{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":426,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739390933,"flow_last_seen":946739390967,"flow_idle_time":7580000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":3111,"flow_tot_l4_payload_len":3394,"flow_avg_l4_payload_len":1697,"midstream":1,"thread_ts_msec":946739390967,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"217.169.20.23","src_port":34036,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns.aa.net.uk","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00951{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":426,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739390933,"flow_last_seen":946739390967,"flow_idle_time":7580000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":3111,"flow_tot_l4_payload_len":3394,"midstream":1,"thread_ts_msec":946739390967,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"217.169.20.23","src_port":34036,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns.aa.net.uk","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":427,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":946739390970,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":946739390970,"pkt":"REREREREZmZmZmZmCABFAAB4ddJAAH4G2DAKAAAB2akUF4T0AbuSPuSllAS3MVAYAfWu5wAAFAMDAAEBFwMDAEWr1XNIOucPlOXvVPAlxCVPjuVei0Kv510pke\/KbmmoYPXHQYgn\/dXPL9SYgvzqDxY7NHWdbkgaLyLveAQw2UhT5DxScM0="}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":439,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400294,"flow_last_seen":946739400294,"flow_idle_time":7580000,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":292,"midstream":1,"thread_ts_msec":946739400294,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"146.255.56.98","src_port":43718,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":439,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739400294,"flow_last_seen":946739400294,"flow_idle_time":7580000,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":292,"midstream":1,"thread_ts_msec":946739400294,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"146.255.56.98","src_port":43718,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00854{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":439,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":946739400294,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":346,"pkt_l4_len":312,"thread_ts_msec":946739400294,"pkt":"REREREREZmZmZmZmCABFAAFMOfJAAH4GNZwKAAABkv84YqrGAbtdpqacr2JwdlAYAfaNXAAAFgMBAR8BAAEbAwPHJz7Bz9zA6vh2mAtXguxbTFdhb5D1tFb1Dou8iu1ITyDK94fArz+mQ8rbbzgPn8nq5li5Q+JT9k4ZyOL9YBHZZQAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACsAAAAGwAZAAAWZG9oLmFwcGxpZWRwcml2YWN5Lm5ldAAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACADmPqzqEwwIPykBECgQ7iBmKhoGpqhv77PEzGKWzxqPw=="}
00914{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":439,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400294,"flow_last_seen":946739400294,"flow_idle_time":7580000,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":292,"midstream":1,"thread_ts_msec":946739400294,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"146.255.56.98","src_port":43718,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.appliedprivacy.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00919{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":439,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739400294,"flow_last_seen":946739400294,"flow_idle_time":7580000,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":292,"midstream":1,"thread_ts_msec":946739400294,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"146.255.56.98","src_port":43718,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.appliedprivacy.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04392{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":946739400340,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"thread_ts_msec":946739400340,"pkt":"ZmZmZmZmRERERERECABFAAuAAABAADgGq1qS\/zhiCgAAAQG7qsavYnB2XaanwFAQBBOXkAAAFgMDAHoCAAB2AwMDsBehTQYQ\/iH2Yhpyf+mLl1C35r3Ho6TovknKnjr8riDK94fArz+mQ8rbbzgPn8nq5li5Q+JT9k4ZyOL9YBHZZRMCAAAuACsAAgMEADMAJAAdACBo4BH+AA5SyDExxRIaGpKShy1vmsbixTg2m2T2NedPDxQDAwABARcDAwAgvk7ezJo1JZP9LjmZFBvdhSYoK5Td7g7\/A2oIAgI6osUXAwMJ2yS0n6M3Ydri+rIgYVXd+jwuTvP8FF1HMS4hAE9YkVd0802YEbU3pHhUuQANn0vXApBPxbj3FV9uCCuIZCOL4zY7+k\/N9QNOxO6wgqwyjpqF\/MSuGzGbkODdKsjr3MXDrOEDT8UY4Cf7sbDSqOIkajzwlllabjLyw\/JVxOtUepEpKMKQWPduyvGLlnSE+4Pi9X1F5dljLFonfMSt9epl2VwSF1nq8Zl4KKstqyQuG\/zmvd2vjAUtpZ7bRJhqcQEAuZwHSvB\/MtIxXfAzVeG47SjsazBlsuRoBS3fTomilsUH4J13\/0ChaLizKxEdSZ2w2K00iVdJ7hQkti8Yk+XaV61AEfwts012l3Az0Ul6QGn+ovAsikUEMTOdEJmAEExk\/NRuYh4YJeat0fT6qqxPxOtp8iJmxclZOIdEdtKfFRlb\/Q3pIWRMmx+BKdsNQm6TtOsUrqgzJEovgnDvaBUadejY9LBbNHqxMK2V6F7gbnGKVjBjB76l32rCkAGXZjYpu99n3pc8VsX6toeCgNv6uuTb2IhBkEMBsiXbrPavcq8F51o9cjY6ri1T23vFWkuEBAAWOdINJTApJO1joFFgFxyMMNnlCpJoVnqu0i\/rinlDFg7S9CtMSJ0Ubb2fcMiTZVA8sg8c2grczf38tyMaZ9tLwrWkyrDaM66WF+r\/Smzgjb3lUh8vJ3yJCEPyKRtiP8bLVA86MJJR6swDhhbPo5TZc3HPN3paBxU5U9DTyACxQnk6EYqYsA8ZokkmQV3rXvd3nlNnXQvP8iTrcL1LydrbGPEmcxzftt97lwfP6IxI3O3sNlij9LY+i3W9W6NVdJf0gVlPHB34DPsUDzGCBqeTZuUD+fgbA8m0vHZeGLaeh2n\/ATJxgu83kBANWSs0j4JxeZwkxA4LQE6k9KdadeiuFQWUUsCMoytEmeRS+e2CKC26bva8V4F4G5ILpiDrVUa9OPpnIugEC\/pCpbfo45ejO0OYsjmcSB9VHs67ODTG8tfG\/HSnEWghmAKv96DqsZyAaTmkT0JkH5FkXlCzBQ8v8o8b6rSE0lRW\/lesYflMu+sWf50UV63CFJyy6fgpaJPxCw8SCnSJ9Wfe5036kFXS9TxM7sPwyghnAoVeaf7Fck3c5pxthPEaz67tzSOMeekQJOQi7xMcEt3jcaR5XiiPfvpfvbXLOiTYOMcz4nBR25XpUeWEHByMxgi+V+13jYe4gb5oIp\/OYL+ldNmokkEz0NkrXv9PYcDVxLHdE8YvZjA+Y3MOkWFCk9BM\/Rn01CyqbL8CmN\/DvCsMgWqz9BmPnWHQOqMnYSTykXgSFe9FyeKoNSng2DkGXmS4Ish3yys0i\/QIlGlT9piLrC2UOh5tHQYhdkxZTzWOLoSNhJgdpKplLIWgmFyDHNvrhDmwq50tATdlnRMhe0ry66PsM3l0lek7HZ1iPpCZ7a660QlaPE9SZFbRD2hjaqHqZrlPWWwgi6eHfY0gu5vY3pzyuUgNc+IY+oeDLEyaB3ysUDN7Sr1IZYyAtSiOnN0WLtHIeg9uqvR4NEBF0XEfeRxZT0n6RrygJ1nWV+kailDfsz4vklZfPYltDFOyTnwOyyzBO2WpBi+QHoJdR5a+ci207f4TAHC5iWzq9Ov\/CBA21s0iwXcKHtUUuFkXfGsSTcHlMRdWRoqqdrwRmUkHc5FaU6RNse5tyVEdBKfOwfXkDw8I22zIDBmTO4YVBH4Dzw0SEVpSPVqE8m2STbZxIzmRtVGFxbw45tbGu6NUyHfb6XRJMV4vKdl8h+lVfwIggGdSBSYb\/J2WkIjXI5Z1\/s5OXr498b\/Ul1cfjj192V+QV7YEDHDJ0wunGAConliOcHcZIZrOpVaNMM7NeTBxiiUgynpVWjltr\/LQuk0Pld3mEIxmwXht0KmUnXyCvTBJgPYroLRuneYRQPZ1JOgkt\/kdsQBmYrZvkRHKWFwNxkLAhypRqmOoE6eO9TYZgchFtH7ouVK4C6vE0wlk\/wNdktEQVjtjEf81TNo\/lytMdDE\/EAGs9weyRqd\/Hmz5\/6yLIgAilI7sqB7dEuE0iiOXk4T95pQbOjvSnwI7M4B7Q3oDNdWJJRZNp2tZGQNCVfj0OFzEKSZbanefGx8qbWewy7Iup5wriwLbBG\/B7ZFkxdmUnEdpL4pTOBRMxGDxRjV5ioqpujq6Ef07dgH3IGRgJHxsp9J2Qlj8S7lCwwOsTDkI+PhLsXzzIudX\/ZiC+lH4Tm6LciXTHf3hDkr34EJfXHJ2WpSeeCsJZBkZx0OJpBR3y1cyrhzb66IxG0uSRnndSXXBNAmD+Gghsj7Kg4E50GUXibzQRhDNRs87q1TvRNjyYI9h\/opUmKnHAkXz4SItfTxaX2LIVbjHXv1XndcnuHwhJgHhiVGswZvXlXVlX8K4fGgnhgpZ7MSQN2lSYmnj2j7A1n8u\/xbD+JqpDU+SOMNWtYlDQ0M+WzoE91BSSQYj6pIr9DxppqLCgUAfJpZxJ8YTmINwfhMZVMPhUF+vys97o5XgriLF7uzxf2I4907edC79eKV1Vf3Ui9qrIThroIUvlpq69fVaplHqZXdbs+zwj7e2bSPVWUVR0G4cA3aU9fbVCQvpl3a\/SuOWAYL5O1\/gu5GJXDImY\/gEO1xe+OVqS2aF0XojyeNtILIeW1nDYyaMtRMD0J7qIxHbffBANlspXb0qgGJLXRsdV8\/\/lQ9fV9vIoHgsaUsdWxpVNTmqaQBhX+l7X3gEUnrZ2jVkY6Oh5aU+eYdso\/pGSL+gHQ1M1e6uj4SYxfEhZHY1voW\/zrjGcvC2BmpxPhTrZRQE7Z8GgjqyG\/K9Af758C5W6bNB\/xr5yeKDI\/G5cyIFeblO2dJmHUb92Zs9qV6hqZGonI7Nft2QsKRvSQjz6cpX\/ZVUA+5e0AnpZpXEPBjJfZQ24FXs9QBvGk2XnWW8Dboig8I5f6Aa0W91KG5sO3Doyp3jU3SQ\/ah58ZIaBgplOwc2\/XF6kzcQLnHv217TTOCL7ScT90UL1M8uz6xGKTqy83KCKRxOqCSmaU4GimFhTvfwqF7ljKegUp6S9OeYOOt+VYDC0UeVysX6yYVwgIBxXA8D51WCmgGdUznHhIQtp1cWWN2T6pBItiud+sR32LmiE5tMUZYbwm2xu\/Nih47FXpRY2xq\/SEOEBCWv+pct34wnV4RwGw\/IvRU9BDEL1I7Sc1UFJRrazHP37UtPsKE1Z1llTnptgsNBNnDluQKifySFsqvXdr8Wwvn6V56upoM0fLxPG\/\/F6OVsniKNnqDtgpVsVi86SZ5O9M+5OvtEmUD8hQl4gxL2QqLYZIWV6vswIZSATUQuw0pUlpiEaj4PymXC95\/5pMEQnYMyOGFn2xcDAwCAmr0Gh4ZNVa+hT2Dwwrpwf9EMB3SMWmSnSLNfZ1YP9lq\/H3H\/YzkchSbogwVw+NXvSKa3Q5dILWczbhkBruescLznbqY0DC+TTlEnvK+mjob5wwR3lQsp8odDMfmh22P3SAFc1ZvCoRb2GkaVN69lxvgMa3mO7aDcfiHSTbC8C9cXAwMARePoOyVbKZG3xXgBtpg5jANBShpYQchD5Po7jBmjBEffrOCijDBbST3aotIn5HBfw8iB7gJCrbmWU17Z2peLW9KOid+9"}
00956{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":440,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739400294,"flow_last_seen":946739400340,"flow_idle_time":7580000,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3196,"flow_avg_l4_payload_len":1598,"midstream":1,"thread_ts_msec":946739400340,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"146.255.56.98","src_port":43718,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.appliedprivacy.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00960{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":440,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739400294,"flow_last_seen":946739400340,"flow_idle_time":7580000,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3196,"midstream":1,"thread_ts_msec":946739400340,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"146.255.56.98","src_port":43718,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.appliedprivacy.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":441,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_last_seen":946739400340,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":21,"thread_ts_msec":946739400340,"pkt":"ZmZmZmZmRERERERECABFAAApAAJAADgGtq+S\/zhiCgAAAQG7qsavYnvOXaanwFAYBBNMgAAA9gAAAAAA"}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":454,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400581,"flow_last_seen":946739400581,"flow_idle_time":7580000,"flow_min_l4_payload_len":287,"flow_max_l4_payload_len":287,"flow_tot_l4_payload_len":287,"flow_avg_l4_payload_len":287,"midstream":1,"thread_ts_msec":946739400581,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.70.85.11","src_port":54164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":454,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739400581,"flow_last_seen":946739400581,"flow_idle_time":7580000,"flow_min_l4_payload_len":287,"flow_max_l4_payload_len":287,"flow_tot_l4_payload_len":287,"midstream":1,"thread_ts_msec":946739400581,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.70.85.11","src_port":54164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00848{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":454,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":946739400581,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":341,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":341,"pkt_l4_len":307,"thread_ts_msec":946739400581,"pkt":"REREREREZmZmZmZmCABFAAFHpuhAAH4GfboKAAABwUZVC9OUAbunNzlTos+VOVAYAfbYRwAAFgMBARoBAAEWAwO9Yq6mzn6Kf+YkY+w4Q\/vo+7yhlWhjohroCY4Mal823CCy3rkp5WTaWd5nTdItXIFahRCh9ETfjIRyGCS4r9a3XwAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACnAAAAFgAUAAARZG9oLmJvcnR6bWV5ZXIuZnIABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAg6wutcF723xZ1OaF0ooDfgy7xahyBeOD2x7PNk\/t6gG4="}
00908{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":454,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400581,"flow_last_seen":946739400581,"flow_idle_time":7580000,"flow_min_l4_payload_len":287,"flow_max_l4_payload_len":287,"flow_tot_l4_payload_len":287,"flow_avg_l4_payload_len":287,"midstream":1,"thread_ts_msec":946739400581,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.70.85.11","src_port":54164,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.bortzmeyer.fr","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00913{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":454,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739400581,"flow_last_seen":946739400581,"flow_idle_time":7580000,"flow_min_l4_payload_len":287,"flow_max_l4_payload_len":287,"flow_tot_l4_payload_len":287,"midstream":1,"thread_ts_msec":946739400581,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.70.85.11","src_port":54164,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.bortzmeyer.fr","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04382{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":455,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":946739400612,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"thread_ts_msec":946739400612,"pkt":"ZmZmZmZmRERERERECABFAAuA435AADQGgOvBRlULCgAAAQG705Siz5U5pzc6clAYAfXigAAAFgMDAHoCAAB2AwPum08l8a\/xsIE7sf4ouj1cFjIcJvTzL6IcltC8x2MVWyCy3rkp5WTaWd5nTdItXIFahRCh9ETfjIRyGCS4r9a3XxMCAAAuACsAAgMEADMAJAAdACDFCe5GcFoAINJ8W\/U00yxwlYg7Wtx0yaBhsZxlJVHAahQDAwABARcDAwAgjb6\/bt9RU3n7f\/XK70kHoogWe0pWzujxYyDQFCzDS9sXAwMKFyLHVFWncnvuWpj00oLMIDtr5tAZiqfcqzwOOMNYqfKKQHH219coqZSx1dHk2hi5d1LB3GytI8vYkc59i5RQQDbXAHUuezlbBvO8F+B3yrBrypISyNX1A4sx1E9x9g092nWO74tZVT++3VZ86RoDvvF0ZUqxTSHr+1nR9kKZh0N5lUkvTu0aK5ORhVWNfmq0hwnrW5s27rBfHFIN8y0h27yxFq4SIl7wwuk6Mq7vkrvqIsM5xqyCc\/9Xu0OqSF3zUNnkItIrGQeIJp3LGwwIhQxxQAsnuWmwcXNFRqEzMD5jbEtpKYkHahCBuU\/B3PKrCTX8+YsVVjGS5Qrjne3Kr5FWp6nlPfIH59LkIEasv75h75FcjD+7wr54z1JIPpP7ZrLR5PywuD6f88xvloKZN+WwiXGAie649c7JKsyGwCn507cb9CeSrJLhgRoQlUSUEBlnxiSHhJ2mw9owqvmzHqRqTxGrXh9qTPYDQpk5QRLmSGX3D7g6VS6CrNB+GfCK6SPMgzdR+k8lAJJdHOY0ZZdv+Ya6nA3r8RDkXrspyuJsV4QMPLAoNzQvGen9CeK5JxcSLtBMp5q0B1DBO5EIcsoLQQ6lCwlPm8U6NZmJK6eA9zbgzP80r8LRBBpZx1beD6mw3j+TpFAy+igQ8+ETtD4YPbZPWCgC6xVG0u33AvPq8sRsHwGqnzJp1MW\/CDUHInzc9xT9j80aqrzF0XcmMIsrs4KNMQ8QDQCsJmct9U0iMbkLXGLFA32BoRsU95KY+6gDs57twsE3JaqfYSuTq\/Dlicgoiy07U8DZsIf1tKivKbhBZS1qr1PaAU2W3RuJy+8koP4fg1irOvcozqBrDOixlNBNoG8ob7RGwcT3Z0ArR3tWTeHxhQydU29KSYU8HwZniOUgn1K8cz071\/P8S72m5u89j2RZsoG54t+A\/1vLyZMsjOXjwepn9YLOohxBXEIx84KuxUh3bAga+k\/yE8GW5vng0KtP1aBiU4Tc6A+REN2DA3ij6lHoD2sFhJA2fLcssM6OpAK\/moM166igfSm3LqGC4gK+TDj4gtClJchy8bvN8tctQ8iFjFj\/6qv7lxplsZ49PvHPbnKju\/tev2fd5dDj7QcMjqNvhblPBUZ32SOOjxBH3RE7aBpBLMz7W1\/NpSWcgM15pyZsPx8isO02KbyH6gAHIs+ZEGj61i6mnrDsMNesZUMUM55VeDXhdpD8kmxGJpLZ3bsJ69dZmjx3Rf6Zgw2KbXhlm6KMoEBrRSd15+xgTimUz9H5N6PvNLfaRiGX8r4RI6AIPrxRNjrz1JtdmeN1NzdaLUaHCvnql7jjxoX9Sn8xtUQxnkcUzYoweeIrvi9ulLP7ucnd54pGXhyPpURQBCM2nU9nbu+b6Pbj4vx7uFCRh\/lkqhRWVdTtE5uZmH8x4uxAXTdo\/R5oSgAkEsgUzYbuz4+G0Ch0T6jruu4T9ekEthrBCQJjN3fHGBcpM7AMfx+FKZas1DTjRC6L41JS2ixQWYjQbws0Hx+sBQGG6PAX0ilnkOFTCqdi4OZ+YhHBZ3aa4TDran\/FLmLs4pdGLb\/oqLyzwsvNQ7jdGUh2A89lsoDzqOObMQCUrWrG7EbmBEy\/sbHnGgiIy31PynXQexT3lSGWXsVy54UK1SdBZ18JpRAq1XaEcJZV9BqOYiMFEVnHR9zwIUFWwIjG0UpAOSNn7blveeCwW\/YovVsVKboGuW3yyReDZYyNgSvRfgvPpiG+pklW5Ihw+wYJ1sPXS0I2yAnATL00hg3Bnv3J6\/Z\/+4vJOHMRe5zCkPZYK8w\/AOnTp5VZVUALMm2aJruUFq4CXZyWMk1kbL3XBzpFB\/roJe8IiU+Kt9kQ449THNAxRUoavQeSeXnuQSkwDYmI0buLWeiaEzMUY5OavuLtDgD4c+avQlGrce7Ozez1RlLgPgV+i3DcrjoWos6tTeu8g4pr3NuCp14nKYaub7Vt2s0JPBPZqY\/MuyLA\/e3Fr\/OMlh\/EauRFDsRaqiHBJ2mP3NA8\/ZyaQQcWAIVjHSjsVGu2nQBYWjKsZ8mKcS9VpMr9ndCkWOs5Sz5zWAutH8paKKKAqBcvloCRHOWIfcJ9h9uc3Lq9DYb+le+8B4yxwh7qQJOXNZwdUQbb19fMRPNRiaEzON5GpXpNywN75iIVBnfCJp5hZfV7tIfK22ta\/Z6stqDCIyk+p27DCeEPYmTJDSSHKNbedRdn0\/iB9LUsBrCmi7IRRBlE2Tr8s2JDIPOoL9S4j6C6g1r3fpCuw4mXBrcGCfNjDw6rPYEplJqhIiTO+juQuxn5Prjqj21RvbfTbyzJIvTV7a0Zy5SJ1YWQ9z3NLs75HRnYaEIc3G103AKPkytzCjXINk0eKUkCZXrW9QupQw5YZCi9c+zr9e6Nsrg4KBkr13ePLbPEqhzK0TgphOe\/BgDw39ES3e0uIMvXuKrcPIZlkW8iZdSPWqT0Pls1rgFcXIxjJuZzAKdz9RIDjZGrpzpHXAzwarf0m0i2Gtw3bYKFHdkTT5n1uaYQthMuQHJHi+p8XDFtekQax3jKJD3CiZg+YeLzJ5Uo0iEidZKe5rH7ZzgkT8O0rVZwq5niGJgbiV3EUpPldHNKypyvkj3ycT9kY2IJU7ZpXJRnpDRxjhVDO4G\/kK6jqgKdwB9YrN8ddL2ErNeFlxtrqM8tHt2ZYdSMZYCnp2omvPy97RCe3Cp\/HGnLxpRs+DW569z8h8BSfI\/zMEZeQ4RsdRgF8hz+rQ8SRDGvtaqUblOPSNlurg9vSpcyYw7DcuCxkCASBOvLXbWh8As7fT8An8+JscVf\/lq\/mGQvDlSuFNj+tDMXoI0ZKapFzG\/KPdLhwKgFCipECC9Er6NeMVnAw07Z3oto50ydjbh57kzukh0zqDBLZjEhtFpoAiVBqZg7B50ytdFgK+6hZgsHjVoNuFRf32MJngr13fBBtHKo\/VHaVg4drs9W9DfAL1w5rtOMVsX6aUt1YAeiwdGBNEPyNmvNCcEQOj+xzMfVoOLm7SUXFyIm1n+reDHyXo8yNG7LkDYjmq\/JLkrpjl4bFeLBsdG760CBaEUCZJd3nvhfPPBsfCBF5PswuYpAEifKeZ17NlOaSrxj79WssKYt4uUKm2gm9JHcvNneM5n7DQEooPTVEVYNOgvXrRVlbfz+Cy2kBP2gCp+jUrcKx4YKGEhDuMaL8PfHGRT2vA7nqzUU9C3cJ3emOjaD7KMjipJvPBaA7U+L8ujhu2gJWLx4yY7mn3RV6K2HsrFjTJduvDGB+DqQg96t2CJjvMbpqIitN9hBxZbznMh3XU1HogwVfIbOe8Ug8cikY7ag9rW6E1CfeBwa9CM8u9CTXlTgumW220WzI\/+S8CMvOup0C9PugMt2Jc4cXDvNs+dyRWH3X7QIImonFrQ6RaFIHlbDa5gqN+0VC87hnjQE8OUpxOAg1ReSXhcDAwEZLWp\/o3fXWPvp18ZXCuvlFC4i5H\/0jL\/Tq956IZziJu\/XhSjlSr056BPu7zKCegDZWzYsK6oLPWAfcvtcSfAPACHpLE+JYCNMevr7LjdkYBxYeJsjktZDgoEi7lSxc1XaPOcOHuKcNBIZPhHzY\/jpu14RecKRjxP8M4PlZTTXUvzf286xa1A7FPGcV7e6"}
00950{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":455,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739400581,"flow_last_seen":946739400612,"flow_idle_time":7580000,"flow_min_l4_payload_len":287,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3191,"flow_avg_l4_payload_len":1595,"midstream":1,"thread_ts_msec":946739400612,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.70.85.11","src_port":54164,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.bortzmeyer.fr","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00954{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":455,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739400581,"flow_last_seen":946739400612,"flow_idle_time":7580000,"flow_min_l4_payload_len":287,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3191,"midstream":1,"thread_ts_msec":946739400612,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.70.85.11","src_port":54164,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.bortzmeyer.fr","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00753{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":456,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":946739400612,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":268,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":268,"pkt_l4_len":234,"thread_ts_msec":946739400612,"pkt":"ZmZmZmZmRERERERECABFAAD+44BAADQGi2vBRlULCgAAAQG705Siz6CRpzc6clAYAfVAMQAA7MoGonW0Fj4lHArVaOCgJtbHn9aRY0n9LKnu3cTyqbChLhfccHsdC81z2fZ+Ukv\/nAuBoKACJX8Pwem5JBIGeQ+hR9gvbJqO0dljTEjfnQJGlcWyJk4FqoFjayNoVLdbRg\/yWeK8VeLtflQjLxqwMpDM\/QbduG5HAuBrFrE4C7dTGq1PezTGhU9pqGsXAwMARb1ScBcpf\/m81VPRA3LW\/2mv0IZmicbA7T0x5byJ5bKDeMQneniKc1y1kH9Jz7ueZz9IjjqOqk3CW8r0ZREMc3BCfYPYBQ=="}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":469,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400702,"flow_last_seen":946739400702,"flow_idle_time":7580000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739400702,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35714,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":469,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739400702,"flow_last_seen":946739400702,"flow_idle_time":7580000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739400702,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35714,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00848{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":469,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":946739400702,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":946739400702,"pkt":"REREREREZmZmZmZmCABFAAFILINAAH4GS1wKAAAB0frxGYuCAbtSRrNTwAekRVAYAfaFCwAAFgMBARsBAAEXAwMzpeRPPpmPOBWwlYuEr5uNgoasUYbxY5rOmYFKCjGtJyAIAEydch7b9cupGuDzo92xh9NLKrnQMxUlfE7nWZM5\/gAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACoAAAAFwAVAAASamFyamFyLm1lZ2FuZXJkLm5sAAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIJeuQLdGEJN7n7Os\/LoZLYTlp1p11dddxIYAQZdOassB"}
00911{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":469,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400702,"flow_last_seen":946739400702,"flow_idle_time":7580000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739400702,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35714,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00916{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":469,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739400702,"flow_last_seen":946739400702,"flow_idle_time":7580000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739400702,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35714,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
03224{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":470,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":946739400727,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":2102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2102,"pkt_l4_len":2068,"thread_ts_msec":946739400727,"pkt":"ZmZmZmZmRERERERECABFAAgouN1AADcG\/yHR+vEZCgAAAQG7i4LAB6RFUka0c1AYAfWL6wAAFgMDAGYCAABiAwNagb8+u4y1yd1xwzS1nH\/nTUIdC4eY2A55MtUayrM8fyDO5yrWZS4Aa1iS7gSLPLT\/C8LAuC029TJv1sr4CTESSMAwAAAa\/wEAAQAACwAEAwABAgAFAAAAEAAFAAMCaDIWAwMKAwsACf8ACfwABWAwggVcMIIERKADAgECAhIDDKJHTnwjwsnrm2DLrI1zNLUwDQYJKoZIhvcNAQELBQAwSjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMTGkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMB4XDTIwMDcxNDIzNDcyMVoXDTIwMTAxMjIzNDcyMVowHTEbMBkGA1UEAxMSamFyamFyLm1lZ2FuZXJkLm5sMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv9OPyuZ6JwIE6bPDfiRhbYPMkVlSRq93tijiXoOFC9OQc4eXtoMomU6kKPy5Z0NTzEB3WAHxrA4SRx6q3\/yefPeWA8HsMuYfQZpftg95obbyxbYYejVTJGcDt7bBAbyfyHwpa9VQXCZ1NM6170XCwqiTXQ5pCT67h001VbP663EnKohkf0MUwppbn6Q5xEFc+o+3D6IU\/rxkzW1SQTh0phbzb1Op8DfM63A\/ZtxaA5UoEOBp23CMkB\/vP5ul2uJharTqU\/BfvvV3HB\/zu9o43hkbooUEyMuBJn0+O6orVhwG1QVKM6xj5TM6ZcijU2+3rS+x7vNJUt\/bTHh7sHDviQIDAQABo4ICZzCCAmMwDgYDVR0PAQH\/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRLbCV+QerkMWgquQ7dzQvZqcefiTAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBvBggrBgEFBQcBAQRjMGEwLgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLmludC14My5sZXRzZW5jcnlwdC5vcmcwLwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5jcnlwdC5vcmcvMB0GA1UdEQQWMBSCEmphcmphci5tZWdhbmVyZC5ubDBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB3AF6nc\/nfVsDntTZIfdBJ4DJ6kZoMhKESEoQYdZaBcUVYAAABc0\/ws2wAAAQDAEgwRgIhAMWgM8fCSKocSMS6vNmRTIKDzMWXKgtHRh\/4TftRR0QHAiEA3JSerrntM9u7waurWrvwybuL6dB9RsJnzjR8MMY9tuIAdQAHt1wb5X1o\/\/Gwxh0jFce65ld8V5S3au68YToaadOiHAAAAXNP8LOOAAAEAwBGMEQCIG6J2T+qpPVVFxjS27cFglwKmn3u\/zi2QCL4kFgVvwefAiAZm3eKKyeMogTwUuYzbx+RsfIEqA9nNOdkRRv\/z1FxuzANBgkqhkiG9w0BAQsFAAOCAQEAcAija84yR1ADOoiyrdQFCgxJZB2BUUNBtRgi8ZPFZIdUaVPomyGL3oK59c6IO+gMw6xbSeGsLaVjettLRMJ2uMl6JZkgjV1Bhp3NdPQKieFpoaEiEBUAwqL8TSBKdJ\/mAMQLAKadqZ1hZKcVTPtXVdd5Q28iLasE\/NjtopLZOa1XOJt0sUbRAHa2FOZzb42ureqnIdzzYgm+hY18KJUkfrSxCg2dd4MTgQuYu+ZhUpaMB2rAm94XcTgVTGO5ADi5NM0oEFFNdNKrAyCom1jWC2m8LyYfCzUJEAYCAUd1WL438vW1Z0FQZK5dAca9qTf6FxrRdYRYrY7oGND3IwvyWwAEljCCBJIwggN6oAMCAQICEAoBQUIAAAFThXNqC4XspwgwDQYJKoZIhvcNAQELBQAwPzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQDEw5EU1QgUm9vdCBDQSBYMzAeFw0xNjAzMTcxNjQwNDZaFw0yMTAzMTcxNjQwNDZaMEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQDExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJzTDPBa5S5Ht3JdN4OzaGMw6tc1Jhkl4b2+NfFwki+3uEtBBaupnjUIWOyxKsRohwuj43Xk5vOnYnG6eYFgH9eRmp\/z0HhncchpDpWRz\/7mmelgPEjMfspNdxIknUcbWuu57B43ABycrHunBerOSuu9QeU2mLnL\/W08lmjfIypCkAyGdGfIf6WauFJhFBM\/ZemCh8vb+g5W9oaJ84U\/l4avsNwa72sNlRZ9xCugZbKZBDZ1gGusSvMbkEl4L6KWTyogJSkExnTA0DHNjzE4lRa6qDO4Q\/GxH8Mwf6J5MRM9LTb44\/zyM2q5OTHFr8SNDR1kFjOq+oQpttQLwNh9w5MCAwEAAaOCAX0wggF5MBIGA1UdEwEB\/wQIMAYBAf8CAQAwDgYDVR0="}
00968{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":470,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739400702,"flow_last_seen":946739400727,"flow_idle_time":7580000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2048,"flow_tot_l4_payload_len":2336,"flow_avg_l4_payload_len":1168,"midstream":1,"thread_ts_msec":946739400727,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35714,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"2464432ec440b95b36263230c3148d11","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00972{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":470,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739400702,"flow_last_seen":946739400727,"flow_idle_time":7580000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2048,"flow_tot_l4_payload_len":2336,"midstream":1,"thread_ts_msec":946739400727,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35714,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"2464432ec440b95b36263230c3148d11","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":471,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":946739400727,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1535,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1535,"pkt_l4_len":1501,"thread_ts_msec":946739400727,"pkt":"ZmZmZmZmRERERERECABFAAXxuN9AADcGAVfR+vEZCgAAAQG7i4LAB6xFUka0c1AYAfWJtAAADwEB\/wQEAwIBhjB\/BggrBgEFBQcBAQRzMHEwMgYIKwYBBQUHMAGGJmh0dHA6Ly9pc3JnLnRydXN0aWQub2NzcC5pZGVudHJ1c3QuY29tMDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx+tvhS5B1\/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA\/BgsrBgEEAYLfEwEBATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQub3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9EU1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFKhKamMEfd265tE5t6ZFZe\/zqOyhMA0GCSqGSIb3DQEBCwUAA4IBAQDdM9cR82NYON0YFfsJVb52VrlwSKVpRyd7wiQIkvFaH0oSKTckdFEcYmi4zZVwZ+X3pLxOKFHNm+iuh53q2LpaoQGa3PDdah1q2D5XI56mHgRimv\/XBcq3Hz\/ACki8lLC2ZWLgwVTloyqtIMTp5rvcyPa1wzKjmMx3qOZ5ZQcryyj+OhZSgc5SDC5fg+jVBjP7d2zOQOoynh+SXEHBdGxbXQpfM8xNn6w48C97LGKd2aORbyUbL5CxGUY99n4bpnqHuaN6bRj6JaWRhxXg8hYvWLAGLyxoJsZLmM3anwz5f5DtQ0oSRE5vc3oo6qSqbntMfYfd4MkCRKeHr8M0W7RCFgMDAhcWAAITAQACDzCCAgsKAQCgggIEMIICAAYJKwYBBQUHMAEBBIIB8TCCAe0wgdahTDBKMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3MgRW5jcnlwdDEjMCEGA1UEAxMaTGV0J3MgRW5jcnlwdCBBdXRob3JpdHkgWDMYDzIwMjAwOTA0MDA0OTAwWjB1MHMwSzAJBgUrDgMCGgUABBR+5mrncpqz\/PiiIGRsFqEtYHEIXQQUqEpqYwR93brm0Tm3pkVl7\/Oo7KECEgMMokdOfCPCyeubYMusjXM0tYAAGA8yMDIwMDkwNDAwMDAwMFqgERgPMjAyMDA5MTEwMDAwMDBaMA0GCSqGSIb3DQEBCwUAA4IBAQAoMB1ePZKC8NpTy2434kCI6h8NAXGSDejnRZYFr2QSx+TpoZipUWbMWCq8UzrMIxKC8UJACJQc6RIM+Xgz0ZRbGx25OD3V4vLxsczn\/nEIsXCHGvGoEBJqPqesQfpmU9r+oB2CbUgxGaJxDFqnidG6tH5KNxFVbrX2lPzXeDzKwLN1eUiZU\/lMuAOJwkK8zmwVXP5H7g6aco+MiZp06K8b\/Da3w0YGUY9fjEablMtV5ViuxARhZw1pWYWZo\/jGfvICDNvPKmx8V1X1Z4R8rNjm8UiPRR8P0NarasVvNtWs+6fXGpl\/hFMZzj6z4oAVh0vYNXKYxmaDs8l6pH8OOZ\/cFgMDASwMAAEoAwAdIBuLZjnTB3Kjce7+mNxfaBiRgPo4iNkyTjzm6+fh98MBCAQBAAD35z4OurpaleuYyQXrRwgunZx5itw99f\/qns7fqVRPpCakkPBqYtIkrAQds7t3x9gcyB3pN\/ek7QU4lXsRRnsrWpFsVpkkgouj8noQcYPmvp55cuzOEjLxYK5KOB1bU10ZmdANW3hMqgjTathZk6jfjNOD8MgF15uckgPUXOITOpG7UYd\/YtxRx7xgMGY0jlH\/+xeUF+NSAiy6s9oSi0oU\/QlatPOidPhVmRC84vWQNkgJhZubcKWseKLjiRRL9zUmMJ2fjig0R0EKUVh0pAUSNWsA0m3x1YIPV6kX\/fzGNkCBx4kijVkxENgEgAD9si+WguAjMtSH5qQYN0CMxwsWAwMABA4AAAA="}
01301{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":471,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":946739400702,"flow_last_seen":946739400727,"flow_idle_time":7580000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2048,"flow_tot_l4_payload_len":3817,"flow_avg_l4_payload_len":1272,"midstream":1,"thread_ts_msec":946739400727,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35714,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","server_names":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"2464432ec440b95b36263230c3148d11","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=jarjar.meganerd.nl","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"17:C9:8C:F5:DD:1F:0E:0F:DC:C5:42:4F:ED:C4:CD:57:5A:5D:7A:4F"}}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":486,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739401864,"flow_last_seen":946739401864,"flow_idle_time":7580000,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":292,"midstream":1,"thread_ts_msec":946739401864,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"95.216.229.153","src_port":43888,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
01305{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":471,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":946739400702,"flow_last_seen":946739400727,"flow_idle_time":7580000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2048,"flow_tot_l4_payload_len":3817,"midstream":1,"thread_ts_msec":946739400727,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35714,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","server_names":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"2464432ec440b95b36263230c3148d11","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=jarjar.meganerd.nl","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"17:C9:8C:F5:DD:1F:0E:0F:DC:C5:42:4F:ED:C4:CD:57:5A:5D:7A:4F"}}
00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":486,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739401864,"flow_last_seen":946739401864,"flow_idle_time":7580000,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":292,"midstream":1,"thread_ts_msec":946739401864,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"95.216.229.153","src_port":43888,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00855{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":486,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":946739401864,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":346,"pkt_l4_len":312,"thread_ts_msec":946739401864,"pkt":"REREREREZmZmZmZmCABFAAFMN1VAAH4GvigKAAABX9jlmatwAbtGU6iimu8Jz1AYAfYHbQAAFgMBAR8BAAEbAwOH23fm3DrJaQXLovxzyYyk5R\/PesPVPPqPMsnNPw9NhCA+BKUjIeM9NnmcNXI7jO56RaAWoMnCcXIJRfPvBK89HQAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACsAAAAGwAZAAAWZmkuZG9oLmRucy5zbm9weXRhLm9yZwAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACAgB93oNekrupxQPrzRHifFos9GGTUaOGYLuLqXCSqLFg=="}
00915{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":486,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739401864,"flow_last_seen":946739401864,"flow_idle_time":7580000,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":292,"midstream":1,"thread_ts_msec":946739401864,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"95.216.229.153","src_port":43888,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fi.doh.dns.snopyta.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00920{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":486,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739401864,"flow_last_seen":946739401864,"flow_idle_time":7580000,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":292,"midstream":1,"thread_ts_msec":946739401864,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"95.216.229.153","src_port":43888,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fi.doh.dns.snopyta.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04384{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":487,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":946739401922,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"thread_ts_msec":946739401922,"pkt":"ZmZmZmZmRERERERECABFAAuALHhAADcGBdJf2OWZCgAAAQG7q3Ca7wnPRlOpxlAQAfURoQAAFgMDAHoCAAB2AwPibR+Wkzsx56DJDm5Eu1YLQR+8sKrid6w\/L4hLlzFi7CA+BKUjIeM9NnmcNXI7jO56RaAWoMnCcXIJRfPvBK89HRMCAAAuACsAAgMEADMAJAAdACBuK8qBa63Irnemz8DqNJ321mRXUwu2HpEN9mUutJb4PxQDAwABARcDAwAkUOaHYP5iZ2NNWAzfU4nuMAsSlIi3Xu6evUH+ePghzyW3lf1oFwMDDTdyOxvGAqdaXqn7mk56YQOkftztBpxUe9++1VUjQL0UTPE4dDghDlADUJrVIMNoajw7OVNVUJlwwZLv4SY0Vx3I7ELfEhgQAcbo8KTKAm9O2ms4MsOpGyCQp3Ck5bHL2bE4iiWi1kZ3XUOEqkWhVOIsnrRavV3YbdvOPn4o+EZD19BNo16d7FYA9cwlYFl0b+UOCHVkbAV5Ro0aksFmIDr9nN\/SKS5iC8KA1HQko\/XCtoZt\/uj26L8Jnm5j0xvi5PCt7eYN7FAf9foi+urRIknTbj0qt5H6t5n2fn2SPs3+74zq4arLW6Grk5JVfjN+EFn6r2Kqt2DBASpVLNRJlEJ\/bKKlz+O8J7CBDjbsuIjIaIhIezaNNWlBddC5u8MicCjaXDfeK0Y4HdjfUV3F5+ceyWCg99LhDO6xG0CeQL6QAIRHV0AxoEVRoc\/2vMJczsdaR6IckxN7UiFIufmha90IusH6BRII8ooR6OU8Y+2rZzYh5iUJTMhKuwIGbOPxF0ajku7y5uTYXkibFy\/3YRErBGtPfTP8lfcsC0F+hSBQLoIlrMlmFjzaT8UDL1Fvuj09G9ZfRK\/xhCkh\/7LpCMAmZL6FGK8dmeyLYWLMckLWasSF4SpcTPWxHh7bEgM8pdQOrhyOwV2+YyGE03XoHny98Ri5sKrhPxH0mGzGNnfYcuH6skZHVwAgYnBYfjM2lceI\/e8LUGXM+\/wIkpWQtiAxj5n9jqC6nREJd3P5hFhhc0S7dmq+lc8Ma343e0W1q85dFAt5euDl0kwrHQBD26Gn0UFzkp+rMUWqJmbE4SEGibShhwSALXJQIigpcGwGc5IATb5iv3WP28Ditv7SIopWvMI9EzLxDQqdqFyPqSJV1GQA4imlHzXCdMmJY\/F6D02T5M85XegGn9Uw4gKTdpJtNdQMeDpMCJmwPpp3X9pZUOt1oTofSb+42UBMYdGAmqh\/lucphpoooHZAFYzgka8EA3+5grzvvRKo1W30cuUHEkcEYum5QQBIn5p1pvfjSQasw1NoCcIklAiODFbTUw\/XBBzGVXrXLo+F9mr5HZJoE6PhrzpGbM+TbC9rdnXfxtb3I6K\/1AuBezoFfnGsw9Dx8ypoJ2UB3C5fLrpS2ieFOMX42\/Dh6ibKZmCZ2IU\/pKi9Kpxz6Ld6HAwuoH4Me9ywi7Ln36mC5YB9\/TIfNIYZgMETrU\/MCg2bIGnZ8vBftq4oKoZH5CfsoxNFs2PFEG\/5CVigap\/tCrH2NE2mXjfyEkFGiVnnGzcQq0blObS7iaq5g9ULTtsStUYEWVhOXk\/yHu5D3\/u6I0Omh\/4izYUAvc\/ASGJ3mfA9dMkNtOEG3hZYmo5CA9GnSRpy2RNoU8Pnf1XinGwNO1Gx8Pk+Rv6O6rF61GXd3j8LIla3tC+sE1vn8o1HuVrg0vtx6svaMmP8iNm4OXIuTyI0c3BbAjgOOu1kSB8ysQJy2HfJ8f+33ewV4FsqQND6r5bZILZFNT6hlGwEaOaKRgd8Dnd4N9fsicUPP3uwhfe3QdvqzyV7OOrXV1IVMp9zwSZ0pMfc8VWLEkiJAKnWpdefyOUExkz5+iOPBxgjTOCDXI2cxb6a85tRWFrVYfRjxQzYvDOiZkMdWovVcpGmC70Cf9f8rBw+ttYEmVtXQq6aUTGji6XfZ4PQSD6aFRmGvyCQ+CTuysuZPRTT+5cBQgpxWr3YBN+426lIaYsxvZASckGkJyHw7wpODlcoQhARdIU2IKEFRJvw6DT5X9zlpEEie0WCTVJ\/dO+1+JbTJMju5fx4Qacw2bdHAKBR6bgpX06u1h2Q89XiuB5q4CfjBycr3kVeONIM0plxcqhvNckbcicJV\/JrJUajfW3F3ZFA8QjvfJykVgp6OKAIPXZNUHoSa3jNomftQSYqyBfMezehknXHShl6ZuQM+Lvb\/uVlinF17iXo2SvKnezJm3fj5cHaM4wuZjkDVCLAE\/Nyn58e9ksRwhD\/gK97rjgBNP1ml+iaYZj1YbBsIP0G755OxhWhcssAbTkI8hBniALaUqQLLPs72nFgtfIXuPTAuoXoMJT42ulwoxGs43\/GTmjksUYpRygFZP5B0dC11WQeR8PhWFcDRYGLV7beAlYwch7ld5nUdJC5mrDnIj419\/n346cz6AR7+0Rr1O5IOtvdQctvdWRZfPDcKiKYfWWWQsFX4uwaKZ7iAJIc3Lf2Hi65\/5WG2H6DXV2pbdFmOOEMbCE9vzIalbNO5yuH17ffgvNYeseN8QYcMc1RjXhkpanOQhCXFt4LROEa0cWaGgGU8KVcV0lHoP38Yqy9\/r9NNO4BBtoRTZYqyQ2KiKQOeL\/DjGmqmnMdtRKO3G2+28PYYcreNlQFUQC1YZRjis96nJONLOoYWGmJ0Ajkc88jEcPUWJ+sQ1Ellx00rNPIeTKszE7eeP1Wj7159+psV+5ymtU7Wt8kdIG49kp2vIgkZ9Wr8jWgezRdBIRoNkNszLOkziHLmtjo71cfnALRZTzE3WjtfCQAqXYkE67df0jceQto9+YJvgwPL7SKReSla4kC23BVgPVvhUiIRAomTXxQfxzJl60MjaMhKYx8sdY8yirN79hBVxNOKvYgeXSM9ea5v58WsOsjoz8vxu1i6IS+wpQDUJRL5+7QRTbXkU\/IgZJ2JwIpYJc0TbCcC+KyzLGP46kWX4\/BnWI6G+lC3q+tZ9lzQmQowB2OgB76ZZzVRvbALuU+R4sPYYq0cv634FKIpwY3EtlYdlCLWfp7ZlgIV62ujlYvHhZTRnGetjI9EyQMIK7XK1fm0YXedSc3g1l5p3dkHYgG0bAtbWa59V3\/IoYFT00HruXjbYzC5+RMiqTRk0M0TGZSrhfPeJjn02Zk7jMnppUxVbahEe2he8Uscmty4roTPIhZyQUTcLmzDMG3cPUpihzyQpbl0WSI0dX58QFWhZM7xH+JJmJ8yAAlZtScWFT+AUyElBRyoWx1bFwnu5cjcTiBOKcIA77CG8sc2sMV00Vn5xS5qVm32olnJkfc6ppnqNQxjiR9wVkT49+iYCtbdmX6IKyWQeVFgUqJQ5BvdNdt7w7dJUeuhPf3VRpEO\/JuTbLlvGkK\/mwXyq24LF3XMtkm5t69hBaSeNohEZao6QmYxZ+NYvxyXtLt2f77PL2m3kxOteUzIZiuV3nkbaSTk55VWkCshKS7HYDGARWAphsf+0I+2o6\/uoYI0UX5N6tebXNoxQAq6JRpkCJZ\/PM5xuxlj\/WGjyfe87wS7vqJa3nEKMo793Ew3S5oj8lEIMcctbFE7wTV1TjUaweZw+Z3iwk0WNd4mhDiOEObjosKaAJZJCKcwHWWPj3Pv6sHr9LXFpkSQghXzPF88XInFPHMmaNePQ5+SQ27ys1WSoLOzvUvoiLb3ySSw3OKanqLRonKV7Zpi0Ytvm7fQizCZ+5Ne\/y\/c1MIzQYpj0KO81JwrZo2y2Ztgzyet8\/H8T5HbkOQKczJbxrmsEvEXSl\/OZ3PT4cobEGmH79r1jJnga64YFXN1twHKTB5tOqayNYoY8HWJExA6ECQm2d8vIM6vU7wGAu00l0do6yKY07icxt6ZdPJ5cHBwXXmOf03M\/8KffX9hGO6Tv76sw1+cR37dJRviYmME\/l8otZxWSrf"}
00957{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":487,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739401864,"flow_last_seen":946739401922,"flow_idle_time":7580000,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3196,"flow_avg_l4_payload_len":1598,"midstream":1,"thread_ts_msec":946739401922,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"95.216.229.153","src_port":43888,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"fi.doh.dns.snopyta.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00961{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":487,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739401864,"flow_last_seen":946739401922,"flow_idle_time":7580000,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3196,"midstream":1,"thread_ts_msec":946739401922,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"95.216.229.153","src_port":43888,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"fi.doh.dns.snopyta.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02088{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":488,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":946739401922,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1246,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1246,"pkt_l4_len":1212,"thread_ts_msec":946739401922,"pkt":"ZmZmZmZmRERERERECABFAATQLHpAADcGDIBf2OWZCgAAAQG7q3Ca7xUnRlOpxlAYAfU2WgAAHSeqZDGEXrFb+J1opG1dnPi4zgteeVslY9ZmFJlRTMTFOW+365tsM\/eWSLFN26wQY3yg0Y1FR+FA00qPga4\/wX0RoMfU+SI0dBiZB1tmIlqRr+vkKc2KX7jGL6yH9pbjNmGWfzy9B2zla2g4HVLW8pCqD27lbyw+DGZ\/hO2inmJfO0WMCDqHjCOm+F+BP64YRotqRni9BCcdPp\/FvRYRcX4k5KVXiCE2z69wUVsqPG1llKJj1CFH\/RsTm3g3KbtdQU0GjyNyQl2CDpurTyUPQ92fUKA\/X0cBMPJgzHC0dOP90IUWPM1DD3nsbrNmpz8lP9N79mRwF5LTOHbbfvAKtpN8hLwkt9ukwyBmXk8C+zmVLmgKdtBBeCiCgbaFL\/aA+J\/nNJ3jy0mYq5nUvVXTh2Z7\/bG7F7D15e+NHDTFMXBqoMonQB16IlIlFtAJa+1TB8nMDEieCqXSm2meI\/wkXXc32Srtv3AtM6vxPAOrV+x9rponJ6AacvE6\/cmUC4WCIDgujE5nGZYcMZSggbR9\/Kt6utpNlB5VFi1pEVrNaFZHw7aT6\/CtVG+zVSwvyQk0KhE6erbsuDtzZMxLvCtcsV6pPfC\/PRbO03YGJv8DK8LahvowpjPqbaymGAnYP9bBjmcj8Zybby5MtwMog5KW7YAI9rBYlENeM2Dy3vHARJIR5GB+j33qs5hvPkWTV3o9HKuDltN6e\/7cTcTid6DRvXmO1ZA7RcWnp1v9dX0nqCg+iwrqPJuk36pRQQSp3pYE1EAHLCzt3501t+KApLCxYzEbirRWptNyoeeEE5uOfBxYTM2WMleevobNDlfBM03M0aFglzGS3lCRV0yNWw\/ZBGahRO+XjHuBA+QxkBjzNIYvhBcDAwIZaqpl7KO\/aoS\/xaq63oePn\/l4wkgopi1lsaFYbJflvn5lJQcRSZHGqRIptAjGXWny5qRxC7sgGucrDoA5XZJpJ5rL1sQGrNBBnHYCcdhfkRgu0iYOklGG9xE+slZId49jcsAtWEU2I\/eEF\/gzGmcDoIKW9\/IU0pMNXTdWiWofVVPUZs\/Lb\/bN8htmbbfjLuBzEKhZpgveVlZPj5VXAuHEhXXk0ROaGAVglMZsxHsbdDUcKPQjQ9mHgMzqt\/SN4SKDhA1+9LRLSL4g\/ZmJxnsYsJZiPRXZLdaU9Cy+A4CQPYNfuO+XNekAtQHOOCFWcDjdfU7K6gPp+jdG+6zR71EFMeiGo9di5FuI+fsXGMjNiflcFg3\/oiEiQj+c+SXhXmg5cUUmZisM56tSTYoDbqV2I0clprpOcfYkTtT92I6EUzloL7npuW1zLxMXE7nwW5JzyWrlx3xaz6AAfotCwxm5ob\/ht48eMSnaGsDmVMmIKcAeXj9r\/Qgfm5ydj17A\/wWCVm\/7gADpBdFs4VTLiVB4jIonZRHnx0E40hyOWZIsEIEnMxJxrW8PkRcFDV5sXdcHtfh7iWchE466qSDTtK21gAz66LAGzIzDSi4jTfEAt1SbNYQ4BmQyjL19w9SMP8BzTvwsIFe6hnwpATT+7somRA\/Z26b4QEU5K1DZ7oOX\/WGJvzzyrIbd4MSiv77t6sgdhQ=="}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":503,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739402059,"flow_last_seen":946739402059,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739402059,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.54","src_port":57058,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":503,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739402059,"flow_last_seen":946739402059,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739402059,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.54","src_port":57058,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00844{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":503,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":946739402059,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"thread_ts_msec":946739402059,"pkt":"REREREREZmZmZmZmCABFAAFFMVtAAH4GEoIKAAABLuPINt7iAbvHEJB+u++XVVAYAfa5DQAAFgMBARgBAAEUAwMZSog080zqV7Jj5Dvb3ndcTDVXiuYN2\/F4nl5oM8685CAD8\/DpQOi68rj3Dpf6v96RxtLLH4tYGgdf5WLODM4bbQAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAClAAAAFAASAAAPcmRucy5mYWVsaXgubmV0AAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIJ7aJCDYGU5kBdEWwbRqPCTJbp2+gk2aiKbS3L7SQcx7"}
00907{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":503,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739402059,"flow_last_seen":946739402059,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739402059,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.54","src_port":57058,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"rdns.faelix.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00912{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":503,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739402059,"flow_last_seen":946739402059,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739402059,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.54","src_port":57058,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"rdns.faelix.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04403{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":504,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":946739402097,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"thread_ts_msec":946739402097,"pkt":"ZmZmZmZmRERERERECABFAAuAZpBAADcGGhIu48g2CgAAAQG73uK775dVxxCRm1AQAfXDSAAAFgMDAHoCAAB2AwMvYFLfcaEHo3aJMGXc3Nj5JHcSpejvVC+OlDWKY+lERSAD8\/DpQOi68rj3Dpf6v96RxtLLH4tYGgdf5WLODM4bbRMCAAAuACsAAgMEADMAJAAdACCh186lBtHTNByoJBA0po27dnFNUREe5HIPKtcxu6S2dhQDAwABARcDAwAg9o2cPZarHTdrUnIxRn1VCbJHnvCJutGQQOHJwtgi\/RAXAwMOr0yaSOXTVxNy1MdOCL2l0VNtPnwh1Pur1Peod0tJjP9bgm\/AXbCeom1NL8K2T1J0dOI2RGuShy8YsyfJSw5Wmm071ESTozks9\/pWNhc8EY3OZk6mCQg3Q3y0vd4NtUzxexbQ\/ljBYll7ps6UiVrepG46JDr3EaPIsRJxAZ8gk2GaeDNtt7RJ53LkT05zfjvHMA6aBmH7t2BOZWkMQkrXRLmYtnSacXrlIzcJzUpGVRU0MO5jJX8g6q6PFhL59lDZu8Wsxk4Ijhyg4K8UnAjzRt0sqrXp6a0SqTxPZDzAPdhdwet3y+1QvN+aCu84nNSfCfN63IrHLSK6g6E3lem15SKv2YkiXF084ouwYBCBJXJ0DejPRccdH+Bp7CthOdZD9VLsoaB6QmK0BYE+B3JLwPXFYwO17RILfiGHekeCLv1KycofjSKkrY8yMabLa35ij5iLlwpIadsWJnwxXtZhNE88TO3LP+8rk3SThdBjlwIn02grC3P5DVdRHQUuYvIj+XumPYY4OniV3MWQD5oVffgmBaE\/MiLcfXRUvAgscquxip1c\/\/iyBNFRLF3RUPwBL5NcLPUAOiX8VC6qW6UmkIisNPyl59sHHQPhjQtTaV3HdBxVSxa+lXvafEDpCFPhfq7Z8DomnjFz314Mo2YICe+ZZ\/VP\/fu7\/DCzGaGMJt\/y8fB\/6C7VSPpretnL2mHkpzqNNsRNJHmpTbExTf\/W0z7d7eRfUyi4HRoWhN1u+9quMVSyao8SZFSb9c6pJV2Cpd+PDnrbNELHRV\/F65mKZXLF2SBEFyPK6XtRb+DOfMx0N6eOXr93S\/6+HvwSpArnHXm2qs+EDh7L5OyLbYX7hk\/pTg3eyPRsiU+T1VKMmTm3HYiEMmPROOISeM2PorfGczBqiAbHiPnaSSCDWzXHHee3yjPZXq9NGQADWivkdXNHAGorqs10ePRotp6azTgDg+3xjhiyUN8\/5\/JSc3Kyd9\/Y7eBwt2u3jJ0Ir1dMpZrh8Xytn\/oFEDmMRBapOHclfLOBBRZGJk+RA7J4ax9KIam6HVgRqufRZ7dV+VdgeVMjYSy4DQHs6oQV1dnsfERFBqYVQdJ93jWD1Gsdc8Pxx1qQ6tb7lnC4UqWJg2j4TF\/4asugxqLUp8iztI1CeTH4Reu1S6K\/rL+\/r1FEIu\/3a\/Pc+80qIi1Y87Z88cA68V6AnrKI\/jRFdeUnKaulroYDyincGpznQ32nbV7\/a8ufW3HqHzuY8Srdsdzg7OWNNr818v6m39ySIusJPgs5uFC9xvx8R+dIpVEYzkh3Q2eeeMG9\/8K2vIPpbbOtWSl8S5FN+69DYbQxN3KXTRYnKAcgBhodqiyj+6scHhaFARQYGoblFVqgXvJu7mshFdDHwBCaC5uowdNEKy4yrw5ottXf3H2NCsu9qcfXXi\/z\/OosB\/qYdcOqltwSq\/80V+8Ge38CLLZRSG\/4XrYzdhVDiFWoHxmaBU5QDEtQZH3S5OWqN1YkEB+FuSwADN6wY1gWAHclaDt280QNrqehBd4CwSsxy7G0qCDy36MMZMs7kf2Vj2TgH2Ktlytg+thkxDKtjS\/3aeMtSmm43ddFCAwkHZueXWUvoZnXP444s3zmu+73i2ZuHERFPrHSjFT+Y1Mpgo0Q6tWu1ilCv3IprR0S6yOnEJ5GH5r1Gf8ZIpGpefh36oorDOpgHiyqyCCd2qxXI8dwpeWwmWx2f1fKIN+bOmeDA+2HTL5b\/h\/S8LxTnnbWVqrgwQxdpAQ1xCVDtsVFko7TfSsPQoikR1NXdGw35qIw15E77U92szex\/zyWrA\/2KGcD2M3u3eNzXjjgmkxW27iRaDVs9Dg00I8PXscfPuLziMbIIt+Qm0SfB\/SFf1ylBL4HammClVdC7YNhrs4NDTvUTrxAf\/9BLynvePRrZvNzUMjBT8JtlvsBmnasO+COXrGwGyL50S3HH+eTrpMH9LMnT\/2nWeiT7sDmyjA9eJmW05\/8DRI8uR2ignlELeQeE7ZYC8KKYreOyXVjuVJO8KRaBbSIU8dUGF\/ILBa6hey1v4zK5JU1MHXOVQdX1RkKit5IUXefBWJ4R0BtjoPPFwKYAfyrsAKBcQzvKsyota24c0cDVjMzge24BKry1Tqr123sw9sTncyGrJzrjJCAkeCEkQo\/KqOKmxNrr6CtJmmIByoS+EjVKjVpJBluAdt5s3qw9VBr\/A44f7M4XZ82OLHYLOdXuuY4Rgtek4oFOa\/eUNUqECm7Y6b272wQZRBWvplBYlD2RWyR8BI01QWkzD2WfZpeGCzTSL5ABcGznl3CTw+DF6WcoeJd6SbUQUUEPVBF4u3zdh9b1Jl9zNuwWauO57o6a9eFR5unb1g++tHtZoIerFI1gyMEkvujqSt\/jK8uIRkRYOGlslTd\/3gwipdTVXxsLWi2fDz9+hxgVNOGQx8\/XNWyG1F\/L1mjtzU1UBNgZmslQP0EHO4J0uMMhguKNrTksx3df79c\/0PdkBKYtPr+8Ipj\/SC3QYRzf0s53zKfkSiObQ\/sOVJpwMvMhEUZunN4GQG+WMzs5eDRzdpQVJe47jiYijmkgXFbUCq004yxOCosLJYnsGKuZDQyE0z4teBgJH8ZC2mVlhO8lAz8gPU5mm5pEBH0gFKqsINKjcIbhVPUHYBlhBeR1erIfe5hsNdbM\/YCyGrep30hH+qZ\/IBF\/s3j2eRJAN56DPG7eQXCsiZSBsk9PTgJ38fSGAbaH0pLxsq2c1CaH7DzSlA01ud99lTK4rI7nRSGX9tAnrwTrORIzDrntkMH1VggJmMFY3EGxAMzh1CUd24C\/NVxnQ9P5qmX0Sgg6uSgxO2c7COAq2edHC\/ucd7dmb9rLGiOGU7YGRxfXuPTU+xfVNmV8wvcxQY9WY3QcHJbT2Vz2Hldj+q9L+347LUl4d5nRCyZOpijGWSFFM5lFqup\/GoObWXXvMsTO9NawTXovnf4MnjeZczPg2FrW3tlX0uBW7P24cE4VNHjvnvHknCsLft2dOFPhwAUA7qVOuJixr0stgCN8eCmK\/n1WzppsTm55hMBmYIkE9rYwxrxXiN39LFT+j0SlpiMqf5n1b7aJjSjiQjm1\/T42XF5prhRwaxJyOBzS5a2w2BxZDhOvMuBRY6ZtDe+ptzu07\/eUIO\/cQq36LXuMCRYTHNEIXnWWtA0vjAcmq+EwSCLEygFwVxoPgN5h2qTp7SdJVushbBgsziLiKFyhenEAkjP4tYMg82sWXtGvK2T4GbMrKF+OJsVll7gTGHENl+vuBtGryghKs2kRZov918dT+VWdywju+ew9zl+S0NiyZlvWu+CmHSGFpvtCqWMXNaXEERtmXJVFofSJ7ykCfNo49lq+tJOi\/mrPExexfpWVgisqVMvGukP+ZkhcE5Ck47mFMZqfJTRL364HqGaNbc7EKIab24NToEVrdLyvx+sQZXNXCyXhOVxnIWFgUdF0PMAFDvMwWrgJTufvZcx1q\/rK6GjKie1KAVcLQPkAeyb2aBh0GehIKRHB5OLWsjRXWSnC7RfnFW6K8cokr6NiSGrPTHJtZfW+014hI265qPA0R6qLZ3SkGPsU2l+ULOh8f4TsNZmRbk\/UzcCp9zJB2\/sAwMANTEmXxPw2yMWVIdXVMdzqrOV"}
00949{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":504,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739402059,"flow_last_seen":946739402097,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3189,"flow_avg_l4_payload_len":1594,"midstream":1,"thread_ts_msec":946739402097,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.54","src_port":57058,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"rdns.faelix.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00953{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":504,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739402059,"flow_last_seen":946739402097,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3189,"midstream":1,"thread_ts_msec":946739402097,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.54","src_port":57058,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"rdns.faelix.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02345{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":505,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_last_seen":946739402097,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1444,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1444,"pkt_l4_len":1410,"thread_ts_msec":946739402097,"pkt":"ZmZmZmZmRERERERECABFAAWWZpJAADcGH\/ou48g2CgAAAQG73uK776KtxxCRm1AYAfUU3AAACNSc59sPW4OZKm6qSD7jsBvdulSTgK8LagzUdpT43FqU1TjbgFd6vr1YcfE0NFplErjVqY14Uy0e6vIiPxevgsH6OdIHZm6pvnG3NGQZr+Eawc3lwPRCg\/OYwfYOVATUQ+D48eMINi076ymhr9WarR1T\/muiarwvLXYV6Uhar7rOYnX1fnOldHU7V9Vf3n22jVlaRu9FvfUlIGCuR9DlhblioT6Pi7Xq+9B1pOrzTS3d2OyN7sMIE6PuhUF9VrXN4uLhsAemVKcWU2V+BGjWtfszG7hr7paN5M0A6WlSiJP5ugBdx739u3B3W1+KfLwVvbAx3Uf4RJvYnlmACvSx012Jhzer\/yuM4tk3QVpBdK\/jPEaTPWBaLG7GbcEgCr8Dd01cNEaknAYaE3S81foMCYQWnkCSEzXoXSN2X+GKzFZl0S1\/cEXQGO2yVQzWkPUMhh0gTbASy1MtoPkBs1VLmccZG6VMIanE\/Pd1\/AmN+44wbWDJ+AcIisgRr14kHkecxeo6qEPvRckWi1Y+MB43PdM38kIUuB4ny7fwppqpmv8DILGQ0779kEvzfVRiZrCYvFXu\/QOSUdvmxjdD6cpAlFDWsPq2Pc93te5jeGVaL0ejtHRLIxI7z\/Q501zSpx\/Cya9ypg5U1NAxSXKe10YJjCTWrmOYKmnYerWRan08XbdkvYLJUzjKsspm7dhtxg0E1f4GsSbQFVWwrs\/ZM+C5sBOiJWUOh2pogAFGGsfjjO9vzloRUIbA2Ux9PdhnCAwgsxjwIpMB0l+UdFEMsbPJQhlOxGEwe2dnsCm5A+xtqvz5mH9nbAz2uU5hDs7xBrPc+8iDApG3YcmB6tDQMRmVl4wND49H4\/Hb2EGewuCKV1\/lze0iB9RIgI9rfK\/5kPRVAptvZ2+Rek\/4ghlbEG+l+OpOmeFXbOF8BuB9O0sPArzn0gERY+1PqlX8USIY4KAapC8vGnRNqePUVgog6kgSCom8jkuyrzOHCdEM1CnPySLw7a\/tPZxODv2GVX+BkBTvdcEhFOjQ1TZSMjExVd8xloEm8\/FJ6+H0jkz8IvfKaJAX48951TiRuA57Va3CSiHx+djtV0dMa0UJnQcAEaubJWYUsRu7sYXVg8tQm7wgM9eerw0ql07SNc\/dHQUxeGfY6HDVaN4jlbWxp48tTf5vFa+VilGPTo45486GBOKU+5wyUckgVnRpF60eC3RcISu3IMve+0In4k9R88DIjvwS1SST04NZPv7f41CsbwoBIpKZKJAFU+NplzdS0BOyBcGgjEAzzOtpFJ7jXjBK8x1DEPVeN6HSSbNaiOV7VevW0oBjFRBvVLEmxy48HjBSY3QWjS+yqFN8Qy4bledb1fb4GI3oWPT+BRcDAwEZfpmEI\/d7cy4YyqdnKDwIn\/k3qXWNAj2sXjRKguMhqhlkOdUvzFkzzM0xeuvfwnq6QSn3NpKskeWNBR8K+ECaE3mhCxghdnhLIum9rgOMvkgnfyBTDAfYKNN\/d62vQY6u4rbxXpDQk04FVnBPxSfPHXuC+oF8kMOU1++DK+ZoETlcuLrk2BRjjMQpK7pf+k1VI6pVnOclLhCXYHQjMUHZufh3HVG3mM7BF+lzB0K07EInEh+Ccp7LdqMGfKnUNXPWyokhcE9BzZJT2yWb8DylKWRWvZNetxzugclU9IhwHPPfcLEVBg0Fudoqm9ZGps0h7H+c6XIpsbql70txNRPE+wXofhHvkqNoGKLp9YrmmnKta0xlevWHOwMXAwMARTi1\/bQ1JQowGKIWBX\/iwQMAp\/a2d7gVFXnQQSu7gEMDkgFlDNq8l9T+VqanQcvXHm8wx\/TYqk2+tBPvp+6SO7GVVfwN5A=="}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":539,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739603327,"flow_last_seen":946739603327,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739603327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51846,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":539,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739603327,"flow_last_seen":946739603327,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739603327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51846,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00847{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":539,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":946739603327,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"thread_ts_msec":946739603327,"pkt":"REREREREZmZmZmZmCABFAAFFXkZAAKYGop0KAAABCQkJCsqGAbs6mTvywXrNXlAYAfbUBgAAFgMBARgBAAEUAwPEiPyvZDyiU8chFqn7v3nOV\/W\/daCFgBrWvLyeLgdOBSBmgVOewdr23+YbXlV2oJqCio3+iP7mE\/SqSoHvhanHngAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAClAAAAFAASAAAPZG5zMTAucXVhZDkubmV0AAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIELSbbeQ+1Z\/PGkzWYpOrrGvdC\/XSIyiiMDimHGqOwN9"}
00902{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":539,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739603327,"flow_last_seen":946739603327,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739603327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51846,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns10.quad9.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00907{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":539,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739603327,"flow_last_seen":946739603327,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739603327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51846,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns10.quad9.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":540,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":946739603346,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":3068,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3068,"pkt_l4_len":3034,"thread_ts_msec":946739603346,"pkt":"ZmZmZmZmRERERERECABFAAvuVbVAADsGC4YJCQkKCgAAAQG7yobBes1eOpk9D1AYAHferwAAFgMDAHoCAAB2AwPPxPF58rRx8NlAStddGtWmBxk0TsgFRMyjmLE2UJLzOSBmgVOewdr23+YbXlV2oJqCio3+iP7mE\/SqSoHvhanHnhMCAAAuACsAAgMEADMAJAAdACAXimL6oC2BgKKkKv2GFQZ0YvKv9UBLIqQLjYesKsDOXxQDAwABARcDAwAgsv\/aMwoaVLJwBsdUrBspRDIe6WOUfDjyPvz9+wtEYK8XAwMKaJbt\/ye5NqlSM6\/tOfe9bC5ygGHuvTHGsEkug50mliwDXC+zbimuaXpevBCVc6v4emlocpuYSolXpHjPLZ5mH\/n\/Wwg\/zT8DKTys1phOBjndqMIJ26DAd1BULzfsS4\/LPzxUrBzIWvX6A2LKLmwvvolWTixlKxXTGAwoKmNpvOmmolp5p0KnP+05uqYpZwQr1eiVG4Jbxo4RKPp2m5qudj526IfaIUxv6TymwnkyKidb8KJ7fECEEmqDTEJYi3AMqq0F6jVWm4S\/Cw3xWxFHQLXfbhWl\/xQNbH7sQr1+VP1aT1KVnkPOnmrjsvXKtU37nhtNVagiwB4tTsa0XjgxO6nNrduMisjiP1kYOcjiQ52IvQ8yUcLxoVZvs66brT2XF4X+BUOjv0f2D+iKuSPPaodKDokIKfB3EFHwrxtXROObndCkt2l8uoO\/YFwn4AVaivPS7QA9y1ZB5oLifA+q5b\/fsbKJUohIzT23SgYvI1FZi9km+tWoalj+0eMzm2XcwysPa97vGSKpeXtbzhnBE6t0DL+SCNAkdyN9iZf+SkkYuc1rpy8H6FsnB0MNHcLT\/7h9UpysD4zCa5uCyld0qhDdV3MzU7a7heBLLZvpkeoMCMY0KW7Nghl3Tf2jMPhPpMXgWhDsiEqTDOOStqJ6ji5D3nXcz67NA7onASlOfxCYNM8r0u017+zZIe1OE+PpBYW8chi30ujo48vE+6Zr1LXdzMZq7SQ9KcvNds70bZNXXOxSMjMXLVZIXnbsRiW02iiUe4S1V8qA1xoY+tL3PM\/3KBP4ZSUn0i9oU0Zm0bhbtwOS\/9R3KZPgmCI+1g7zZ+sqsIKC0g2uvkEsdNIqhrXU224qW6xxP\/j7fBBrVPw5fuLCU7p8+Yh1Cpxk4zFmUhl0XbcAlqLu7rHI4fQoDUdIgemBLeSEl1+Y\/z6KYsqD8NYrgKAvSsbZ1H\/Vdb3V1ajFVEUtmvJbvjf\/83uaxbTgecYPCPp7fDTlwk8SSHepVo8KtWsduLEs3DxEjvauvr9rL7FbVuDjSA3SeEqhFhGtSYJioWjgprG3WdpQzYP52GvnOKwXu7vjaJad3BS\/DxKTEtPTMDE4Fp6cDirnN3wrVazuNyc6gO+xpNalCZ8Rd4w5DmHczo4DwVyfZ9Fxz7k2fB4TnNz9ILT10qjnOlN\/ksy+JVVDJTTX6v+Ua3SCh6Bynhcuz7SktArn4gMoxcY2E4z4hIcGQHNkb+py02aK7EHGVgPR74HZosi0lhtUl4dpwbcfDHkQU+oVloy53x1IxuauA66S2qPneNDmRr8rKf9GU\/LJH2dezQ+WudmVZtgHXrLWtjuFmnH7eaBODVb8UwsA0Ge9wdJPfbyaGd7iLOv94vz10GXsEVy\/CXkZZhekrbvjToLvfDqaRAilCzMBHwybWhwwRUQsUh\/rPF7FXEJaXHA+eAZPWEuEetxByN3cFbJKFAiJ4IoKIRBIkGZxaTOcLn\/+XdFg3+W\/lMlmaqOUp903NihM97Rw4Bpqxex1vlYSLEh1ll9uJAf5iJVYMcmiqcaYXWfQOEXWR1wEE7wZE1+wo9+np3wP\/ty0jb3vy8+oqDWA8OdUjkdhqeUyfjZfa6t7pr4ITQpHLy0bNHsZ48wim0yu3Y7a6artue3kmQYcW2RckDOWxjAYg9ikO\/kwS062tZFHnT2VanvAd16qor00inyMS9VT8p\/085mt8kQkGSG0rip8q4xWZYbMFCfcEVkD4E5q7utpFEDkZ964uRE2Vw1PzBHn62rcmtvUqQaoGAFjFlHLMS40f9r+HKG7wRWTWQ29d16NsH+Xu0qXRhzWgjImijKWlv6KBGT1Cxynn\/KrehvF0361FyBUkJo1S1Ztxsubdf3ddeGeEr99d5oc\/xgpXMAl6ZIfUBPJjnOeC932\/TOOjMzG7PhOgunB+ggqQ5LQc0CX3c5BLlJtBtobycDsl7t\/eLrX\/bMfWq1dBy8SxYnEvGbNHrForDiuOA\/0lI3GVO62V5P1dM2BK8fdHneO0FhK969xszY4KacAP0CD5Aah0NJ2dzSGVZQtRmv\/TuFZlUQB3cFfHJYpNMU\/sn32bfB7GWJI2MhPEITiLal7HIPxgTikeJcDL13qUn7bk19T+rXcadCGiBoKDb40Dx6ogDfm4H0pA9C7OZJC0LRf01KZZRBjQs4x5ewT+p6+Og3SFrrTJ8ObJe\/TFocDQSMCBCWHQJqFicRtnWl4mmw+qTCsSoZQ\/ibkZFi+igS4TWV+31tPjazydJfOrW9xLZSgCilkMeJWYl8vH1ijLI+xCM8xxlQj5svlwHqvt+EkteECF3EKEt55AWpnRTNzzJivCSHy2gGPxW5UKKBkiSUoPFh0qyVjKN5HqDcW5MrFR2HpLqhuRbEXoannFiepiMp6aCVRMgYzvmQIyFH17\/3pokulHalnqX0gFQkjPqUPYf6B8\/o0H5LL0kahUiyL+d6BqSr8d42vsjYrpSfDaIcCW+FFGcj\/61Y6Fdihg57b1nq47mVWBJ9vcfq6xagmjwoJrNbwHaDS0XVSxL6y45zWrDfovrm0VvelVEdjwsn0FcoL6zZxDjjOt0EJP+OSVXcMeuY7uIG+KTnnHoV0vMvgMsIMiJbtYXgvda9zrqGty0FDqsOWmIdUCMf7t9LcgXTVP1POJeyDb0J4B38BTX3wUkWV7Ddf9ih9u7A\/m95uqIUbBJE2UeEbEEHif0BvcJl8E3UGeXVNiKRj7lxmplRVER7ystoW7OIAwNXC3MbNiwrjMNGlyZxeIZvGJIjHlQuApwLZsjzZzABT3\/zDbS43YjZzqyO21cEI3xf5DfWK6ZyU3Gjytb2PX5Te\/wOkKfusuGJNyYU73DNCw6\/IA2qWOmaw7\/mXzErXE2WxarQFcAU6el9VnuyWPJs57xlszen8XWYD0zQcAkiZ9pBOymEDFngWCP8+c+AEG42RtW8heXsNn6Oe2ZAWO\/0AXBzQr+rO1qlWDZzv3V7XELPKS49M71P\/6XXdYRKeCeHIn9vIc91j0OnL7GZzEPRVrpELGmw5rN7x6AqDoK3g\/LGcF47Fu59pwNqH3h40OLoshBk76izruGCqusL4Ms6YFarwUJkiUBlvhjjR7yHu721yX53PmlJXwCPueaRMxPhyJUl4AErQ3xPn5KAYXOjk3\/LnBLmSDl4f8PDkxmKUVaitsKqWvpl1TTX0fA2ZAqmTFey5ifEjBKLesy4caeyeCMEZZjMOhPX9MKfIEGous6lHCaZSQQHUSMY1BTylXmW622\/10lQS8aN1mce++r7\/TAswiTbum59NRH+1WXDpTaq5aRBgs7Pc6pr4lABNwxmieRHx0ER8V5gmxNVB9ACpzjEkp28DmYAH1\/iiBQfjkW2oblAVhUqcezWZUUEbpTbTAEj81Dzg+Fe2EsJFV2MiLhqH0ZMEkKY9oMnGyGvqY11wK7Qf4HXmtakoM3CF+wPbb9he7ffoRbYXCwbxTcDrBSEJdjOMhsSClbW03C9LGM4s6RAprMpnuw2wArtlzcr4bo701pOupS\/tdL5NkaZ2ZzsCChcDAwBgOnNpVcvc5YFZ3YuA8YRoqsuLDn4GImAnVqFIX3IzoTnZe29KOqUXQC0V61jJdr5Jnb3k3MOCdTH2u+HBBkKmYvlFb8GpDbcgObm2pFs9vNSY1WNyfnlLuFSQCBkHWe0UFwMDAEV7D2ZJm3CG6uFedmkozBwacoDrnHkQN6RCxC8K2l8lcKCSu3Q0j3XFRWsykB64fgtOqxtlPlxXpmtKrFqiyWDCeX9Q+Jw="}
00944{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":540,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739603327,"flow_last_seen":946739603346,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":3014,"flow_tot_l4_payload_len":3299,"flow_avg_l4_payload_len":1649,"midstream":1,"thread_ts_msec":946739603346,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51846,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns10.quad9.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00948{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":540,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739603327,"flow_last_seen":946739603346,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":3014,"flow_tot_l4_payload_len":3299,"midstream":1,"thread_ts_msec":946739603346,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51846,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns10.quad9.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":541,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_last_seen":946739603374,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":946739603374,"pkt":"REREREREZmZmZmZmCABFAAB4XkhAAKYGo2gKAAABCQkJCsqGAbs6mT0PwXrZJFAYAfXTOQAAFAMDAAEBFwMDAEXJf2y8xWhMhAZA2WXz9agwI9f91RKP49sWLlsKAqD2Anz18+mnUXeRrd7MefwrF\/wulkzvUzp\/PNHsE\/j94eCMWT0CzeI="}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":551,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739661512,"flow_last_seen":946739661512,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739661512,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44704,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":551,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739661512,"flow_last_seen":946739661512,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739661512,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44704,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00845{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":551,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":946739661512,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"thread_ts_msec":946739661512,"pkt":"REREREREZmZmZmZmCABFAAFFx6JAAK8GN2cKAAABuetRAa6gAbuz5lknlG0\/21AYAfbM4AAAFgMBARgBAAEUAwMfgFJ2Kafn6OC8bsQNsKFbNXsDyxgypaGgbuYoVgNdqiAeN08qEmNJsvb5yXXS9i9uE1kipCfBRoZuyc\/JvsnF3AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAClAAAAFAASAAAPZG9oLmRuc2xpZnkuY29tAAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIIH2RRfX3PNaXYMOoXj3ynNGqfHChI6\/gAXerDGvzggi"}
00906{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":551,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739661512,"flow_last_seen":946739661512,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739661512,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44704,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.dnslify.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00911{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":551,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739661512,"flow_last_seen":946739661512,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739661512,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44704,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.dnslify.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04683{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":552,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":946739661535,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":3168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3168,"pkt_l4_len":3134,"thread_ts_msec":946739661535,"pkt":"ZmZmZmZmRERERERECABFAAxS7o9AADQGgG2561EBCgAAAQG7rqCUbT\/bs+ZaRFAYA+rX7QAAFgMDAHoCAAB2AwOIv9853ekbZoNmLmgcqNPyyS1j9KmZm6LL1EB3x+W+MyAeN08qEmNJsvb5yXXS9i9uE1kipCfBRoZuyc\/JvsnF3BMCAAAuACsAAgMEADMAJAAdACD6x6OWYowjGpQ7hpL1\/XAvKAPz7Qey4KV7v02zhqXZdBQDAwABARcDAwAgyc0HM+W8H8TE3DEJWTZrLIbavzRZjtX85L8RdcWlDvUXAwMKE3Ep4ySuvwn1mgGngq567huqNt4kq0krhrI\/h93Xu5m86O9X2PLgikjAQ\/f9b0D4TlJnxV9cGU04GfVlCuVdBuDl1OIowNDzv97yB1hnS\/nmnSeVxy1F8D7\/C2lvCqf2cxAVE09ueyG1Z8bXZ2QECTYKbWaJhHhH3grXMLxM9TK7dwfYp5ry3mgBLj8Im1sBBtK1ijR5DOPlXD4i38GWBdXuEFX66BB\/RJoRwVEIncNbQelSZeCqjUb3u++TUwMNQylDBUpnEAe47WxBvCiB3j4t00aQSmqM0TAluU8dwn7tiUiJEwAYZgDG8XeCA2d8CwkyaaNUs0P3Rp5Ub77dFKLlWkM7Ox84gnAyRhVMHCmMumYMkWKlAivuj\/eXgWwWByB6smKGxdGHvMorcYTbQq9mZYmNNNkDPDaVaw5533PFvpx4ba99q1b36RpLWXBUvp3e8mh0pBow5UcR930tP8k9y3Mp\/Hul\/USMW6fOtKvrODulyByiQtZSjqe6z4\/9jz9br68\/R0pBmxYIdiwDh9sAHDejB9VSYvk7ssbBQpn+Jgwnz6Ryy+sDgPoInVRafSLVQ2XaqYm5f6C0Jwzhr6UtNZ4\/zNTcpzOWnfrCB0SA4OuUkh\/XzE\/16DFk8ZQDliBoueyPhn8cEizoLe43IQ4BRx1FGhFopJsvL2cINLJIZh8DTM\/8W7f\/ASccXTbKN3NreGL2zPJ9HkyArzmAuS0H6AWBUpZyjU0X4LPypLaoIp74s3Z6LMGrDv+Q9HPcSM3AsvYaPpVMikXZgrncjZjmSO3nKjVK7tuPHzmBxV2ASbUY9dkYy7qS1LbwD5HCaZkMJLquTC43\/zrZa9Cf+VJlQO+7\/bTkI19jV7MBsNxvCJS3vho32OcNSgskst5WCDisQYxOEJ7yIiJ4Qj131r3komITCdIi6sfPNECBD925ao9iSOw1a3NghVbKi1Ke9+osy6p4OIfl7R\/jJIRkFpjTHB9lrhuKyd3x90HahF\/Bgrc+0OPDW3df50BV25QUTv0YHg583iZZwuimhgpeeN8oRbZn4Oz1sb61wMILMVA1YkIFgELm6QWH0EjBDa5PcdPXwcXSRAXJR2\/zX8giHU9oVoqfNaIjA+SmyaolS9o0C9Gxx9xhkTFg+SAbN3Goh5osUJrTzgif84rF3v\/clkf8\/ZhPyDROa9H0yWh+TK3VY9NLRXxv12lS5FZMqutTNAtmppSaz1n5imbXVp1Da9\/rGuGJgyHbUPRjpcY\/qQ4nrdYPUt0lBpjbxywR21B5bH94VrAutoZgT1NlpA1fjy8uX6CC\/PzzpWgwoLz2\/ah06JLAEuj5ndY\/3P\/Cea86JZSQRIAOkxHfXLLrlrueGx1dvDahl9VAk02WVblMiy86oo72YX2jdNNf7IRMOaPtI08s6slCfPDpn3bANNyLKCX6T8oskMhdiK\/HIjCb1KyAdgQ2+yLvi3d+MuMeWmC07amcrbn+OTYQQNPWx6i\/o5VJfAp896EdOSd0n7JnPYzTA1M2RyiA5D2thGuZ18x5oW4andkKefpZLKocbhraKqdRDR2qHe1UOjP7ac97YdAdmgxzkuJnD41fZ8SEi5Zg3NfdmEEfpkvRjC5orTLd0fIsx5c1+XLU\/R3b4bQM96DkiRuZJ1NUlIhf9JvTA7QhsNS9Evhm+KxSrzo4fPncRHMt8lm5+VkFq5jZsS\/4aS9tmtMGO7fcr\/LpSveCPtAloCQrU+vhpaXaC4\/SCuRji5PdK182R618OsLro46yH5FqoSw3EFuupxW4KHdDcJyAmbvTP3RLz1SxCnflYoAqTczyrDRGBg9\/VwVoEVI1F90s2UJwdF3wAnZAvtsFo0aX7P\/QLLigT0+21EtehOsx99nALYpQP+Wes4pdBUuuM1hrGs4phO3GFIyYVSCdORl3bwKcDgUn6jxeA5jLALqAkUQz6oQZAw+UAmaFT7liB5ZMHspe2Nk5qb3bDaj1FmXHIWt\/85M5M02qebtth3yNCkr6Yp8QH7DkvUBEcBvugZfGdO8uohym\/eNU58r4tZ+dX\/tuHtfYu\/HTthyF6zJIA5NCwZI8ZPOa0Ik2ZVHuDdccBZzRFIr6iS6N658h5UD2w34\/Zc25OfWHIIyNU8f8\/IYCk9XVJNve0Okk42KtkEZEvU5b0G1QgC8PnK8r+XSR+vGYlx30IHhP0Drstay6UqCpdjb38zyt16Qx9KI1K78\/2x0ZLR7g9lNe5aJSm2DGdBsBLk1r5a74FD95UK8Adgld6WS3J1isO2nKe9Xs1y3yG0BHL6PVzcVJ6xLZkhyj81HERDbvsw89dCQ0RJq5YmEae+boIDnKyAnLYzUgmbMRlc1g8JOgQmr6\/NRcNQVzPj9Tmr7h+4nauDzZ0EwSB6bpnhekE6zTzsN8ksFy6WPV1V2TWaFMCxIJpm4tqxJloTCvFyT3CBtW57hPqqD33WSzMFQ4mYuH5Kgu\/JydyuTxbX33iR4YxYd7QhqiqEqf7Z40jPc99ZwAIj52PTzQ7U+ojkqP4MuUynWiVDvS\/8M2\/Vvth6PA4ClC+NG9V0jqT2CwEy0LU0ERe0qEd656+zZx\/fgC3xfIuWV0svyqgeH7U8anrlDCpp7N40O2SWqb3L3JMSf4o49g5Y7jySS1fW2+m5VjaQqCccoq+\/wn0QIhjH7Xd2oER1gcyADsjGJt5aqBudWst9NAdC7\/E6mgwXOhZmtXb1lcPmN1A3ldDXRkgXTncFzTkiGIgqqygowkLd1h\/u0K8p6hXN6SporJbwLrTenWrNDIG63gFBLm2D7U+S642eghPumVgo7B1N6elGvUpSDX3m8qB6zRisoSKoWKWO5xgUo0OWMndotDAaZPAq3bhL2Pxzdl9WOKnnP6NOK4+F4BC3OgZgYIEUhrknbM3wBtdHfsfGuj0RFj5lNw2AlFe8pNBDRkjYdmUdc0f\/vnWwnfo22NWKX1BdiVu7196lmWb3TQ4gFhlK81yNy7eFJuFbgrYZ5PUlfjIwTDgxIXshraxns8270zwqor2u3QZYQoN4I1EUcEja7lh2qdAWxfca\/zxpKtNeCFUm8zfvAy2hjwmAqVnw7n4Et+Xyf9ksFEQ4\/qzsOHpBM0zGs5xxH5dXSgC84hPug8TuHm5XeS02QK5ivwcMFrRGIBts0M6ytr6tm6t5af5Z2U58e0QlvyTSXCPiJUK3gUQUYViS\/IjXLR2ycg4306mXwXdbQ8v7MG8Jbo+42mtOwsAND+01bl1fOhl5IjO\/hKWjGNBJndlQaRfYzoY1bNcjrUVpsWniWOjJBYJ9yapHVp6DQ0QxTAp4enh41yjjXkuC9cO0IfBYAr0q3doev3F6MDmfD3QC30o0nnTuJKglBmQmNqmFF98Ioa6LYtVQSVj9fT7Jq0Jj7\/w6McuInFQUSdd3NIs7zDF4f1McMigXXd3svv1byyFwMDARmEZ3FvSkJXAws42ybGrYb\/Ga9WUTit+emudCQdO3qxSLRL9Xz90Zj\/0AIfatwlfnnVgLFc5QxTIdMvpyCnIjSAcDaEJvu6yM03S3K45PurYyNI6VNrD8T3C7JZ2oGRKr9xNDuiMdmtC9\/9YGpIp8JcXSnnpIql+dalqpwG9n50trcQI0C4J+hm1Yu6USN4wzVC+tr3gsW6PyyDAAs17vVbo+Scs5p00FZ1o\/rHfMtLfFwh8MAYWoGvtptGh9N2zS+PrJ1tBcSPIWnstLtsnAnrYxfC9FGgvCH\/DigiWfhGZwyoa504FzWxS6CzOvDPhsC522yXw\/\/MDJuJbpdH1g+oBnB701N1aymW+zBchXMoA1YOfcUScPREsxcDAwBF82UTEIbXenVn7eF73krbJp8pjxkB3FH+h3306Rr5JIHM3AbirkPdWnHupm94YxIhIDqYUbC9YcWD3w0dLlmwNJiAVT\/+"}
00948{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":552,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739661512,"flow_last_seen":946739661535,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":3114,"flow_tot_l4_payload_len":3399,"flow_avg_l4_payload_len":1699,"midstream":1,"thread_ts_msec":946739661535,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44704,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.dnslify.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00952{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":552,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739661512,"flow_last_seen":946739661535,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":3114,"flow_tot_l4_payload_len":3399,"midstream":1,"thread_ts_msec":946739661535,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44704,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.dnslify.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":553,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":946739661537,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":946739661537,"pkt":"REREREREZmZmZmZmCABFAAB4x6RAAK8GODIKAAABuetRAa6gAbuz5lpElG1MBVAYAfXMEwAAFAMDAAEBFwMDAEU4SkGRhTVOzjkja1xO2w+N\/vz+OkRmcdhLqaqpXQNb6A6SRcM4Xi9F7CyJ7zWjY541e0wZEZOfbwCMOI4VGHKGlHVB\/Ow="}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":564,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739879619,"flow_last_seen":946739879619,"flow_idle_time":7580000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739879619,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35742,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":564,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739879619,"flow_last_seen":946739879619,"flow_idle_time":7580000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739879619,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35742,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00846{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":564,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":946739879619,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":946739879619,"pkt":"REREREREZmZmZmZmCABFAAFIcKVAAGQGIToKAAAB0frxGYueAbsFpAMoj2Q4kFAYAfaFCwAAFgMBARsBAAEXAwNRmx2nSkx+6m6KcnM1jGr2d9+E6hEUWeU+Rct80JF14yBFUW7fbN2m28L3JLX9K8uSgoBCeEP2oBBIn6aFnchRZQAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACoAAAAFwAVAAASamFyamFyLm1lZ2FuZXJkLm5sAAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AILzmWxHpwarRt4Ej829OBgtUnpC5uzX3e58yGu+riJtB"}
00911{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":564,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739879619,"flow_last_seen":946739879619,"flow_idle_time":7580000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739879619,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35742,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00916{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":564,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739879619,"flow_last_seen":946739879619,"flow_idle_time":7580000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739879619,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35742,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
03223{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":565,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":946739879647,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":2102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2102,"pkt_l4_len":2068,"thread_ts_msec":946739879647,"pkt":"ZmZmZmZmRERERERECABFAAgoIhBAADcGle\/R+vEZCgAAAQG7i56PZDiQBaQESFAYAfWL6wAAFgMDAGYCAABiAwOvuIoBv9aLdY9+pRuVYLTvaIEBB5j8JJqoUP\/T+o4DJyAaq0H4FgIYS60khmCU6D9TGVas7XFToGUgExNzFU9aPcAwAAAa\/wEAAQAACwAEAwABAgAFAAAAEAAFAAMCaDIWAwMKAwsACf8ACfwABWAwggVcMIIERKADAgECAhIDDKJHTnwjwsnrm2DLrI1zNLUwDQYJKoZIhvcNAQELBQAwSjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMTGkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMB4XDTIwMDcxNDIzNDcyMVoXDTIwMTAxMjIzNDcyMVowHTEbMBkGA1UEAxMSamFyamFyLm1lZ2FuZXJkLm5sMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv9OPyuZ6JwIE6bPDfiRhbYPMkVlSRq93tijiXoOFC9OQc4eXtoMomU6kKPy5Z0NTzEB3WAHxrA4SRx6q3\/yefPeWA8HsMuYfQZpftg95obbyxbYYejVTJGcDt7bBAbyfyHwpa9VQXCZ1NM6170XCwqiTXQ5pCT67h001VbP663EnKohkf0MUwppbn6Q5xEFc+o+3D6IU\/rxkzW1SQTh0phbzb1Op8DfM63A\/ZtxaA5UoEOBp23CMkB\/vP5ul2uJharTqU\/BfvvV3HB\/zu9o43hkbooUEyMuBJn0+O6orVhwG1QVKM6xj5TM6ZcijU2+3rS+x7vNJUt\/bTHh7sHDviQIDAQABo4ICZzCCAmMwDgYDVR0PAQH\/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRLbCV+QerkMWgquQ7dzQvZqcefiTAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBvBggrBgEFBQcBAQRjMGEwLgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLmludC14My5sZXRzZW5jcnlwdC5vcmcwLwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5jcnlwdC5vcmcvMB0GA1UdEQQWMBSCEmphcmphci5tZWdhbmVyZC5ubDBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB3AF6nc\/nfVsDntTZIfdBJ4DJ6kZoMhKESEoQYdZaBcUVYAAABc0\/ws2wAAAQDAEgwRgIhAMWgM8fCSKocSMS6vNmRTIKDzMWXKgtHRh\/4TftRR0QHAiEA3JSerrntM9u7waurWrvwybuL6dB9RsJnzjR8MMY9tuIAdQAHt1wb5X1o\/\/Gwxh0jFce65ld8V5S3au68YToaadOiHAAAAXNP8LOOAAAEAwBGMEQCIG6J2T+qpPVVFxjS27cFglwKmn3u\/zi2QCL4kFgVvwefAiAZm3eKKyeMogTwUuYzbx+RsfIEqA9nNOdkRRv\/z1FxuzANBgkqhkiG9w0BAQsFAAOCAQEAcAija84yR1ADOoiyrdQFCgxJZB2BUUNBtRgi8ZPFZIdUaVPomyGL3oK59c6IO+gMw6xbSeGsLaVjettLRMJ2uMl6JZkgjV1Bhp3NdPQKieFpoaEiEBUAwqL8TSBKdJ\/mAMQLAKadqZ1hZKcVTPtXVdd5Q28iLasE\/NjtopLZOa1XOJt0sUbRAHa2FOZzb42ureqnIdzzYgm+hY18KJUkfrSxCg2dd4MTgQuYu+ZhUpaMB2rAm94XcTgVTGO5ADi5NM0oEFFNdNKrAyCom1jWC2m8LyYfCzUJEAYCAUd1WL438vW1Z0FQZK5dAca9qTf6FxrRdYRYrY7oGND3IwvyWwAEljCCBJIwggN6oAMCAQICEAoBQUIAAAFThXNqC4XspwgwDQYJKoZIhvcNAQELBQAwPzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQDEw5EU1QgUm9vdCBDQSBYMzAeFw0xNjAzMTcxNjQwNDZaFw0yMTAzMTcxNjQwNDZaMEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQDExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJzTDPBa5S5Ht3JdN4OzaGMw6tc1Jhkl4b2+NfFwki+3uEtBBaupnjUIWOyxKsRohwuj43Xk5vOnYnG6eYFgH9eRmp\/z0HhncchpDpWRz\/7mmelgPEjMfspNdxIknUcbWuu57B43ABycrHunBerOSuu9QeU2mLnL\/W08lmjfIypCkAyGdGfIf6WauFJhFBM\/ZemCh8vb+g5W9oaJ84U\/l4avsNwa72sNlRZ9xCugZbKZBDZ1gGusSvMbkEl4L6KWTyogJSkExnTA0DHNjzE4lRa6qDO4Q\/GxH8Mwf6J5MRM9LTb44\/zyM2q5OTHFr8SNDR1kFjOq+oQpttQLwNh9w5MCAwEAAaOCAX0wggF5MBIGA1UdEwEB\/wQIMAYBAf8CAQAwDgYDVR0="}
00968{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":565,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739879619,"flow_last_seen":946739879647,"flow_idle_time":7580000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2048,"flow_tot_l4_payload_len":2336,"flow_avg_l4_payload_len":1168,"midstream":1,"thread_ts_msec":946739879647,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35742,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"2464432ec440b95b36263230c3148d11","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00972{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":565,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739879619,"flow_last_seen":946739879647,"flow_idle_time":7580000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2048,"flow_tot_l4_payload_len":2336,"midstream":1,"thread_ts_msec":946739879647,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35742,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"2464432ec440b95b36263230c3148d11","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":566,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_last_seen":946739879647,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1535,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1535,"pkt_l4_len":1501,"thread_ts_msec":946739879647,"pkt":"ZmZmZmZmRERERERECABFAAXxIhJAADcGmCTR+vEZCgAAAQG7i56PZECQBaQESFAYAfWJtAAADwEB\/wQEAwIBhjB\/BggrBgEFBQcBAQRzMHEwMgYIKwYBBQUHMAGGJmh0dHA6Ly9pc3JnLnRydXN0aWQub2NzcC5pZGVudHJ1c3QuY29tMDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx+tvhS5B1\/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA\/BgsrBgEEAYLfEwEBATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQub3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9EU1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFKhKamMEfd265tE5t6ZFZe\/zqOyhMA0GCSqGSIb3DQEBCwUAA4IBAQDdM9cR82NYON0YFfsJVb52VrlwSKVpRyd7wiQIkvFaH0oSKTckdFEcYmi4zZVwZ+X3pLxOKFHNm+iuh53q2LpaoQGa3PDdah1q2D5XI56mHgRimv\/XBcq3Hz\/ACki8lLC2ZWLgwVTloyqtIMTp5rvcyPa1wzKjmMx3qOZ5ZQcryyj+OhZSgc5SDC5fg+jVBjP7d2zOQOoynh+SXEHBdGxbXQpfM8xNn6w48C97LGKd2aORbyUbL5CxGUY99n4bpnqHuaN6bRj6JaWRhxXg8hYvWLAGLyxoJsZLmM3anwz5f5DtQ0oSRE5vc3oo6qSqbntMfYfd4MkCRKeHr8M0W7RCFgMDAhcWAAITAQACDzCCAgsKAQCgggIEMIICAAYJKwYBBQUHMAEBBIIB8TCCAe0wgdahTDBKMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3MgRW5jcnlwdDEjMCEGA1UEAxMaTGV0J3MgRW5jcnlwdCBBdXRob3JpdHkgWDMYDzIwMjAwOTA0MDA0OTAwWjB1MHMwSzAJBgUrDgMCGgUABBR+5mrncpqz\/PiiIGRsFqEtYHEIXQQUqEpqYwR93brm0Tm3pkVl7\/Oo7KECEgMMokdOfCPCyeubYMusjXM0tYAAGA8yMDIwMDkwNDAwMDAwMFqgERgPMjAyMDA5MTEwMDAwMDBaMA0GCSqGSIb3DQEBCwUAA4IBAQAoMB1ePZKC8NpTy2434kCI6h8NAXGSDejnRZYFr2QSx+TpoZipUWbMWCq8UzrMIxKC8UJACJQc6RIM+Xgz0ZRbGx25OD3V4vLxsczn\/nEIsXCHGvGoEBJqPqesQfpmU9r+oB2CbUgxGaJxDFqnidG6tH5KNxFVbrX2lPzXeDzKwLN1eUiZU\/lMuAOJwkK8zmwVXP5H7g6aco+MiZp06K8b\/Da3w0YGUY9fjEablMtV5ViuxARhZw1pWYWZo\/jGfvICDNvPKmx8V1X1Z4R8rNjm8UiPRR8P0NarasVvNtWs+6fXGpl\/hFMZzj6z4oAVh0vYNXKYxmaDs8l6pH8OOZ\/cFgMDASwMAAEoAwAdIKQoxhH\/Z4NdCHDs7qK8wmGbCtHgbBpAtyYYPJoz0BNpCAQBAI2s5yjtMrI9QJNozqSEdCsumaSKt\/QNxoJ5PFMWs10MAWl+5CjGLSlpjhytuQkP602gJ28TSQHyyO39DQ2pHRZ1MjKiwLUGQnSrx7B1qsIRx8U65WEhaQ\/Oefjv8VGGg2Nnh0hcGrHjYUxlGavnUge+GnGDrvgzWTdBb6fu\/ASgdFWYo\/L\/cx\/DQSF7KqdfFLYtqS\/mVGjCi+aU3DGzfokfH8gTddjOpZA9DbKNE5R+fiOUj+uHJsETXL1+AHkZ1DyEVNTPTtlzClPqiVFZoiQLHaM5Rks\/r\/SATzjVrNW7MyikygwLvRY4rKK4uz5N88k\/vqkRvVB4EA04vef95bIWAwMABA4AAAA="}
01301{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":566,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":946739879619,"flow_last_seen":946739879647,"flow_idle_time":7580000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2048,"flow_tot_l4_payload_len":3817,"flow_avg_l4_payload_len":1272,"midstream":1,"thread_ts_msec":946739879647,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35742,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","server_names":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"2464432ec440b95b36263230c3148d11","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=jarjar.meganerd.nl","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"17:C9:8C:F5:DD:1F:0E:0F:DC:C5:42:4F:ED:C4:CD:57:5A:5D:7A:4F"}}
00807{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":946739400702,"flow_last_seen":946739407673,"flow_idle_time":7580000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":2048,"flow_tot_l4_payload_len":5567,"flow_avg_l4_payload_len":309,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35714,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":946739312203,"flow_last_seen":946739327905,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":5116,"flow_avg_l4_payload_len":232,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.203.179.248","src_port":41720,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00807{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":946739879619,"flow_last_seen":946739888204,"flow_idle_time":7580000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":2048,"flow_tot_l4_payload_len":4885,"flow_avg_l4_payload_len":348,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35742,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00819{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":946739389936,"flow_last_seen":946739420902,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":1410,"flow_tot_l4_payload_len":6677,"flow_avg_l4_payload_len":333,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52028,"dst_port":8443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":946739390933,"flow_last_seen":946739421078,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3111,"flow_tot_l4_payload_len":5324,"flow_avg_l4_payload_len":332,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"217.169.20.23","src_port":34036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":946739311566,"flow_last_seen":946739327918,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":6429,"flow_avg_l4_payload_len":378,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55322,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":946739336955,"flow_last_seen":946739364937,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":5781,"flow_avg_l4_payload_len":385,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.233.106.232","src_port":46658,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":946739378577,"flow_last_seen":946739410674,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2503,"flow_tot_l4_payload_len":5076,"flow_avg_l4_payload_len":282,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.28.34","src_port":33724,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":946739305650,"flow_last_seen":946739328075,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2194,"flow_tot_l4_payload_len":5876,"flow_avg_l4_payload_len":367,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":40938,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":946739304846,"flow_last_seen":946739327879,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3131,"flow_tot_l4_payload_len":6025,"flow_avg_l4_payload_len":354,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.147.50","src_port":55962,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00804{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":946739310980,"flow_last_seen":946739321153,"flow_idle_time":7580000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":3003,"flow_tot_l4_payload_len":5652,"flow_avg_l4_payload_len":235,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.43.135.1","src_port":38186,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":946739317842,"flow_last_seen":946739327879,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":5992,"flow_avg_l4_payload_len":399,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":60026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":946739402059,"flow_last_seen":946739432187,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":6475,"flow_avg_l4_payload_len":380,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.54","src_port":57058,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":946739354159,"flow_last_seen":946739364932,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3114,"flow_tot_l4_payload_len":5263,"flow_avg_l4_payload_len":328,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44640,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":946739380697,"flow_last_seen":946739410804,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2838,"flow_tot_l4_payload_len":5244,"flow_avg_l4_payload_len":308,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"1.0.0.1","src_port":53802,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":946739400581,"flow_last_seen":946739430677,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":5345,"flow_avg_l4_payload_len":314,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.70.85.11","src_port":54164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":946739400294,"flow_last_seen":946739430460,"flow_idle_time":7580000,"flow_min_l4_payload_len":1,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":5037,"flow_avg_l4_payload_len":314,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"146.255.56.98","src_port":43718,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":946739661512,"flow_last_seen":946739691599,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3114,"flow_tot_l4_payload_len":4770,"flow_avg_l4_payload_len":366,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44704,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":946739374011,"flow_last_seen":946739404206,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3125,"flow_tot_l4_payload_len":5512,"flow_avg_l4_payload_len":324,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.202.176.26","src_port":43106,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":946739311335,"flow_last_seen":946739327906,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":1562,"flow_tot_l4_payload_len":5128,"flow_avg_l4_payload_len":301,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51770,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":946739603327,"flow_last_seen":946739633413,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3014,"flow_tot_l4_payload_len":4605,"flow_avg_l4_payload_len":383,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51846,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":946739401864,"flow_last_seen":946739432023,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":6872,"flow_avg_l4_payload_len":381,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"95.216.229.153","src_port":43888,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":946739311703,"flow_last_seen":946739327879,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":5538,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":52386,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":946739378281,"flow_last_seen":946739408545,"flow_idle_time":7580000,"flow_min_l4_payload_len":6,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6534,"flow_avg_l4_payload_len":284,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":59026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":946739385090,"flow_last_seen":946739415188,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3116,"flow_tot_l4_payload_len":5274,"flow_avg_l4_payload_len":329,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"136.144.215.158","src_port":52176,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":946739380870,"flow_last_seen":946739411017,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":4647,"flow_avg_l4_payload_len":221,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.90.28.0","src_port":33338,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":946739298533,"flow_last_seen":946739298798,"flow_idle_time":7580000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":1410,"flow_tot_l4_payload_len":3077,"flow_avg_l4_payload_len":769,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":946739299058,"flow_last_seen":946739299326,"flow_idle_time":7580000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":1410,"flow_tot_l4_payload_len":3075,"flow_avg_l4_payload_len":768,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53676,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00819{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":946739348407,"flow_last_seen":946739365024,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3098,"flow_tot_l4_payload_len":5364,"flow_avg_l4_payload_len":282,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":36012,"dst_port":453,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00820{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":946739310588,"flow_last_seen":946739327990,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3100,"flow_tot_l4_payload_len":5402,"flow_avg_l4_payload_len":270,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":37530,"dst_port":453,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":946739304432,"flow_last_seen":946739327879,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":8183,"flow_avg_l4_payload_len":272,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.95.218.42","src_port":50614,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":946739385216,"flow_last_seen":946739415379,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":4699,"flow_avg_l4_payload_len":261,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.0.106","src_port":39214,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":946739348961,"flow_last_seen":946739364914,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":5460,"flow_avg_l4_payload_len":364,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":38018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":946739305016,"flow_last_seen":946739327879,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":5516,"flow_avg_l4_payload_len":324,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":59404,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
01305{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":566,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":946739879619,"flow_last_seen":946739879647,"flow_idle_time":7580000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2048,"flow_tot_l4_payload_len":3817,"midstream":1,"thread_ts_msec":946739879647,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35742,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","server_names":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"2464432ec440b95b36263230c3148d11","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=jarjar.meganerd.nl","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"17:C9:8C:F5:DD:1F:0E:0F:DC:C5:42:4F:ED:C4:CD:57:5A:5D:7A:4F"}}
00811{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":9,"flow_first_seen":946739400702,"flow_last_seen":946739407673,"flow_idle_time":7580000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":2048,"flow_tot_l4_payload_len":5567,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35714,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":12,"flow_first_seen":946739312203,"flow_last_seen":946739327905,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":5116,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.203.179.248","src_port":41720,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00811{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":946739879619,"flow_last_seen":946739888204,"flow_idle_time":7580000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":2048,"flow_tot_l4_payload_len":4885,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35742,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00824{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":11,"flow_first_seen":946739389936,"flow_last_seen":946739420902,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":1410,"flow_tot_l4_payload_len":6677,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52028,"dst_port":8443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":6,"flow_first_seen":946739390933,"flow_last_seen":946739421078,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3111,"flow_tot_l4_payload_len":5324,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"217.169.20.23","src_port":34036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":7,"flow_first_seen":946739311566,"flow_last_seen":946739327918,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":6429,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55322,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":946739336955,"flow_last_seen":946739364937,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":5781,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.233.106.232","src_port":46658,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":9,"flow_first_seen":946739378577,"flow_last_seen":946739410674,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2503,"flow_tot_l4_payload_len":5076,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.28.34","src_port":33724,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":6,"flow_first_seen":946739305650,"flow_last_seen":946739328075,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2194,"flow_tot_l4_payload_len":5876,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":40938,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":7,"flow_first_seen":946739304846,"flow_last_seen":946739327879,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3131,"flow_tot_l4_payload_len":6025,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.147.50","src_port":55962,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00810{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":13,"flow_first_seen":946739310980,"flow_last_seen":946739321153,"flow_idle_time":7580000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":3003,"flow_tot_l4_payload_len":5652,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.43.135.1","src_port":38186,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":946739317842,"flow_last_seen":946739327879,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":5992,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":60026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":946739402059,"flow_last_seen":946739432187,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":6475,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.54","src_port":57058,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":7,"flow_first_seen":946739354159,"flow_last_seen":946739364932,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3114,"flow_tot_l4_payload_len":5263,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44640,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":7,"flow_first_seen":946739380697,"flow_last_seen":946739410804,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2838,"flow_tot_l4_payload_len":5244,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"1.0.0.1","src_port":53802,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":946739400581,"flow_last_seen":946739430677,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":5345,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.70.85.11","src_port":54164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":6,"flow_first_seen":946739400294,"flow_last_seen":946739430460,"flow_idle_time":7580000,"flow_min_l4_payload_len":1,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":5037,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"146.255.56.98","src_port":43718,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":5,"flow_first_seen":946739661512,"flow_last_seen":946739691599,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3114,"flow_tot_l4_payload_len":4770,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44704,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":7,"flow_first_seen":946739374011,"flow_last_seen":946739404206,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3125,"flow_tot_l4_payload_len":5512,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.202.176.26","src_port":43106,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":946739311335,"flow_last_seen":946739327906,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":1562,"flow_tot_l4_payload_len":5128,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51770,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":5,"flow_first_seen":946739603327,"flow_last_seen":946739633413,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3014,"flow_tot_l4_payload_len":4605,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51846,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":8,"flow_first_seen":946739401864,"flow_last_seen":946739432023,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":6872,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"95.216.229.153","src_port":43888,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":8,"flow_first_seen":946739311703,"flow_last_seen":946739327879,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":5538,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":52386,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":12,"flow_first_seen":946739378281,"flow_last_seen":946739408545,"flow_idle_time":7580000,"flow_min_l4_payload_len":6,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6534,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":59026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":6,"flow_first_seen":946739385090,"flow_last_seen":946739415188,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3116,"flow_tot_l4_payload_len":5274,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"136.144.215.158","src_port":52176,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":12,"flow_first_seen":946739380870,"flow_last_seen":946739411017,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":4647,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.90.28.0","src_port":33338,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":946739298533,"flow_last_seen":946739298798,"flow_idle_time":7580000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":1410,"flow_tot_l4_payload_len":3077,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":946739299058,"flow_last_seen":946739299326,"flow_idle_time":7580000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":1410,"flow_tot_l4_payload_len":3075,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53676,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00824{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":10,"flow_first_seen":946739348407,"flow_last_seen":946739365024,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3098,"flow_tot_l4_payload_len":5364,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":36012,"dst_port":453,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00826{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":946739310588,"flow_last_seen":946739327990,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3100,"flow_tot_l4_payload_len":5402,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":37530,"dst_port":453,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":16,"flow_first_seen":946739304432,"flow_last_seen":946739327879,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":8183,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.95.218.42","src_port":50614,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":8,"flow_first_seen":946739385216,"flow_last_seen":946739415379,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":4699,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.0.106","src_port":39214,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":946739348961,"flow_last_seen":946739364914,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":5460,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":38018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":7,"flow_first_seen":946739305016,"flow_last_seen":946739327879,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":5516,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":59404,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00573{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","packets-captured":577,"packets-processed":577,"total-skipped-flows":0,"total-l4-payload-len":185420,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":34,"total-detection-updates":36,"total-updates":0,"current-active-flows":0,"total-active-flows":34,"total-idle-flows":34,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":243,"global_ts_msec":946739888204}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 577/577
@@ -249,8 +249,8 @@
~~ total active/idle flows...: 34/34
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6201302 bytes
~~ total memory freed........: 6201302 bytes
~~ total memory allocated....: 6201574 bytes
~~ total memory freed........: 6201574 bytes
~~ total allocations/frees...: 121723/121723
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 470 chars

22
test/results/dnscrypt-v2.pcap.out
View File

@@ -1,20 +1,20 @@
00462{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dnscrypt-v2.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00550{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dnscrypt-v2.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":946760521313}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946760521313,"flow_last_seen":946760521313,"flow_idle_time":200000,"flow_min_l4_payload_len":1088,"flow_max_l4_payload_len":1088,"flow_tot_l4_payload_len":1088,"flow_avg_l4_payload_len":1088,"midstream":0,"thread_ts_msec":946760521313,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.2","src_port":38650,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946760521313,"flow_last_seen":946760521313,"flow_idle_time":200000,"flow_min_l4_payload_len":1088,"flow_max_l4_payload_len":1088,"flow_tot_l4_payload_len":1088,"midstream":0,"thread_ts_msec":946760521313,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.2","src_port":38650,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01919{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":946760521313,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1130,"pkt_l4_len":1096,"thread_ts_msec":946760521313,"pkt":"AABeAAEK6qmpVXFVCABFAARcbhBAALERNCZ\/AAABfwAAApb6FOkESCe048PqxHAbR9XexWcgBKkL3kOeOPWTE2vKv7G3b+NOW862Bvwb1rheRQpQUH1mr6e8OCu\/fibn8cYTAvsRcNZA8\/lTdO1zXx64xZvGw9jDVohyuD42K8UoR60NkNdqxmDm0qVliFWXizmljTn2lD7CTHoYDdzqjjkHmHHUYe7NejwHo7UzJLYj4uUoMZ5OBbpbxqfekl3zx\/Y\/4Zdyfk6\/03lvMbG9F2W\/akMw4XwHvq2g20\/z7ROpAn9pbnoIPgkT0bVLMUloa6KCu+fPabNALYQCzXjw1dWf3V3HgmcswkwsHKRU4IqCA\/69xcDmnZfgajXBSpNTdHGZU3HrpU7Y+zKoXZQEmeLc30bXeW5a9kf14ALJr7nP37xAYcN4G1BzEhKbbjiDg1A8CDSXiipFooV7yrAiiDZFfq27wAKZRhDngTzeslBwu2i9MUBFZfRNYKakWYXb0zhir5\/O29uGdH+oix0VAlOhQ1zI2Iy777Cmv9swWs1wCBkrJE\/94M4tHF8XTS+kICmBd4\/\/oCbnlEOyxgE0tpl\/nt7We2odNwl1bEewLva0FOnwrRvhVpfaOoXJc9u0J1yVggsuxaSQHVALa0pkLJp+\/KL1C5ympFZjeFktaMfNQOPv5Z3ESCDKvkHzBBiVXNmZyBQJjVm8OJ2VxCOFxQRcEAfIQp56nl1CI6spURDZCsZVp2WuwyXhdsymxVlmsZMvMariZ7h1rbuSEhdHqejvERJd+oAjcCDcUCZYn75DUrNO01fMsDJFP9eRjUktxwy4\/sGlfHHZsXsBQsVS+zNosEiqeQlMFWbk\/CQC\/Iy+m8JNr48sNXZTfXlgESJMZXIJGI3ZhFWluGHRiSLjWQPEgvt0+8gtmgy\/Sb56ZYrX4M7I0sBjqZhkP6vZD63SReYDlzFMUXd7hqpdFD+DjTIU374ZDUKtowMci+TNbopqyz97shtgi2xwOH9hFddB1RkG4yQjJkESvH+dEwGDhiyuqu1jbA0SFR8P5u+YYRQ+42CE\/iBU+jTsoOwxLsuWVcddU3vstbXn6rqxHgTXYGQFfuQtZFvSdKWnmTw8z9w8zndi+uHY\/vuoYXfx78owiiwhQhGyfvFoeyz6rWetZHRBw8zdBPggojOpslDYBovfLfe36dR5k4GtMpkpWYRt2em7VCMyF\/XbQIJEmhp+Ako20cMzqWuCfInK3G1X2JqV5rUe\/hqwd4JCyxrYqNuTc0r7m\/tXkqg9Pt8Nefpg\/ArWfvW+92iTAzlNVO3aq1ykTtQZiIeO81hVzagjUmsfI9nbIftuGPqsEIReSMuv5dWv6UgqYAe4C\/Xx87KHRwvxYrw2wdoQQVmttjR1\/zLAosSHz6yXxjq3yFjyK9Klg3OqBxrG0xMTunO9JWWEVDj8mxnhWJ808mUKd\/9SGzIWV6hSgWaIDqMtm18GCQPG3sT0f23Y6zC5qmo="}
00764{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":946760521327,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"thread_ts_msec":946760521327,"pkt":"6qmpVXFVLGv1oHfACABFAAEMLuFAADYR8aV\/AAACfwAAARTplvoA+BE2cjZmbnZXajgKUFB9Zq+nvDgrv35wwPFkkokFr1FaigO8H+CEw9XZ9v94iKYdvhofH7\/r0T3rultZ9ZuMYw63KPKpYNyj1i2Vz2KxAnu1y9OcbN8hOMoWFrn1y\/BrWeycOMWNW\/UytoGW9Utt69PEyNka4RcvHRab4iJ\/YjjMR75dgU4mnlrydsdtgAPjXq8XLISW7\/42LpWK7O03ro1N2Q0h\/PZQAkZ8Yr116m7rrS+wia4dqoRvx+npPzTL2uTXQZk6coE4bD7nXs83zCQTiFsawPIKEo\/Czq95ZoX+83ElbKp2Lf2x5F0tvUmYWWas"}
00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946760521313,"flow_last_seen":946760521327,"flow_idle_time":200000,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":1088,"flow_tot_l4_payload_len":1328,"flow_avg_l4_payload_len":664,"midstream":0,"thread_ts_msec":946760521327,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.2","src_port":38650,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946760605202,"flow_last_seen":946760605202,"flow_idle_time":200000,"flow_min_l4_payload_len":1088,"flow_max_l4_payload_len":1088,"flow_tot_l4_payload_len":1088,"flow_avg_l4_payload_len":1088,"midstream":0,"thread_ts_msec":946760605202,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.2","src_port":42883,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946760521313,"flow_last_seen":946760521327,"flow_idle_time":200000,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":1088,"flow_tot_l4_payload_len":1328,"midstream":0,"thread_ts_msec":946760521327,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.2","src_port":38650,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946760605202,"flow_last_seen":946760605202,"flow_idle_time":200000,"flow_min_l4_payload_len":1088,"flow_max_l4_payload_len":1088,"flow_tot_l4_payload_len":1088,"midstream":0,"thread_ts_msec":946760605202,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.2","src_port":42883,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01903{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":946760605202,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1130,"pkt_l4_len":1096,"thread_ts_msec":946760605202,"pkt":"AABeAAEK6qmpVXFVCABFAARcltdAALMRCV9\/AAABfwAAAqeDFOkESCe048PqxHAbR9XexWcgBKkL3kOeOPWTE2vKv7G3b+NOW862Bvwb1rheRfk4LvVMuzYHCM64aFNA6T05d8hUdeyA7alWJw86lEbUjUkUtbT59kH5jmUMy6TBNbA9cSZ8ylHF4RX6cVC46FgRWMG7UkBiuIGCYSDYj0qQHCgV\/uKPkd7y7W+9OzpH8mUK0FHIW++OejSvieZlNNJ7hSMqQWE6z3iyVzPN5bD2KljIJn1iUmfgz+QxSJuRx84RGS6ZLYT438yRBqXYq0Vwk3xAT2MdCKiMuYMGqjTyP8B2grnXj9xxXxku1yj6OtSn3nAOQMgpYIcCjgnWS0cRJegnnM5D0O11ZfcQB4Fewco0pEjSFK7kZnpZjtiHj5j7TxqMO4Vn4k86uxQk9GVEN2zODOYc\/yyQRJRQS1vdmwbB8pH1RY9RWIX7c72Uu8J9lT3tB12jgWk7JcvRj3kqUYiVaVTscNevFtQUPd0pSnuajXrJ+hzFBHsYRtQDq\/qTDyuwyCgb8nIkKE96dBEolcLL26\/EMH1RIcplKkl5QSamD4VBOpG8DQ1KIQd5gIQLhlPX6KKqy7L6Do2tx+7dCgtxx1E2Br5zMvuZ\/kHhX+MLJOr0\/iwBeAlPpj1PTcK\/rpOP\/M9aijTDmpjKLIyWYcCRi4HhnB137njSA378aWCbFQ7RmeSIy0aQhzqFaa24Ofa5nIsMouRW4f5GlNLyfxNzMEVOgMupxFBG2voNdFKwsRoKeLkMj7WOY2inFYOw5ZlvlEm8+KlPFlfAPPRaFc4wviLsHB1h5n0OE+4RJNAOIIQjqzgIlOSM8Nf6u6nK9U3brOit1rLsoNbz0kdvgGrYF8iE222nQnizwIIprECi+YiIB1JohhQC2SZBXTJZi6nmVjvNp1U7QtnqJmCDfn5dkvToJTtLdfNYaPdwYRqh9PCxdqOx4DZSEWB8Mcmvv2RlvIDRk4YB8sEcsvl8H3KjJrRLlS2VHOyhoRF4eQShnYQaWWTTPhLW1WnZkJv3V+hfXyWkKSlLqRNpdP6XlsM5ekn2bbYMJyF9X1PMYbcE30O7Cu2G1r8dj6Q3hhF0SdQ5eGuZYgYWN9RTyONhRRMvxQMrb9jKfwKGrdQlTE6utG21dom5hBW5JyJ8gXtHSffRdH1zebg16GOd\/Kdg8neHvERpHgJtjc6onWBEeYVMSOIgY3FsrOPw8Z+8m14x9gAOfHtLW669SkRJ\/5Oy1nHFue3eMdLOD17GsJC9ipo8Nt7h+s4mrZ48orMsFI5zdxcpuO5qIX7Jeo5cM7okkhYTz8e15mkxVdno5gBtUAf8t\/L2X1vjjlcGsVoQKrJmRP1jJTumUkNQcgjkM9fu5JPFOO495nbtE9aMELyNvGpZMayoVzo0osCoDkba4s3ZTHe2irNjakWpfqIdatMniQsiKVkXUcZgJzdhkXaFhlfKxLQ3rNM="}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":946760605216,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":946760605216,"pkt":"6qmpVXFVLGv1oHfACABFAADMP0VAADYR4YF\/AAACfwAAARTpp4MAuJEqcjZmbnZXajj5OC71TLs2BwjOuGgg3QrBP5tprFLasOGCi79PkXAdV2PVq+xNqpM\/kysCzgq0+LOYozLThXw1WZc0FtoVVEapHJrtR+84oNppbLRDK7JMS7PVvGlgxZODr7UkO1B\/D0uRd283CHNw\/vIL9BRqAsong3oxZiw5zr2Y3a2cdTof4h\/tWWCDrx7A7RBVG\/GNrFPjnEGOMX+8J1XSUzpJoAL2W7tia8a8E6E="}
00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946760605202,"flow_last_seen":946760605216,"flow_idle_time":200000,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":1088,"flow_tot_l4_payload_len":1264,"flow_avg_l4_payload_len":632,"midstream":0,"thread_ts_msec":946760605216,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.2","src_port":42883,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946760605285,"flow_last_seen":946760605285,"flow_idle_time":200000,"flow_min_l4_payload_len":1088,"flow_max_l4_payload_len":1088,"flow_tot_l4_payload_len":1088,"flow_avg_l4_payload_len":1088,"midstream":0,"thread_ts_msec":946760605285,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.2","src_port":50893,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946760605202,"flow_last_seen":946760605216,"flow_idle_time":200000,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":1088,"flow_tot_l4_payload_len":1264,"midstream":0,"thread_ts_msec":946760605216,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.2","src_port":42883,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946760605285,"flow_last_seen":946760605285,"flow_idle_time":200000,"flow_min_l4_payload_len":1088,"flow_max_l4_payload_len":1088,"flow_tot_l4_payload_len":1088,"midstream":0,"thread_ts_msec":946760605285,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.2","src_port":50893,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01915{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":946760605285,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1130,"pkt_l4_len":1096,"thread_ts_msec":946760605285,"pkt":"AABeAAEK6qmpVXFVCABFAARclutAALMRCUt\/AAABfwAAAsbNFOkESCe048PqxHAbR9XexWcgBKkL3kOeOPWTE2vKv7G3b+NOW862Bvwb1rheRQw0qtTPgEfkm2BM74ld5CA+W62jGSnjSdoiN3bn9c9nxUkSoDVOuV\/3s7ElHCemxe0UkD1LvUy8p8mkYiyJByZqh\/TL+tyM9BYbJLyKl4eVVVUmkWzlIkQ8\/WuhnpFa3Pnl4FCof4Z1AFcjqWHjHTbQ00s\/sO6ObqcqEHiFQ3+hFKPz9bBRBZWfeqEU3hWWN4OunVcVjBVIH+oyNnf9Ldqyao3Hv1uVLcFryZLWtSTQ+TUZP7RHtGoj4axNiM4Sz7wu2+uP+AibNzkF1m9ssUSp2rQ7tNTH+uxSW1kUeR+13R3ypCAFwJqw\/VTXgzMfvcjuBPHrlpMxG36nZL\/+zwmhxqACloTIurY1g7wfxGufh02FIVF4K+Jc183KeSLvKymakWl1jrazrxgKDGwzCmkm\/qXsOyxoyVo59boGN73vaAXF8yLnk\/4vNz04JxTScUka4TOHKUXW8ZZ543tFdfRvtM2NKx84KnERvuwI\/uotbd04NQpoVtEiRRZMADKfart6vq32P23lHeY6n+mIbu2PA0gvFaxx5jWM3JmDKSD0o30ViNPe03NlnYSlQiW5FJ\/53xHptvxGrdm48kY+bJUL4BJa9O5+PfC0wB2a+yNdgtZ8d2Ojegp\/kYc3D4fTqTKjslUMThhuPbtzJcJR7XXfKIBDV5cnnDp7d+CI2Oar3wr\/zAoz9VHG24IjueUhl9sB9wO4qD\/KiPSpxNze8cwgJ24e6LGZ2e3Ay\/9kJIVk41uXqrdi54bVgXRXtvYhvorxpHXFV0LMZL2KCV8o9YlluRovDnaKb2GjLy3\/KKvuxcfe8RkRT3HoRtfYQolh6A5Hcjo\/jY6K8WK9AYDN4oGnBq2Zj4\/\/kX6Io7WhFljPtCYlDuu6c2DaooeLWfDA4aiTOcgajr55j+xPLf7QCmTIPnSNaljtC8eAv2zKtaHTOxfqBnVS2qgCianNYsfZKJnMugiHwOoaiJRwFh7pRkLQHsaRmUwL7vL3V61gMAYHLFcSc9eFMEELE0f\/ZCqihiDw76bxMzGRDmA2k1dv1pc9dZ99Ue\/PDqBzsXDzW0KYkSPi3FTRTVCcb3S1zt0x0i8Xn8a9DcLUqsCeFC+tn1mb0dgeRDdkXiH6Q6fSweEw2PTotOKU\/j9hJM680iuH5tTNwSeded2TpAJ0+s\/qihZjedAPyx6rLEqze3DvE7LdsxMHpTPE+MsP5MLsZXG4gnX+29YRCkNE3C55pGXwdkjw9WH9Kilh0MC0xfYccaNmVdRLqWcpDKmsXOheBIMt\/4erfzigzbscKLMVmi73r5KGkOYVsW04yU067zltq+0GH3UBPFcd61oBOkbsGPO4r1UmBlHZJoz0lwKh1rV3nPuBv46M4MKI6eSRqOL4FFePLAO7NiaYa+o="}
00938{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":946760605298,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":410,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":410,"pkt_l4_len":376,"thread_ts_msec":946760605298,"pkt":"6qmpVXFVLGv1oHfACABFAAGMP3pAADYR4Ix\/AAACfwAAARTpxs0BeEafcjZmbnZXajgMNKrUz4BH5JtgTO\/vSxmsaEEZ\/CAi1tHviASLJ0uizAKXOLABetwgqhCo5m4k1iiphPsQtmERIqMf5JqXqiSdLy1Ba297cOraSOTaFHJWit3rzIV3AowJFomZ6bNGgpjxuYxUP4ApyAtzXYDJCYeu\/TSh4Op6+VkA6r1rjj0eFvuUrgX0XUc9PplmByW+parwj6z4sTPvV7M24c3XCf31OpXMDgENn0dC\/NtCYAPIhFy5yJH4NN0uv+wCzBvfx5hamAafH0ucNQEWgtIToY\/UKfIcB1p2Rmxkik4bx1XvJZRpgatWlKpSSZ2osdUqE0Gf6dev8q1ZEmaD+Nt91oo9gqW7UnB\/A+rnjMC7Jl4QB0mRDv3NPjcpvDGjZgxCT\/Cm8FWDlE6PMnj9qJUAbU8j4wyOOwo1LdjYHrXav+2Cx6qKLtaO9UmFpkeQ1L0Y\/fU\/6vod5MZsIE9xe3xRC2JrvS8Zsa2Q5fU="}
00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946760605285,"flow_last_seen":946760605298,"flow_idle_time":200000,"flow_min_l4_payload_len":368,"flow_max_l4_payload_len":1088,"flow_tot_l4_payload_len":1456,"flow_avg_l4_payload_len":728,"midstream":0,"thread_ts_msec":946760605298,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.2","src_port":50893,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946760605285,"flow_last_seen":946760605298,"flow_idle_time":200000,"flow_min_l4_payload_len":368,"flow_max_l4_payload_len":1088,"flow_tot_l4_payload_len":1456,"flow_avg_l4_payload_len":728,"midstream":0,"thread_ts_msec":946760605298,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.2","src_port":50893,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946760521313,"flow_last_seen":946760521327,"flow_idle_time":200000,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":1088,"flow_tot_l4_payload_len":1328,"flow_avg_l4_payload_len":664,"midstream":0,"thread_ts_msec":946760605298,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.2","src_port":38650,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946760605202,"flow_last_seen":946760605216,"flow_idle_time":200000,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":1088,"flow_tot_l4_payload_len":1264,"flow_avg_l4_payload_len":632,"midstream":0,"thread_ts_msec":946760605298,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.2","src_port":42883,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946760605285,"flow_last_seen":946760605298,"flow_idle_time":200000,"flow_min_l4_payload_len":368,"flow_max_l4_payload_len":1088,"flow_tot_l4_payload_len":1456,"midstream":0,"thread_ts_msec":946760605298,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.2","src_port":50893,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946760605285,"flow_last_seen":946760605298,"flow_idle_time":200000,"flow_min_l4_payload_len":368,"flow_max_l4_payload_len":1088,"flow_tot_l4_payload_len":1456,"midstream":0,"thread_ts_msec":946760605298,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.2","src_port":50893,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946760521313,"flow_last_seen":946760521327,"flow_idle_time":200000,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":1088,"flow_tot_l4_payload_len":1328,"midstream":0,"thread_ts_msec":946760605298,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.2","src_port":38650,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946760605202,"flow_last_seen":946760605216,"flow_idle_time":200000,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":1088,"flow_tot_l4_payload_len":1264,"midstream":0,"thread_ts_msec":946760605298,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.2","src_port":42883,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00556{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"dnscrypt-v2.pcap","alias":"nDPId-test","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":4048,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":18,"global_ts_msec":946760605298}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 6/6
@@ -24,8 +24,8 @@
~~ total active/idle flows...: 3/3
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6005371 bytes
~~ total memory freed........: 6005371 bytes
~~ total memory allocated....: 6005395 bytes
~~ total memory freed........: 6005395 bytes
~~ total allocations/frees...: 120890/120890
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 467 chars

12
test/results/dnscrypt_skype_false_positive.pcapng.out
View File

@@ -1,13 +1,13 @@
00482{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00571{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1625015363846}
00608{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625015363846,"flow_last_seen":1625015363846,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":1625015363846,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"212.47.228.136","src_port":46858,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00613{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625015363846,"flow_last_seen":1625015363846,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"midstream":0,"thread_ts_msec":1625015363846,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"212.47.228.136","src_port":46858,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01153{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1625015363846,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":1625015363846,"pkt":"eJS0JASgYDjgxTWgCABFcAIcMeUAAKoRYLfAqAJk1C\/kiLcKAbsCCH3e0xsCBCrEBvNJfmmTQksKFsBudVhmUbtKR7UA4dAhr2YeFsWFn50WD3lhBxF+xRcXm4OudBLKFF3lXNzJRT1n1mCwEwKyGhzNUC6UkZad2AWsmuU16fgPBH\/sceAjxvXbeJaMQ9EbSG+EryR20f36x0OJcNkQYlfmM\/kN4T86L0ASqKQ0TZzuEESSiQX32uxygOna3C7y8YkubD4iZwEIg4QPEIQOdpWbEXtV\/o83jys6juVpKCDsvd9F8BJn0A7cjfMFRaUEMtODCG9KXBGEFHSZ18dK+ql0\/Pni3Dqd6Y7WU9Mlsj6IJPn77nWwLoqZYdJM9PltVUKA0BCDDZWLsJkP+knwwM996eWvPVPxNZ1KKAU+KOVJ04oTxBObGh5XZz6JStYBY6Gu1I+A7lBm6RD\/WCsjY01E5zHZUyzq\/sRzA5mq5v96ugcirzkq3k0\/Yi8TtQ9Ei2s6Y2t9FI5mQA6UNGXKigRJGNMlurE7oVNz9ZGKjrmgUROTHW19Dk8giJLA8E8v8V\/Kx+sNH6hBiMP0Nh9x\/ejK++VYPU3QRVutcD8PafmUWXqxmeXX5tAdjXoA\/bR66F4Yy0keXtHiEolfEIPbbw5Dss1Er21DaArDQUxYztwJdUkbudQ3HagiiDaY7lCwmWsiFTSiz+tzK3sS0+qynhYwsO0Zb6cGdfI="}
00784{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1625015363881,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"thread_ts_msec":1625015363881,"pkt":"YDjgxTWgeJS0JASgCABFAAEMb2FAADQRWrvUL+SIwKgCZAG7twoA+ISncjZmbnZXajh5YQcRfsUXF5uDrnRgM\/W0etYbRlCvzAlkKKyMUQLv0ljsGjvVtZfe\/2tl\/VnemuvYfUBk\/FlJZG2T9aqA3YLF1UTRltK97uI2ksWKJgX3BniRDpntrFamW1JEmb\/3xLyET8LVaXWh0WE97YtyY5BJWfj3a3nIABAcBULeLr+9m6kab1t2+yUw8O2x9jiPjOG9E0ybqrKAE6AYHqZ5TwJfUOjYj\/lXF7jHkO1u0hdfTacv4XB0pSOO1yv7woMURQKedSBCZ47xfNaXXx66LiGW4zFY9AWDuJNy+t3jJfjPP44rub81jFTM"}
00573{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","packets-captured":3,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":752,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":6,"global_ts_msec":1625020200938}
01154{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1625020200938,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":1625020200938,"pkt":"eJS0JASgYDjgxTWgCABFcAIcvZMAAIwR8wjAqAJk1C\/kiLcKAbsCCH3e0xsCBCrEBvNJfmmTQksKFsBudVhmUbtKR7UA4dAhr2YeFsWFn50WD0vHrlH\/yRcXvmd7t8+K4M4sVr0Poj8Wk\/utpL\/xCX\/xF62azc12+nNI8QCtVvppS8TlqEq0v0z1ZL6VhUUGpPUFklJ6FIusCvwq2w1dSM6BMePG+Qo4lcOLbOLpFDdDpN7sGyBBByiu62SvizwpJiQ6P3\/ZSXKjnk+4TGpUh1Mb5c9mzEfAV3qGGdzKjeCok93Nwnvp36CiiO\/GOkE9r\/ZYsdRaCmC23bIy9acHKaDgHPfJpiFe0JUanQLCN9xYimCEsH8Zta9Ub1Y03R23fJnK8tpwkYIEBK7LZJ1F9iJoeKxBWFnz1ecGcBI1RX2es6McfzJoxkjQOuHEH6AiYPJoSwpKAve4ipq0HR\/HOtcm2eSvFhLdYG1E+T0mXDh9vYgTW5nrseVIT7nqhIq7lD3WYEFzszkgcd3k9UDRv+myTHfgeMeOMZENFmbm5E8g9X\/DmfsUhaGuiUNClJJMVj7goJjiEWrKvyoRVfrCC4PbNLMbvqDrlvRzXORnY\/CFgO7+WLg3KO2ey7CthW2BKxwYRE712SYEdOkDCt96TjkrXI1srSS+8m95DCo5Kt+A80OCrLXxvwtGpEmk4P+Hhi7NqGvVAPLHH8VQvEse4iqUK05\/zGpQspc="}
00666{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1625015363846,"flow_last_seen":1625020200970,"flow_idle_time":200000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":1376,"flow_avg_l4_payload_len":344,"midstream":0,"thread_ts_msec":1625020200970,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"212.47.228.136","src_port":46858,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00707{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":5,"source":"dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1625015363846,"flow_last_seen":1625020200970,"flow_idle_time":200000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":1376,"flow_avg_l4_payload_len":344,"midstream":0,"thread_ts_msec":1625020200970,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"212.47.228.136","src_port":46858,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00705{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1625015363846,"flow_last_seen":1625020500975,"flow_idle_time":200000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":2128,"flow_avg_l4_payload_len":354,"midstream":0,"thread_ts_msec":1625020500975,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"212.47.228.136","src_port":46858,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00671{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1625015363846,"flow_last_seen":1625020200970,"flow_idle_time":200000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":1376,"midstream":0,"thread_ts_msec":1625020200970,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"212.47.228.136","src_port":46858,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00712{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":5,"source":"dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1625015363846,"flow_last_seen":1625020200970,"flow_idle_time":200000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":1376,"midstream":0,"thread_ts_msec":1625020200970,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"212.47.228.136","src_port":46858,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00710{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1625015363846,"flow_last_seen":1625020500975,"flow_idle_time":200000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":2128,"midstream":0,"thread_ts_msec":1625020500975,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"212.47.228.136","src_port":46858,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00577{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":2128,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_msec":1625020500975}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 6/6
@@ -17,8 +17,8 @@
~~ total active/idle flows...: 1/1
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6003251 bytes
~~ total memory freed........: 6003251 bytes
~~ total memory allocated....: 6003259 bytes
~~ total memory freed........: 6003259 bytes
~~ total allocations/frees...: 120882/120882
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 487 chars

16
test/results/doq.pcapng.out
View File

@@ -1,17 +1,17 @@
00456{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"doq.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00545{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"doq.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1606056093199}
00565{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"doq.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1606056093199,"flow_last_seen":1606056093199,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1606056093199,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":47826,"dst_port":784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"doq.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1606056093199,"flow_last_seen":1606056093199,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1606056093199,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":47826,"dst_port":784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02135{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"doq.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1606056093199,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_msec":1606056093199,"pkt":"AAAAAAAAAAAAAAAAht1gJqqiBNgRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAButIDEATYBOvN\/wAAIAhwsYltsps+WghOL+O5iCYx+QBEtgiJINLAj38+CB9CqAWNGDJ\/Ht0GdZPYPfPv0gkn+G7KypaOwXpeaLqP2vrcKno6\/xJHt9kjbL2TY4b\/m9R6nztt0oBs85JJhS7Tj\/KxdnJUR5x1KoMSoiK8Up0wKQjS6CJwz+096+5cglByj68BpzrUHMPeI6GM8BR\/Wl2qjunMufbT3ODI125lDdGTaTqNLCMEIjagI12Vrkh1+4q55QnPNmDSc9uNkJ0l5bhH58Gr3GA8HfFg35RCENcGDFpWMYVXiM4ZLQRFPmW9PqqUvAkPFdK1\/e6zKceMIWl6qFwaRZM+da6dEGVcJjr7Z+tAEETRp6uqCb9nnpAvg2AYmEND50nvVEnJ0vebAvnDE4IogXJzua2gFwFm7VLYd1uL79o4iJgu\/rwI3t1+Scpc6iAB46mZWFz3fE1WDQxwSMiil9o8+U4JW1BkjaBlJjEwDLig1LbtT\/HP47m8JDRgq00wdO+B2e1saSoPUtzWH02fRpSsRwHLssxWK\/GeM8n4na9wb14wVoOdjdGJ+KEHpdBBYTSNse3PnwWrKaaP0mh7odZYLBlgeNvTBLAUy7TPWKcxmhtN6bsS\/Yjh2568CzWxz8tWmprG6YblEP1vhUU2WDKbQBSh9+e7EH2JaN6LGpgUM6\/yeDE+g\/QCDKFbnXJHaC3VNe2EpDTrUSTzTJX2ScnDPI4dI01EvvWXSfxAJzcCmkKAUz3B\/F3DS8bS2lYESb9nSox1FCQUX1S8MhWCL4jSZ4wobqLA6VEQ7puZt\/yd5mc0snO7+JferPZwSQV1jN5hdBcuNb6kj\/JG4pzUoB7QTPQcjcnBLCPQDWDzw3nQ+Ebywtgt9T0aEFqJVOTfT95bWTz6VinV\/brwfnTHpSbkUgeBvFyaDcSzRz5tFZ0q4\/gUbfajms9qKrPFsufIU5NQtKyl5gUxP+4xC0KsglyEqg4DVy8vzlOpHC9Zo8AzpD2Cd9yZUaVpS3jLxre91YlfpTBViFMhAAL1N+wl47YhA2pgyB2GGbWg1O6K4C74tiA9XM\/lrGlbtuiyqqRmlQ+OfACiiCT0\/fwnridhEP9NjW3A9LNkp5ph6u81Z1emHsIGmFkXyP7nojGy2XKkTHlNA+eKBGol\/TUgCzHu7qPwHu5vMLlk5NNq3Od8+eHViQU1LY+OXeYFHuY2S+VSf848yXn0P1WZ\/Hf4jpB8WMcPpj0cXHyY46IsajmZ4uRB40h68eDc26RMlrZAfwBIGjks8KSh5b2f1BdJ6LJ4taZkNl8x+qPVYwRdc+lJsRkcGfu+BxMBIzhOPr2wg8uauRqGpIMGiSEXt5eLhu3VHEqTuhLQrFWRwEWEm+WzY4itmVZYx3CM7zWu6j3KhN5W5HEWKe61AmbunEuzKrb9KKf1hG4Uz72IU4aUy8+qV8fLyqPe7E\/Hm\/QiosHbq0whMHw6xHc0E9dDFb7\/w2jqW\/bhRCLrrZSTu8KDShAe9bkemwaFOWgs8zleXJrozrnvcOKNBpToZAop8FcA1V6SZ+05avECZK7qQ04Uc8xlehoG+3W27ZNgeNIiTH8MtU0A5kV6veOOCPQW7GGwaBK9iuORoisN7YKGMwzzN0ZIQ\/IailJpjg=="}
00923{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"doq.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1606056093199,"flow_last_seen":1606056093199,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1606056093199,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":47826,"dst_port":784,"l4_proto":"udp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","breed":"Fun","category":"Network"},"quic": {"version":"TLSv1.3","alpn":"doq-i00","ja3":"c0ce40fbb78cbf86a14e6a38b26d6ede","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft),TLSv1.3 (draft),TLSv1.3 (draft)"}}
00927{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"doq.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1606056093199,"flow_last_seen":1606056093199,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1606056093199,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":47826,"dst_port":784,"l4_proto":"udp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","breed":"Fun","category":"Network"},"quic": {"version":"TLSv1.3","alpn":"doq-i00","ja3":"c0ce40fbb78cbf86a14e6a38b26d6ede","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft),TLSv1.3 (draft),TLSv1.3 (draft)"}}
02139{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"doq.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1606056093201,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_msec":1606056093201,"pkt":"AAAAAAAAAAAAAAAAht1gJPSDBNgRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABAxC60gTYBOvN\/wAAIAhOL+O5iCYx+Qi72eOch5MP7QBAnCxpB\/ZzHhatBCMXwxT8fSrL9Wdt\/ZFOXhnvUbk6DdAuuzdAXxro6AjNqIcuTb2Re8BepV9SRKgSpP5M7LrQffcZ9shmrS20KZKb\/ztrJeGi\/T\/Srzlr49oBUZ5XMUOjcM7DeI6CgL+ZkO5L8gOV4+8ueGIUub0wiW6+Jof5086V6cR2hj9bBsTK6z5+hag0bw2HYNhsBUUI567S6uj\/AAAgCE4v47mIJjH5CLvZ45yHkw\/tRAEwp7WGjD8jV9zAfZPHhqQ1G3rU1wu59XApa\/uBCBj\/P3rsDGNWqlRQj5q2CQMAtwoaVW5R4D\/leJG\/QScVoSAiDmPCSxR8YrHk5Y7hGxh+CuYKI4vAFyF29Gcm7XH58xSv+Y0je37cyhm71z7xP4G24oT+neWXAiCImQb8UPinjOVju\/1ZXWChdKepJDE+EqJTk8BoOpF9LvyXj5n733Xph2u5IJ\/p\/3foWmTC0fAjiMQ12dhZ6KIFgHDWW0UYsYoYGxC75AmqEL4W0ZygLN4Jp+zSt6jJsE6uSWjtu9Mwx8zRmpzIUbk2rS\/lIYNH+L8sZitAI\/mAouO1FzaXzIPuVV15eTfM\/D4HfHtnBqU5JIgEq30fGDU8vQEvr9VcBwpWT5O0sL5kG6g3W7z970vBsvCXzENm+QLPGXr10ns2jeQncf3V0s9pvLk2K4TGX8jm5gNEpFEQC6sid28q4Y5Bk2mCdnHt7MFfqeIQtVf6U3jEBxXtqNwnbDuTXuCGC9PAu0Ie4j3YiB88cN+EoNanC8QpOjA3mDQP6RbMKMlxgNT1GCSYoSSr70l\/p2Vp0WohDZeycXBsQ9txnWshMbiCp8imTkzhOWSmVNhhzqZOyuIxBEnqW6hAlYSRGGlQym+AFEpgzsjqJLjzqOLeESR5tBel8x5HwEzLLqVaja5Udf5uBnGJUVNub2RGOPiMMnZCl+iL2LRMiCHUoBDmvimDtRLtAOt2SNvH93OMwXA\/IyIrY+XO56T3mS1YSU9Ydwn6d5ywddheaImd1U\/vJ57ZtUSbUvf+DXuTp09bwzrY9tw5NZDPH\/iljKwqemZHmirnsyyz4OUNANR+9\/kuYPx2d\/ZS7953Z8P\/sqzOE3LjEyoUSRCXVL4XoEkGM23PQQcDudByAaZ+9LTgkgxPTKnHgpxcDQowxdEx+BnESQ9DwSJQM7+xTAOPC9sMDrzuSInM7z5AK+Pqrk4B2Vwy+rXo798A5XjeZBrTkCt8XwQLpXhtqaRjTnFTN9kHqTE4fN2bwWBueF8sdBSZ3aK2MK9uuf3XfveW2fg\/1tyeU\/EXgKHtRL55w3iVM91ZMotsrGhoYdGkE7MCdncoh54jfxD5eJPuIFA4F254QXkd2ttFid3O1xFmVbRo9jbjk7d2+6yRzPkKLtyJyptApw6QxkBCFBxcnQA+oUEGOkjoCUtqGfeqRlTptqqqHIGzgHL7YafvSlJW897JYtCkXn4zJMDfapn6QTBVXFY5QqgjOXt2wlG+PDpn\/mQw9NRGoj69MbbDe3NA2MYvJlkgzXKIONO\/pMfrd3koD58ywf54r7NUNGTOOHuRxW0PSRKrZNlpqXdbaK\/wnr76JF4R3R\/+EOYL7g=="}
01111{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"doq.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1606056093201,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":541,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":541,"pkt_l4_len":487,"thread_ts_msec":1606056093201,"pkt":"AAAAAAAAAAAAAAAAht1gJPSDAecRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABAxC60gHnAfrr\/wAAIAhOL+O5iCYx+Qi72eOch5MP7UD5fEmqw9QcMOSnUe6MDD2OecgnWjkNXdwC4dZSYxJC82j7Fa0gkq+nfYTDU9ChVEdtH45\/vQtNEQLo8\/fwDbneJcHDHavc8EGoV3PxsxkBJhE9Q9u9yCLvfi5OphDBHPeBIHPaxUcLs3S\/L\/IXKVQgfNTTVjkzoLHy1OXpC+\/dTEnbC6NPh6W28rc+x7GLNNHF1FfqMGoKlGMxFCg2HP4dP34NipPXt9vl2rd70ScFdoNK8lXc8OrIbXPCPHixiwns3JeTqs80ZysmuTQ2x3K2Z0oX8Qiv0kbMUxxeHDtUjo8dxO3WaXzqWjfDA1saoqoMHVxUCwkVWx\/nTk4v47mIJjH5cyeRXhMbCk5EqVB08GBVQ7VrDqROkZ4dznjO7Fxcyd8w3IE3VD3OcSvdJI5P\/k+2JVbsoJApIjU\/SqrAeDrs9BCVoOX+elSyfnlFmV+9qRiAxndyJco\/u++psEVtXikdkQ7Ddxgmc8mefhAnBHbf+ng4whbMJA82KtXAE9ITJwKPkOdTXiPwFa2uYw57B9+WqNDFf9ReX9HTME9BVtddLPrQ8G9aG6w3Krk5ZmHecrC9Btpgbpsrq+OkBS2cbpJHIvCTkg=="}
00532{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"doq.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1606056093260,"flow_last_seen":1606056093260,"flow_idle_time":140000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":0,"thread_ts_msec":1606056093260,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3}
00537{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"doq.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1606056093260,"flow_last_seen":1606056093260,"flow_idle_time":140000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":0,"thread_ts_msec":1606056093260,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3}
00641{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"doq.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1606056093260,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":195,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":195,"pkt_l4_len":141,"thread_ts_msec":1606056093260,"pkt":"AAAAAAAAAAAAAAAAht1gAryMAI06QAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABAQRnKgAAAABgJPSDAF0RQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABAxC60gBdAHBSTi\/juYgmMflcDuw8PGqwk7AnmnlBLKl9VVw5FwNIUr\/uwhxQriWlV5lsPREfqCWcyBCgL5DIrZMPOHK4EaoyceBY8ce9ZV4nlYvSeOP\/TgYtdDng"}
00593{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"doq.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1606056093260,"flow_last_seen":1606056093260,"flow_idle_time":140000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":0,"thread_ts_msec":1606056093260,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","l4_proto":"icmp6","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
00598{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"doq.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1606056093260,"flow_last_seen":1606056093260,"flow_idle_time":140000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"midstream":0,"thread_ts_msec":1606056093260,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","l4_proto":"icmp6","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
00640{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"doq.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1606056093360,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":195,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":195,"pkt_l4_len":141,"thread_ts_msec":1606056093360,"pkt":"AAAAAAAAAAAAAAAAht1gAryMAI06QAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABAQTEgwAAAABgJPSDAF0RQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABAxC60gBdAHBBTi\/juYgmMfl+TZ3+Hmg+6BC4SDTuwiFJDfNooVH1WKEmkSpLklzCTh\/kA9o9N4HNfPmXD7MqNM0jiO2jHXBOtk8kidE7CVxn0BTfngjMfjmwfG7Q"}
00641{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"doq.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1606056093560,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":195,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":195,"pkt_l4_len":141,"thread_ts_msec":1606056093560,"pkt":"AAAAAAAAAAAAAAAAht1gAryMAI06QAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABAQQoBAAAAABgJPSDAF0RQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABAxC60gBdAHBcTi\/juYgmMfl+eB8WJkIN5W\/s2kV3mgzDwRAUXXe+90zefQTxG5fKyAbzm2S0iX0HuS+7+NHu2bYpwdweEdBhQ2oYMUDLzzaxqsrt98mI\/P6gjJFj"}
00632{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"doq.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1606056093260,"flow_last_seen":1606056096363,"flow_idle_time":140000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":846,"flow_avg_l4_payload_len":141,"midstream":0,"thread_ts_msec":1606056096363,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
00790{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"doq.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1606056093199,"flow_last_seen":1606056096363,"flow_idle_time":200000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":3920,"flow_avg_l4_payload_len":280,"midstream":0,"thread_ts_msec":1606056096363,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":47826,"dst_port":784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","breed":"Fun","category":"Network"}}
00637{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"doq.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1606056093260,"flow_last_seen":1606056096363,"flow_idle_time":140000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":846,"midstream":0,"thread_ts_msec":1606056096363,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"doq.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":11,"flow_first_seen":1606056093199,"flow_last_seen":1606056096363,"flow_idle_time":200000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":3920,"midstream":0,"thread_ts_msec":1606056096363,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":47826,"dst_port":784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","breed":"Fun","category":"Network"}}
00554{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"doq.pcapng","alias":"nDPId-test","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":4766,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_msec":1606056096363}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 20/20
@@ -21,8 +21,8 @@
~~ total active/idle flows...: 2/2
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6014851 bytes
~~ total memory freed........: 6014851 bytes
~~ total memory allocated....: 6014867 bytes
~~ total memory freed........: 6014867 bytes
~~ total allocations/frees...: 120921/120921
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 461 chars

10
test/results/doq_adguard.pcapng.out
View File

@@ -1,11 +1,11 @@
00464{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"doq_adguard.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00553{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"doq_adguard.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1608278425043}
00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1608278425043,"flow_last_seen":1608278425043,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1608278425043,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"94.140.14.14","src_port":41070,"dst_port":784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00597{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1608278425043,"flow_last_seen":1608278425043,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1608278425043,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"94.140.14.14","src_port":41070,"dst_port":784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02115{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1608278425043,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1274,"pkt_l4_len":1240,"thread_ts_msec":1608278425043,"pkt":"CL6sCxdumt9Y+uvcCABFAATsXYdAAEARno7AqAypXowODqBuAxAE2E0Zwf8AAB0S1uV91ARNGaKcpPbuz4JRKRijEV3+fOp1xbl+o2VPCxw5C7F1AESjjIExuU1VGYMi3qR5FgZXmV5jW\/GS3bvPGESTCXlAOuaNPS4Z9rqb5GmZjOPu5h+dEeHCBQsH0bRQhppRcffIYyvfvxi5LNyq540e1YcNLgxwEYv9mwEEutsUSgLF8qQi1vATlbVLiQwhaXITCRD653klYnm9BoO04fUR8kaaf1qYfex026282Q5EvztDSyWuA6xW\/3D3I27VAQo2GbCoqYf0QIrZOfacQartZRA3xvw5C0Iz0S7jBboiOrSPOxbet7b4p4CBzdW+POAUSVXQZZS3xQkY5PXEeYGco5aUsp3O0lAaLfFFVll\/srPVtdJxYLG5mlTKam3NxBl9gHT9gkoJzUoEmtdaRDaxhP5yiedQs+JgoW4F1fDqHPMPnBtk1UezjBjE\/COENcHIEQq2HIfbQ9Lv+kS5CfcaSKs2mUQTuvs7\/voDRF2y7TFb+uqyMeAqq3doSDMB2jHa\/EojP\/f+RrMNy\/X7kDEEcbw43eMXD1tzHjBj\/ncaLMsfP3IPyZyF35MF8e+053ploy3mGcl5fW5eZxUFM6FDjn\/9\/9yB7HR5pdMyplGzzI1OpdByhfvbVWjVUlFgtm4LcbCFS9YXIuJWVQaT92LVmTrycmBpec\/NHPi6MerrZrFPH1cWAKJm6C\/35hd09a7vURbcj2Nwu+wvQEGek3M9LNpTgKAxfeLa6jR7yY8FRi9Fslx+40aTEwGgLY10PqSAVV873bY1HrjXgee+hInU5OzwDGisUkG1vjenUqCdXtWODZ9xJFrjxkNSBVsfWyX84bL4AH0cHSMH3bXpv8DZGk6dvuB1thnl5dRd79ArhxOkLRjIKU\/spE2xAqe+laOg7FDuovO8+vb44+p0a1tCIq75DbW5Z\/3eQHDpNFbf\/ZruNBwv0I6n5NxcgHEUQaffXIlX36W8Z8AD3YDD85hA4jZxmySge94o03q\/ZMGs+bJTnaK8KlLmSNMXuFjJ7F4SdWbAr+gE3KQqFqqYY9ZfiG2QbB9\/YTG+8SQBafYwX6k2J2OEpMyUilzmDTz3a5eH47iPLgq2nb2F+k0c4RMx6bB8xhJbOXMxEbB5OktMbojYZ5\/D7JZ6FArciEMMkyFIwplniDv\/bjNCRjIZzGWltVCRAQBZZf0ds2kXzLEOIGMUpx2oFRtwDgwesKJgy9be1woTT3HVmrfv8vUkkFOD253UN9bBIfIU4elVEm8DEZ93RQ8PGCnqpWPqKVclryY+VrRX6bBv\/eydiZowniNJyXmSTkGKfOGX30rdpMaFIjV9VAFWlq4kC1zIbyb3K46JC+I+XxrKEmMLqMbO6CesmtgLUC8vVTv7LWODOF1NIRzdEgb8Qn\/9qSY3t6c\/zKgfF8YyVeS6jf5EL3te6RDnB0wZsaBklSDaR66VSY+qB2O5PnaefdIKM\/htIG2nKmWB0tq+\/dxdUHWEvheHhEbmX4TUB3cfXIIesE+zpUW6KXqwY94WHHPEMe6voxs49AJ\/2IZiFohwbn6CjrWd2PilA\/\/N7kVyw58ilFGWokoGNIRgJ61vUDU8rgEdxFK12mR1bebXKhOpf+Sf7ekcBE2R4BLb6ThrQxQ="}
00825{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1608278425043,"flow_last_seen":1608278425043,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1608278425043,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"94.140.14.14","src_port":41070,"dst_port":784,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","breed":"Fun","category":"Network"},"quic": {"client_requested_server_name":"dns.adguard.com","version":"TLSv1.3","alpn":"doq-i00","ja3":"1e022f87823477abd6a79c31d70062d7","tls_supported_versions":"TLSv1.3"}}
00829{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1608278425043,"flow_last_seen":1608278425043,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1608278425043,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"94.140.14.14","src_port":41070,"dst_port":784,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","breed":"Fun","category":"Network"},"quic": {"client_requested_server_name":"dns.adguard.com","version":"TLSv1.3","alpn":"doq-i00","ja3":"1e022f87823477abd6a79c31d70062d7","tls_supported_versions":"TLSv1.3"}}
00630{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1608278425079,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":182,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":182,"pkt_l4_len":148,"thread_ts_msec":1608278425079,"pkt":"mt9Y+uvcCL6sCxduCABFAACoAbMAAD8RP6dejA4OwKgMqQMQoG4AlJ+l8P8AAB0RXf586nXFuX6jZU8LHDkLsXUEXOoexyg1M1\/+GZvbsGeGqJJILJUnaeRPlfaewSkJ0QM1kILJB9RkVGFQIKTOYfD\/amFvF5G2sUWGCAnPMQAxGtra+t44CL4uNVFuP1UAIYDjP5flgPs8Cfp53+s66ugMjRy2XoqR7aApyqmdoc3EHdt+2Cg="}
02114{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1608278425084,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1274,"pkt_l4_len":1240,"thread_ts_msec":1608278425084,"pkt":"CL6sCxdumt9Y+uvcCABFAATsXYtAAEARnorAqAypXowODqBuAxAE2FXxz\/8AAB0EXOoexxFd\/nzqdcW5fqNlTwscOQuxdUBgKDUzX\/4Zm9uwZ4aokkgslSdp5E+V9p7BKQnRAzWQgskH1GRUYVAgpM5h8P9qYW8XkbaxRYYICc8xADEa2tr63jgIvi41UW4\/VQAhgOM\/l+WA+zwJ+nnf6zrq6AyNHLZeRFASnCr8obwp9Ty5sR7kprQnC0Sv2ZcsxYzIMAthEKqYU0zMuGSEznU2JvTrq\/bykaeb5dqdGxdiszDYKDU6Jn7sPAcjUZ2gh8+BYZGe9phFiloXFkZRqkF4syIAEkOpcy2MK\/fkeUIOyP6wlwkzaY3fbmuxHrqRyLu45SBR1VMQFyHi28JYz7QmMQfDMqnuI0IWIuFKHwG0T\/v0jhF19jPBzG3JSCrPoiaSUV9rQI1kZsCKoMrGjumM68QAfolXONsAd2IYudReWz3mQrB3zOSDXc7+iPJJwc0+KS52obxIkJ0I8SZ7CLjp+FpGH++2YepZGSZYPB5rc\/4HU1bQ4ocmPERQ5l+FpQxpj4cq2AJTX05VWg9LfjDFrHE6D6oMOTTfheRhy7X3SqhzfVhy\/w3RXnv00qwNGkVr8QIR+wCM95sfw88fV3+NqmU3vnLU2z+qvvT2HlvRQm9ykjYa60lgB9sFJ5Ng9ge\/cpn16AR4r\/NoOup4fo8EeFB8cFrAVg+3WG3mgWxUdvK6oND07fFN48QrriL1y7XuIB3Fa65jgY5B4zE7vkkBXKUfGormP9hug8dHVr44WkbHCTqfFJuTHKIf9gtfJ9VQps1jhQjM952WGdM\/mFbut40pSDwrgQgdt0stO2C4PvDiwgzZaEybJzcZBHCUgM8reKIoRyLrSsWciN2b3tsFQXXaEeEGdt8Bc\/5zyh11uwNSzGQ\/Fl2k7QrJleMEWlDCFHuNFZdb7JDVOvqjlXAHTTHX0xSx0KU4aqrg\/kZVORXUFVlv\/xu8mW\/pGVbnSUQNAvLvkvHNdnu1ZPxtBzMoqU+96Xp\/DxrznNbYv32YFRLbK8kA8U4FaZhJ3oS+5KFBikdLEV9Hai2hbk8GZjN2iqviHrHccJqNkg3SIuZD5qamhaUaMG9NOa5pQ9jLJU\/ymgo7DdgKxRH8uuDjWk10CemOYV7pIj9XJEg0HHMmlI1Un6aDxtAu5UK1qm1HNb38yVa+sYeN5Ew6KHyqBUxxS4IflHX5qeqIZPOKrYg5MCubhSudLKbjcH5sXIzejKF8iZ0FlTKPdHSExxjW0QFN6bAWoLJuZE\/4kDcgHKTjdquB1S9wjg6Pah9A0AO1p8+A56ZYLVjRHdUF0Eo6bHTdn4hIgHvxPjCmO5BtWUKEeQnKGkkR8kgREjXo6GfEeHC4Vb4SCK88RJFW07bR+3U68E0sOKimZElroA+KMcE32OqnpsNULoyV7BunASAegp78gVNI0Bil4Klffm6tM6xnJr7Wx08jSGi+pGYWmiGnj3zfHIxpQuw4bIpm3S\/lud8tMnqwiD6\/bIUKO1SxVSWZBp6s2PlGyGHrgwwdIy5nXoip9OukmbhVHpu5a+3BERo9ToRhkKbGsS5gAuyL08\/F6VvMQD\/JdB+\/2rkXCT7ca7Lr49P5aV+w66D8Iwyn8BcCGyOLiGucN4S\/JjMhOeFgH9mu48hQ78o="}
00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":296,"source":"doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":296,"flow_first_seen":1608278425043,"flow_last_seen":1608278463119,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":32013,"flow_avg_l4_payload_len":108,"midstream":0,"thread_ts_msec":1608278463119,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"94.140.14.14","src_port":41070,"dst_port":784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","breed":"Fun","category":"Network"}}
00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":296,"source":"doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":164,"flow_dst_packets_processed":132,"flow_first_seen":1608278425043,"flow_last_seen":1608278463119,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":32013,"midstream":0,"thread_ts_msec":1608278463119,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"94.140.14.14","src_port":41070,"dst_port":784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","breed":"Fun","category":"Network"}}
00565{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":296,"source":"doq_adguard.pcapng","alias":"nDPId-test","packets-captured":296,"packets-processed":296,"total-skipped-flows":0,"total-l4-payload-len":32013,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1608278463119}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 296/296
@@ -15,8 +15,8 @@
~~ total active/idle flows...: 1/1
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6021731 bytes
~~ total memory freed........: 6021731 bytes
~~ total memory allocated....: 6021739 bytes
~~ total memory freed........: 6021739 bytes
~~ total allocations/frees...: 121193/121193
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 469 chars

28
test/results/dos_win98_smb_netbeui.pcap.out
View File

@@ -16,30 +16,30 @@
00354{"packet_event_id":1,"packet_event_name":"packet","packet_id":7,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAABwAAAAAAAAAAAAAAAAAAAAAATURKUjk4ICAgICAgICAgAA=="}
00195{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":8,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409797101}
00354{"packet_event_id":1,"packet_event_name":"packet","packet_id":8,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAACgAAAAAAAAAAAAAAAAAAAAAATURKUjk4ICAgICAgICAgIA=="}
00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576409797553,"flow_last_seen":1576409797553,"flow_idle_time":200000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1576409797553,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.2","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576409797553,"flow_last_seen":1576409797553,"flow_idle_time":200000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"midstream":0,"thread_ts_msec":1576409797553,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.2","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1576409797553,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_msec":1576409797553,"pkt":"AFBW6YlWAFBWM3ieCABFAABgBwAAAIAR07fAqO+BwKjvAgCJAIkATAvHAAQpAAABAAAAAAABIEVORUVFS0ZDREpESUNBQ0FDQUNBQ0FDQUNBQ0FDQUFEAAAgAAHADAAgAAEABJPgAAYAAMCo74E="}
00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576409797553,"flow_last_seen":1576409797553,"flow_idle_time":200000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1576409797553,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.2","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576409797553,"flow_last_seen":1576409797553,"flow_idle_time":200000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"midstream":0,"thread_ts_msec":1576409797553,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.2","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1576409797553,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_msec":1576409797553,"pkt":"AFBW6YlWAFBWM3ieCABFAABgCAAAAIAR0rfAqO+BwKjvAgCJAIkATHy8AAIpAAABAAAAAAABIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUFBAAAgAAHADAAgAAEABJPgAAaAAMCo74E="}
00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1576409797554,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_msec":1576409797554,"pkt":"AFBW6YlWAFBWM3ieCABFAABgCQAAAIAR0bfAqO+BwKjvAgCJAIkATA7DAAgpAAABAAAAAAABIEVORUVFS0ZDREpESUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAHADAAgAAEABJPgAAYAAMCo74E="}
00557{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576409798047,"flow_last_seen":1576409798047,"flow_idle_time":140000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1576409798047,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"224.0.0.2","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3}
00564{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576409798047,"flow_last_seen":1576409798047,"flow_idle_time":140000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"midstream":0,"thread_ts_msec":1576409798047,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"224.0.0.2","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1576409798047,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":8,"thread_ts_msec":1576409798047,"pkt":"AQBeAAACAFBWM3ieCABFAAAcCwAAAIABn7TAqO+B4AAAAgoA9f8AAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00616{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576409798047,"flow_last_seen":1576409798047,"flow_idle_time":140000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1576409798047,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"224.0.0.2","l4_proto":"icmp","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}}
00623{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576409798047,"flow_last_seen":1576409798047,"flow_idle_time":140000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"midstream":0,"thread_ts_msec":1576409798047,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"224.0.0.2","l4_proto":"icmp","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}}
00196{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":14,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409798642}
00367{"packet_event_id":1,"packet_event_name":"packet","packet_id":14,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":1576409798047,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAAAAAAAAFAAAAAAAAAAAAAAAAAAAAAAAV09SS0dST1VQICAgICAgHg=="}
00196{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":19,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409799428}
00367{"packet_event_id":1,"packet_event_name":"packet","packet_id":19,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":1576409799059,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAAAAAAAAFAAAAAAAAAAAAAAAAAAAAAAAV09SS0dST1VQICAgICAgHg=="}
00196{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":20,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409800348}
00367{"packet_event_id":1,"packet_event_name":"packet","packet_id":20,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":1576409799059,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAAAAAAAAFAAAAAAAAAAAAAAAAAAAAAAAV09SS0dST1VQICAgICAgHg=="}
00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576409800543,"flow_last_seen":1576409800543,"flow_idle_time":200000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1576409800543,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576409800543,"flow_last_seen":1576409800543,"flow_idle_time":200000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"midstream":0,"thread_ts_msec":1576409800543,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1576409800543,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_msec":1576409800543,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAABgEAAAAIARybrAqO+BwKjv\/wCJAIkATAq6AAQpEAABAAAAAAABIEVORUVFS0ZDREpESUNBQ0FDQUNBQ0FDQUNBQ0FDQUFEAAAgAAHADAAgAAEABJPgAAYAAMCo74E="}
00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576409800543,"flow_last_seen":1576409800543,"flow_idle_time":200000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1576409800543,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576409800543,"flow_last_seen":1576409800543,"flow_idle_time":200000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"midstream":0,"thread_ts_msec":1576409800543,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1576409800544,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_msec":1576409800544,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAABgEQAAAIARyLrAqO+BwKjv\/wCJAIkATHuvAAIpEAABAAAAAAABIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUFBAAAgAAHADAAgAAEABJPgAAaAAMCo74E="}
00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1576409800544,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_msec":1576409800544,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAABgEgAAAIARx7rAqO+BwKjv\/wCJAIkATA22AAgpEAABAAAAAAABIEVORUVFS0ZDREpESUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAHADAAgAAEABJPgAAYAAMCo74E="}
00197{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":33,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":166,"global_ts_msec":1576409802223}
00525{"packet_event_id":1,"packet_event_name":"packet","packet_id":33,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":180,"pkt_type":166,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":180,"pkt_l4_len":0,"thread_ts_msec":1576409802083,"pkt":"AwAAAAABAFBWM3ieAKbw8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAdTURKUjk4ICAgICAgICAgAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAIQAAAAAAAAAAAAAAAAAAAAAAAAAhAFYAAwABAAEAAgAyAFxNQUlMU0xPVFxCUk9XU0UAAQNg6gAATURKUjk4AAAAAAAAAAAAAAQAAyBAABUEVaoA"}
00600{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576409807597,"flow_last_seen":1576409807597,"flow_idle_time":200000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":1576409807597,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00605{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576409807597,"flow_last_seen":1576409807597,"flow_idle_time":200000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"midstream":0,"thread_ts_msec":1576409807597,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00726{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1576409807597,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"thread_ts_msec":1576409807597,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAADlJAAAAIARtTXAqO+BwKjv\/wCKAIoA0Qn+EQIADMCo74EAigC7AAAgRU5FRUVLRkNESkRJQ0FDQUNBQ0FDQUNBQ0FDQUNBQUEAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAIQAAAAAAAAAAAAAAAAAAAAAAAAAhAFYAAwABAAEAAgAyAFxNQUlMU0xPVFxCUk9XU0UAAQNg6gAATURKUjk4AAAAAAAAAAAAAAQAAyBAABUEVaoA"}
00785{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576409807597,"flow_last_seen":1576409807597,"flow_idle_time":200000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":1576409807597,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576409807597,"flow_last_seen":1576409807597,"flow_idle_time":200000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"midstream":0,"thread_ts_msec":1576409807597,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
00196{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":43,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_msec":1576409811132}
00408{"packet_event_id":1,"packet_event_name":"packet","packet_id":43,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_msec":1576409807597,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="}
00196{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":44,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_msec":1576409811517}
@@ -334,10 +334,10 @@
00368{"packet_event_id":1,"packet_event_name":"packet","packet_id":213,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":1576409925057,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAAGQBXT1JLR1JPVVAgICAgICAeTUFSVElOIFJPU0VOQVUgAw=="}
00197{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":214,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409926307}
00368{"packet_event_id":1,"packet_event_name":"packet","packet_id":214,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":1576409925057,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAAGQAAAAAAAAAAAAAAAAAAAAAATUFSVElOIFJPU0VOQVUgAw=="}
00656{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":220,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1576409798047,"flow_last_seen":1576409798047,"flow_idle_time":140000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1576409931837,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"224.0.0.2","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}}
00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":220,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1576409800543,"flow_last_seen":1576409931837,"flow_idle_time":200000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":2176,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1576409931837,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":220,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1576409797553,"flow_last_seen":1576409928060,"flow_idle_time":200000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":952,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1576409931837,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.2","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
00827{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":220,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1576409807597,"flow_last_seen":1576409923353,"flow_idle_time":200000,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":207,"flow_tot_l4_payload_len":2817,"flow_avg_l4_payload_len":187,"midstream":0,"thread_ts_msec":1576409931837,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
00663{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":220,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576409798047,"flow_last_seen":1576409798047,"flow_idle_time":140000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"midstream":0,"thread_ts_msec":1576409931837,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"224.0.0.2","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}}
00706{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":220,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":0,"flow_first_seen":1576409800543,"flow_last_seen":1576409931837,"flow_idle_time":200000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":2176,"midstream":0,"thread_ts_msec":1576409931837,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
00703{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":220,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":0,"flow_first_seen":1576409797553,"flow_last_seen":1576409928060,"flow_idle_time":200000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":952,"midstream":0,"thread_ts_msec":1576409931837,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.2","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
00832{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":220,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":0,"flow_first_seen":1576409807597,"flow_last_seen":1576409923353,"flow_idle_time":200000,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":207,"flow_tot_l4_payload_len":2817,"midstream":0,"thread_ts_msec":1576409931837,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
00573{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":220,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","packets-captured":220,"packets-processed":62,"total-skipped-flows":0,"total-l4-payload-len":5953,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":341,"global_ts_msec":1576409931837}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 220/62
@@ -347,8 +347,8 @@
~~ total active/idle flows...: 4/4
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6007971 bytes
~~ total memory freed........: 6007971 bytes
~~ total memory allocated....: 6008003 bytes
~~ total memory freed........: 6008003 bytes
~~ total allocations/frees...: 120947/120947
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 200 chars

14
test/results/drda_db2.pcap.out
View File

@@ -1,11 +1,11 @@
00459{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"drda_db2.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00548{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"drda_db2.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1175543772220}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1175543772220,"flow_last_seen":1175543772220,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1175543772220,"l3_proto":"ip4","src_ip":"192.168.106.1","dst_ip":"192.168.106.128","src_port":4847,"dst_port":50000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1175543772220,"flow_last_seen":1175543772220,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1175543772220,"l3_proto":"ip4","src_ip":"192.168.106.1","dst_ip":"192.168.106.128","src_port":4847,"dst_port":50000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1175543772220,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1175543772220,"pkt":"AAwpfMZqAFBWwAABCABFAAAwIqBAAIAGglXAqGoBwKhqgBLvw1AKtGewAAAAAHAC\/\/\/kqAAAAgQFtAEBBAI="}
00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1175543772221,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1175543772221,"pkt":"AFBWwAABAAwpfMZqCABFAAAwAABAAEAG5PXAqGqAwKhqAcNQEu\/9XlZHCrRnsXASFtB6IQAAAgQFtAEBBAI="}
00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1175543772221,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1175543772221,"pkt":"AAwpfMZqAFBWwAABCABFAAAoIqFAAIAGglzAqGoBwKhqgBLvw1AKtGex\/V5WSFAQ\/\/+9tQAA"}
00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1175543772220,"flow_last_seen":1175543772338,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1175543772338,"l3_proto":"ip4","src_ip":"192.168.106.1","dst_ip":"192.168.106.128","src_port":4847,"dst_port":50000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DRDA","breed":"Acceptable","category":"Database"}}
00687{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":38,"source":"drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":38,"flow_first_seen":1175543772220,"flow_last_seen":1175543810683,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":663,"flow_tot_l4_payload_len":4623,"flow_avg_l4_payload_len":121,"midstream":0,"thread_ts_msec":1175543810683,"l3_proto":"ip4","src_ip":"192.168.106.1","dst_ip":"192.168.106.128","src_port":4847,"dst_port":50000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DRDA","breed":"Acceptable","category":"Database"}}
00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1175543772220,"flow_last_seen":1175543772338,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"midstream":0,"thread_ts_msec":1175543772338,"l3_proto":"ip4","src_ip":"192.168.106.1","dst_ip":"192.168.106.128","src_port":4847,"dst_port":50000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DRDA","breed":"Acceptable","category":"Database"}}
00693{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":38,"source":"drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":18,"flow_first_seen":1175543772220,"flow_last_seen":1175543810683,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":663,"flow_tot_l4_payload_len":4623,"midstream":0,"thread_ts_msec":1175543810683,"l3_proto":"ip4","src_ip":"192.168.106.1","dst_ip":"192.168.106.128","src_port":4847,"dst_port":50000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DRDA","breed":"Acceptable","category":"Database"}}
00556{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":38,"source":"drda_db2.pcap","alias":"nDPId-test","packets-captured":38,"packets-processed":38,"total-skipped-flows":0,"total-l4-payload-len":4623,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1175543810683}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 38/38
@@ -15,10 +15,10 @@
~~ total active/idle flows...: 1/1
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6006227 bytes
~~ total memory freed........: 6006227 bytes
~~ total memory allocated....: 6006235 bytes
~~ total memory freed........: 6006235 bytes
~~ total allocations/frees...: 120915/120915
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 457 chars
~~ json string max len.......: 692 chars
~~ json string avg len.......: 563 chars
~~ json string max len.......: 698 chars
~~ json string avg len.......: 566 chars

110
test/results/dropbox.pcap.out
View File

@@ -1,105 +1,105 @@
00458{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dropbox.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00547{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dropbox.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1455907271481}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907271481,"flow_last_seen":1455907271481,"flow_idle_time":200000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1455907271481,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50311,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455907271481,"flow_last_seen":1455907271481,"flow_idle_time":200000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"midstream":0,"thread_ts_msec":1455907271481,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50311,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1455907271481,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_msec":1455907271481,"pkt":"CAAnmO\/hCAAnAERyCABFAAB8EMQAAIARN\/bAqDgBwKg4ZcSHRFwAaLRJQwM1AW9STXJEXEFyCEJ1czE3Q21kETL\/eyJtZXNzYWdlVHlwZSI6IlVQREFURSIsIm1lc3NhZ2VDb250ZW50IjoiRnJpIEZlYiAxOSAyMDo0MToxMSBFRVQgMjAxNiJ9"}
00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907271481,"flow_last_seen":1455907271481,"flow_idle_time":200000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1455907271481,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50311,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455907271481,"flow_last_seen":1455907271481,"flow_idle_time":200000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"midstream":0,"thread_ts_msec":1455907271481,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50311,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1455907271483,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":61,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":61,"pkt_l4_len":27,"thread_ts_msec":1455907271483,"pkt":"CAAnAERyCAAnmO\/hCABFAAAvXYVAAEAR64HAqDhlwKg4AURcxIcAG\/HjY0Q1AW9STYsvci9CdXMxN0NtZA=="}
00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1455907271585,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":137,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":137,"pkt_l4_len":103,"thread_ts_msec":1455907271585,"pkt":"CAAnmO\/hCAAnAERyCABFAAB7EM0AAIARN+7AqDgBwKg4ZcSHRFwAZzJrQgM1Anj4ckRcQXIIQnVzMTdDbWQRMv97Im1lc3NhZ2VUeXBlIjoiVVBEQVRFIiwibWVzc2FnZUNvbnRlbnQiOiJGcmkgRmViIDE5IDIwOjQxOjExIEVFVCAyMDE2In0="}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907272856,"flow_last_seen":1455907272856,"flow_idle_time":200000,"flow_min_l4_payload_len":95,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":95,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1455907272856,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50318,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455907272856,"flow_last_seen":1455907272856,"flow_idle_time":200000,"flow_min_l4_payload_len":95,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":95,"midstream":0,"thread_ts_msec":1455907272856,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50318,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1455907272856,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":137,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":137,"pkt_l4_len":103,"thread_ts_msec":1455907272856,"pkt":"CAAnmO\/hCAAnAERyCABFAAB7EWkAAIARN1LAqDgBwKg4ZcSORFwAZ7scQgMdqQeYckRcQXIIQnVzMTdDbWQRMv97Im1lc3NhZ2VUeXBlIjoiVVBEQVRFIiwibWVzc2FnZUNvbnRlbnQiOiJGcmkgRmViIDE5IDIwOjQxOjEyIEVFVCAyMDE2In0="}
00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907272856,"flow_last_seen":1455907272856,"flow_idle_time":200000,"flow_min_l4_payload_len":95,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":95,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1455907272856,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50318,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455907272856,"flow_last_seen":1455907272856,"flow_idle_time":200000,"flow_min_l4_payload_len":95,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":95,"midstream":0,"thread_ts_msec":1455907272856,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50318,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1455907272858,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_msec":1455907272858,"pkt":"CAAnAERyCAAnmO\/hCABFAAAuXhFAAEAR6vbAqDhlwKg4AURcxI4AGvHiYkQdqQeYiy9yL0J1czE3Q21k"}
00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1455907272969,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"thread_ts_msec":1455907272969,"pkt":"CAAnmO\/hCAAnAERyCABFAAB\/EYMAAIARNzTAqDgBwKg4ZcSORFwAa8WlRgMdqhF5z0YYRXJEXEFyCEJ1czE3Q21kETL\/eyJtZXNzYWdlVHlwZSI6IlVQREFURSIsIm1lc3NhZ2VDb250ZW50IjoiRnJpIEZlYiAxOSAyMDo0MToxMyBFRVQgMjAxNiJ9"}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907274088,"flow_last_seen":1455907274088,"flow_idle_time":200000,"flow_min_l4_payload_len":97,"flow_max_l4_payload_len":97,"flow_tot_l4_payload_len":97,"flow_avg_l4_payload_len":97,"midstream":0,"thread_ts_msec":1455907274088,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50312,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455907274088,"flow_last_seen":1455907274088,"flow_idle_time":200000,"flow_min_l4_payload_len":97,"flow_max_l4_payload_len":97,"flow_tot_l4_payload_len":97,"midstream":0,"thread_ts_msec":1455907274088,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50312,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1455907274088,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"thread_ts_msec":1455907274088,"pkt":"CAAnmO\/hCAAnAERyCABFAAB9EncAAIARNkLAqDgBwKg4ZcSIRFwAaR7GRANSj9XGl0FyRFxBcghCdXMxN0NtZBEy\/3sibWVzc2FnZVR5cGUiOiJVUERBVEUiLCJtZXNzYWdlQ29udGVudCI6IkZyaSBGZWIgMTkgMjA6NDE6MTQgRUVUIDIwMTYifQ=="}
00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":71,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907274088,"flow_last_seen":1455907274088,"flow_idle_time":200000,"flow_min_l4_payload_len":97,"flow_max_l4_payload_len":97,"flow_tot_l4_payload_len":97,"flow_avg_l4_payload_len":97,"midstream":0,"thread_ts_msec":1455907274088,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50312,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":71,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455907274088,"flow_last_seen":1455907274088,"flow_idle_time":200000,"flow_min_l4_payload_len":97,"flow_max_l4_payload_len":97,"flow_tot_l4_payload_len":97,"midstream":0,"thread_ts_msec":1455907274088,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50312,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1455907274089,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1455907274089,"pkt":"CAAnAERyCAAnmO\/hCABFAAAwXqNAAEAR6mLAqDhlwKg4AURcxIgAHPHkZERSj9XGl0GLL3IvQnVzMTdDbWQ="}
00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1455907274193,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"thread_ts_msec":1455907274193,"pkt":"CAAnmO\/hCAAnAERyCABFAACBEpIAAIARNiPAqDgBwKg4ZcSIRFwAbeMnSANSkLugNTWCkTE2ckRcQXIIQnVzMTdDbWQRMv97Im1lc3NhZ2VUeXBlIjoiVVBEQVRFIiwibWVzc2FnZUNvbnRlbnQiOiJGcmkgRmViIDE5IDIwOjQxOjE0IEVFVCAyMDE2In0="}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":153,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907275690,"flow_last_seen":1455907275690,"flow_idle_time":200000,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":99,"flow_avg_l4_payload_len":99,"midstream":0,"thread_ts_msec":1455907275690,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50319,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":153,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455907275690,"flow_last_seen":1455907275690,"flow_idle_time":200000,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":99,"midstream":0,"thread_ts_msec":1455907275690,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50319,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":153,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1455907275690,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"thread_ts_msec":1455907275690,"pkt":"CAAnmO\/hCAAnAERyCABFAAB\/FCAAAIARNJfAqDgBwKg4ZcSPRFwAa2JLRgOAZtDWwMpn\/nJEXEFyCEJ1czE3Q21kETL\/eyJtZXNzYWdlVHlwZSI6IlVQREFURSIsIm1lc3NhZ2VDb250ZW50IjoiRnJpIEZlYiAxOSAyMDo0MToxNSBFRVQgMjAxNiJ9"}
00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":153,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907275690,"flow_last_seen":1455907275690,"flow_idle_time":200000,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":99,"flow_avg_l4_payload_len":99,"midstream":0,"thread_ts_msec":1455907275690,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50319,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":153,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455907275690,"flow_last_seen":1455907275690,"flow_idle_time":200000,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":99,"midstream":0,"thread_ts_msec":1455907275690,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50319,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1455907275695,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"thread_ts_msec":1455907275695,"pkt":"CAAnAERyCAAnmO\/hCABFAAAyX35AAEAR6YXAqDhlwKg4AURcxI8AHvHmZkSAZtDWwMpn\/osvci9CdXMxN0NtZA=="}
00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":161,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1455907275831,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_msec":1455907275831,"pkt":"CAAnmO\/hCAAnAERyCABFAACAFEwAAIARNGrAqDgBwKg4ZcSPRFwAbLkURwOAZ6ExGoh1VzNyRFxBcghCdXMxN0NtZBEy\/3sibWVzc2FnZVR5cGUiOiJVUERBVEUiLCJtZXNzYWdlQ29udGVudCI6IkZyaSBGZWIgMTkgMjA6NDE6MTUgRUVUIDIwMTYifQ=="}
00558{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":801,"source":"dropbox.pcap","alias":"nDPId-test","packets-captured":801,"packets-processed":800,"total-skipped-flows":0,"total-l4-payload-len":47076,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":4,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":23,"global_ts_msec":1459182796665}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":801,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1459182796665,"flow_last_seen":1459182796665,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1459182796665,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":55407,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":801,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1459182796665,"flow_last_seen":1459182796665,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"midstream":0,"thread_ts_msec":1459182796665,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":55407,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":801,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1459182796665,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1459182796665,"pkt":"8IQvSpdgeJKcD6iOCABFAABAOLtAAEARfTrAqAFpwKgB\/thvADUALFKSg5wBAAABAAAAAAAABmNsaWVudAdkcm9wYm94A2NvbQAAAQAB"}
00778{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":801,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1459182796665,"flow_last_seen":1459182796665,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1459182796665,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":55407,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"client.dropbox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":801,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1459182796665,"flow_last_seen":1459182796665,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"midstream":0,"thread_ts_msec":1459182796665,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":55407,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"client.dropbox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":802,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1459182796665,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1459182796665,"pkt":"8IQvSpdgeJKcD6iOCABFAABAOLtAAEARfTrAqAFpwKgB\/thvADUALFKSg5wBAAABAAAAAAAABmNsaWVudAdkcm9wYm94A2NvbQAAAQAB"}
00825{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":803,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1459182796786,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":333,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":333,"pkt_l4_len":299,"thread_ts_msec":1459182796786,"pkt":"eJKcD6iO8IQvSpdgCABFAAE\/AABAAEARtPbAqAH+wKgBaQA12G8BK6cig5yBgAABAAMABAAEBmNsaWVudAdkcm9wYm94A2NvbQAAAQABwAwABQABAAAAwAALBmNsaWVudAF2wBPAMAABAAEAAAAUAARsoKzMwDAAAQABAAAAFAAEbKCs7MA3AAIAAQAA9bUAGQducy0xOTI2CWF3c2Rucy00OAJjbwJ1awDANwACAAEAAPW1ABYGbnMtNzczCWF3c2Rucy0zMgNuZXQAwDcAAgABAAD1tQASBW5zLTU3CWF3c2Rucy0wN8AbwDcAAgABAAD1tQAXB25zLTEyNzYJYXdzZG5zLTMxA29yZwDArgABAAEAAkcJAATN+8A5wIwAAQABAAJG7wAEzfvDBcDMAAEAAQACRu8ABM37xPzAZwABAAEAAkbkAATN+8eG"}
00798{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":803,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1459182796665,"flow_last_seen":1459182796786,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":291,"flow_tot_l4_payload_len":363,"flow_avg_l4_payload_len":121,"midstream":0,"thread_ts_msec":1459182796786,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":55407,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"client.dropbox.com","num_queries":1,"num_answers":11,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"108.160.172.204"}}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":805,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1459182798602,"flow_last_seen":1459182798602,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1459182798602,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":49112,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00803{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":803,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1459182796665,"flow_last_seen":1459182796786,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":291,"flow_tot_l4_payload_len":363,"midstream":0,"thread_ts_msec":1459182796786,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":55407,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"client.dropbox.com","num_queries":1,"num_answers":11,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"108.160.172.204"}}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":805,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1459182798602,"flow_last_seen":1459182798602,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":0,"thread_ts_msec":1459182798602,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":49112,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":805,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1459182798602,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1459182798602,"pkt":"8IQvSpdgeJKcD6iOCABFAABDOVFAAEARfKHAqAFpwKgB\/r\/YADUALxT2I4YBAAABAAAAAAAACWNsaWVudC1jZgdkcm9wYm94A2NvbQAAAQAB"}
00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":805,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1459182798602,"flow_last_seen":1459182798602,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1459182798602,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":49112,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"client-cf.dropbox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":805,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1459182798602,"flow_last_seen":1459182798602,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":0,"thread_ts_msec":1459182798602,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":49112,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"client-cf.dropbox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":806,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1459182798602,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1459182798602,"pkt":"8IQvSpdgeJKcD6iOCABFAABDOVFAAEARfKHAqAFpwKgB\/r\/YADUALxT2I4YBAAABAAAAAAAACWNsaWVudC1jZgdkcm9wYm94A2NvbQAAAQAB"}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":807,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1459182798651,"flow_last_seen":1459182798651,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1459182798651,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":50789,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":807,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1459182798651,"flow_last_seen":1459182798651,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"midstream":0,"thread_ts_msec":1459182798651,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":50789,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":807,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1459182798651,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_msec":1459182798651,"pkt":"8IQvSpdgeJKcD6iOCABFAAA7OV1AAEARfJ3AqAFpwKgB\/sZlADUAJw161e8BAAABAAAAAAAAAWQHZHJvcGJveANjb20AAAEAAQ=="}
00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":807,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1459182798651,"flow_last_seen":1459182798651,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1459182798651,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":50789,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"d.dropbox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":807,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1459182798651,"flow_last_seen":1459182798651,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"midstream":0,"thread_ts_msec":1459182798651,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":50789,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"d.dropbox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":808,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1459182798651,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_msec":1459182798651,"pkt":"8IQvSpdgeJKcD6iOCABFAAA7OV1AAEARfJ3AqAFpwKgB\/sZlADUAJw161e8BAAABAAAAAAAAAWQHZHJvcGJveANjb20AAAEAAQ=="}
00788{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":809,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1459182798781,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":306,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":306,"pkt_l4_len":272,"thread_ts_msec":1459182798781,"pkt":"eJKcD6iO8IQvSpdgCABFAAEkAABAAEARtRHAqAH+wKgBaQA1v9gBEDDEI4aBgAABAAEABAAECWNsaWVudC1jZgdkcm9wYm94A2NvbQAAAQABwAwAAQABAAAAFAAENvCuH8AWAAIAAQABU2AAGQducy0xOTQ5CWF3c2Rucy01MQJjbwJ1awDAFgACAAEAAVNgABcHbnMtMTE2Mglhd3NkbnMtMTcDb3JnAMAWAAIAAQABU2AAFgZucy01NjQJYXdzZG5zLTA2A25ldADAFgACAAEAAVNgABMGbnMtMzE1CWF3c2Rucy0zOcAewK0AAQABAAIhDwAEzfvBO8CLAAEAAQABU1QABM37wjQHTlMtMTE2MsBwAAEAAQABU10ABM37xIrAQwABAAEAAVNaAATN+8ed"}
00798{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":809,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1459182798602,"flow_last_seen":1459182798781,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":264,"flow_tot_l4_payload_len":342,"flow_avg_l4_payload_len":114,"midstream":0,"thread_ts_msec":1459182798781,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":49112,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"client-cf.dropbox.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.240.174.31"}}
00803{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":809,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1459182798602,"flow_last_seen":1459182798781,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":264,"flow_tot_l4_payload_len":342,"midstream":0,"thread_ts_msec":1459182798781,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":49112,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"client-cf.dropbox.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.240.174.31"}}
00813{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":811,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1459182798820,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":323,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":323,"pkt_l4_len":289,"thread_ts_msec":1459182798820,"pkt":"eJKcD6iO8IQvSpdgCABFAAE1AABAAEARtQDAqAH+wKgBaQA1xmUBIb321e+BgAABAAMABAAEAWQHZHJvcGJveANjb20AAAEAAcAMAAUAAQAAAQsABgFkAXbADsArAAEAAQAAAC0ABGygrOHAKwABAAEAAAAtAARsoKzBwC0AAgABAAD1swAXB25zLTEyNzYJYXdzZG5zLTMxA29yZwDALQACAAEAAPWzABIFbnMtNTcJYXdzZG5zLTA3wBbALQACAAEAAPWzABYGbnMtNzczCWF3c2Rucy0zMgNuZXQAwC0AAgABAAD1swAZB25zLTE5MjYJYXdzZG5zLTQ4AmNvAnVrAMCAAAEAAQACRwcABM37wDnAngABAAEAAkbtAATN+8MFwF0AAQABAAJG7QAEzfvE\/MDAAAEAAQACRuIABM37x4Y="}
00793{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":811,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1459182798651,"flow_last_seen":1459182798820,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":343,"flow_avg_l4_payload_len":114,"midstream":0,"thread_ts_msec":1459182798820,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":50789,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"d.dropbox.com","num_queries":1,"num_answers":11,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"108.160.172.225"}}
00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":813,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":200,"flow_first_seen":1455907271481,"flow_last_seen":1455907282686,"flow_idle_time":200000,"flow_min_l4_payload_len":17,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":11720,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1459182798820,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50311,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":813,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":200,"flow_first_seen":1455907274088,"flow_last_seen":1455907285181,"flow_idle_time":200000,"flow_min_l4_payload_len":17,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":11794,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1459182798820,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50312,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":813,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":200,"flow_first_seen":1455907272856,"flow_last_seen":1455907284046,"flow_idle_time":200000,"flow_min_l4_payload_len":17,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":11820,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1459182798820,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50318,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":813,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":200,"flow_first_seen":1455907275690,"flow_last_seen":1455907286608,"flow_idle_time":200000,"flow_min_l4_payload_len":17,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":11742,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1459182798820,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50319,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":813,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1459182816605,"flow_last_seen":1459182816605,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1459182816605,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":36173,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00798{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":811,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1459182798651,"flow_last_seen":1459182798820,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":343,"midstream":0,"thread_ts_msec":1459182798820,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":50789,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"d.dropbox.com","num_queries":1,"num_answers":11,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"108.160.172.225"}}
00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":813,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":100,"flow_dst_packets_processed":100,"flow_first_seen":1455907271481,"flow_last_seen":1455907282686,"flow_idle_time":200000,"flow_min_l4_payload_len":17,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":11720,"midstream":0,"thread_ts_msec":1459182798820,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50311,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":813,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":100,"flow_dst_packets_processed":100,"flow_first_seen":1455907274088,"flow_last_seen":1455907285181,"flow_idle_time":200000,"flow_min_l4_payload_len":17,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":11794,"midstream":0,"thread_ts_msec":1459182798820,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50312,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":813,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":100,"flow_dst_packets_processed":100,"flow_first_seen":1455907272856,"flow_last_seen":1455907284046,"flow_idle_time":200000,"flow_min_l4_payload_len":17,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":11820,"midstream":0,"thread_ts_msec":1459182798820,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50318,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":813,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":100,"flow_dst_packets_processed":100,"flow_first_seen":1455907275690,"flow_last_seen":1455907286608,"flow_idle_time":200000,"flow_min_l4_payload_len":17,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":11742,"midstream":0,"thread_ts_msec":1459182798820,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50319,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":813,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1459182816605,"flow_last_seen":1459182816605,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"midstream":0,"thread_ts_msec":1459182816605,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":36173,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":813,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1459182816605,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1459182816605,"pkt":"8IQvSpdgeJKcD6iOCABFAABAP3NAAEARdoLAqAFpwKgB\/o1NADUALHL+F+YBAAABAAAAAAAAA2xvZwpnZXRkcm9wYm94A2NvbQAAAQAB"}
00778{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":813,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1459182816605,"flow_last_seen":1459182816605,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1459182816605,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":36173,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"log.getdropbox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":813,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1459182816605,"flow_last_seen":1459182816605,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"midstream":0,"thread_ts_msec":1459182816605,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":36173,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"log.getdropbox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":814,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1459182816605,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1459182816605,"pkt":"8IQvSpdgeJKcD6iOCABFAABAP3NAAEARdoLAqAFpwKgB\/o1NADUALHL+F+YBAAABAAAAAAAAA2xvZwpnZXRkcm9wYm94A2NvbQAAAQAB"}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":815,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1459182816605,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1459182816605,"pkt":"8IQvSpdgeJKcD6iOCABFAABAP3RAAEARdoHAqAFpwKgB\/o1NADUALO8im6YBAAABAAAAAAAAA2xvZwpnZXRkcm9wYm94A2NvbQAAHAAB"}
00788{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":815,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1459182816605,"flow_last_seen":1459182816605,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":108,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1459182816605,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":36173,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"log.getdropbox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00789{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":817,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1459182816605,"flow_last_seen":1459182816645,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":152,"flow_tot_l4_payload_len":296,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1459182816645,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":36173,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"log.getdropbox.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":28,"rsp_type":5,"rsp_addr":"0.0.0.0"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":821,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1459182817566,"flow_last_seen":1459182817566,"flow_idle_time":200000,"flow_min_l4_payload_len":195,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":195,"midstream":0,"thread_ts_msec":1459182817566,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00794{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":815,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1459182816605,"flow_last_seen":1459182816605,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":108,"midstream":0,"thread_ts_msec":1459182816605,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":36173,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"log.getdropbox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":817,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1459182816605,"flow_last_seen":1459182816645,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":152,"flow_tot_l4_payload_len":296,"midstream":0,"thread_ts_msec":1459182816645,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":36173,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"log.getdropbox.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":28,"rsp_type":5,"rsp_addr":"0.0.0.0"}}
00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":821,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1459182817566,"flow_last_seen":1459182817566,"flow_idle_time":200000,"flow_min_l4_payload_len":195,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"midstream":0,"thread_ts_msec":1459182817566,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00709{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":821,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1459182817566,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":237,"pkt_l4_len":203,"thread_ts_msec":1459182817566,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAADfQ1JAAEARNKvAqAFp\/\/\/\/\/0RcRFwAy8gLeyJob3N0X2ludCI6IDI3NDM2MzU3MDAzNjkzNDgyMzM2MDM0MTQwOTA1MTg0MTU3MzU3OSwgInZlcnNpb24iOiBbMiwgMF0sICJkaXNwbGF5bmFtZSI6ICIiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsyMDYwMzE0MCwgMTY3MTU2ODYsIDQ4NzQ1ODk1LCAxOTA3NjA0MCwgODc5NTY4MDQzLCAxMjM1MzUwMzAsIDE4MjE2NDkyMl19"}
00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":821,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1459182817566,"flow_last_seen":1459182817566,"flow_idle_time":200000,"flow_min_l4_payload_len":195,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":195,"midstream":0,"thread_ts_msec":1459182817566,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":821,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1459182817566,"flow_last_seen":1459182817566,"flow_idle_time":200000,"flow_min_l4_payload_len":195,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"midstream":0,"thread_ts_msec":1459182817566,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00709{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":822,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1459182817566,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":237,"pkt_l4_len":203,"thread_ts_msec":1459182817566,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAADfQ1JAAEARNKvAqAFp\/\/\/\/\/0RcRFwAy8gLeyJob3N0X2ludCI6IDI3NDM2MzU3MDAzNjkzNDgyMzM2MDM0MTQwOTA1MTg0MTU3MzU3OSwgInZlcnNpb24iOiBbMiwgMF0sICJkaXNwbGF5bmFtZSI6ICIiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsyMDYwMzE0MCwgMTY3MTU2ODYsIDQ4NzQ1ODk1LCAxOTA3NjA0MCwgODc5NTY4MDQzLCAxMjM1MzUwMzAsIDE4MjE2NDkyMl19"}
00709{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":823,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1459182817566,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":237,"pkt_l4_len":203,"thread_ts_msec":1459182817566,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAADfQ1JAAEARNKvAqAFp\/\/\/\/\/0RcRFwAy8gLeyJob3N0X2ludCI6IDI3NDM2MzU3MDAzNjkzNDgyMzM2MDM0MTQwOTA1MTg0MTU3MzU3OSwgInZlcnNpb24iOiBbMiwgMF0sICJkaXNwbGF5bmFtZSI6ICIiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsyMDYwMzE0MCwgMTY3MTU2ODYsIDQ4NzQ1ODk1LCAxOTA3NjA0MCwgODc5NTY4MDQzLCAxMjM1MzUwMzAsIDE4MjE2NDkyMl19"}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":824,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1459182817566,"flow_last_seen":1459182817566,"flow_idle_time":200000,"flow_min_l4_payload_len":195,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":195,"midstream":0,"thread_ts_msec":1459182817566,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":824,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1459182817566,"flow_last_seen":1459182817566,"flow_idle_time":200000,"flow_min_l4_payload_len":195,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"midstream":0,"thread_ts_msec":1459182817566,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00706{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":824,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1459182817566,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":237,"pkt_l4_len":203,"thread_ts_msec":1459182817566,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAADf1cRAAEAR35DAqAFpwKgB\/0RcRFwAywVkeyJob3N0X2ludCI6IDI3NDM2MzU3MDAzNjkzNDgyMzM2MDM0MTQwOTA1MTg0MTU3MzU3OSwgInZlcnNpb24iOiBbMiwgMF0sICJkaXNwbGF5bmFtZSI6ICIiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsyMDYwMzE0MCwgMTY3MTU2ODYsIDQ4NzQ1ODk1LCAxOTA3NjA0MCwgODc5NTY4MDQzLCAxMjM1MzUwMzAsIDE4MjE2NDkyMl19"}
00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":824,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1459182817566,"flow_last_seen":1459182817566,"flow_idle_time":200000,"flow_min_l4_payload_len":195,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":195,"midstream":0,"thread_ts_msec":1459182817566,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":824,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1459182817566,"flow_last_seen":1459182817566,"flow_idle_time":200000,"flow_min_l4_payload_len":195,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"midstream":0,"thread_ts_msec":1459182817566,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00706{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":825,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1459182817566,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":237,"pkt_l4_len":203,"thread_ts_msec":1459182817566,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAADf1cRAAEAR35DAqAFpwKgB\/0RcRFwAywVkeyJob3N0X2ludCI6IDI3NDM2MzU3MDAzNjkzNDgyMzM2MDM0MTQwOTA1MTg0MTU3MzU3OSwgInZlcnNpb24iOiBbMiwgMF0sICJkaXNwbGF5bmFtZSI6ICIiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsyMDYwMzE0MCwgMTY3MTU2ODYsIDQ4NzQ1ODk1LCAxOTA3NjA0MCwgODc5NTY4MDQzLCAxMjM1MzUwMzAsIDE4MjE2NDkyMl19"}
00706{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":826,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1459182817566,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":237,"pkt_l4_len":203,"thread_ts_msec":1459182817566,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAADf1cRAAEAR35DAqAFpwKgB\/0RcRFwAywVkeyJob3N0X2ludCI6IDI3NDM2MzU3MDAzNjkzNDgyMzM2MDM0MTQwOTA1MTg0MTU3MzU3OSwgInZlcnNpb24iOiBbMiwgMF0sICJkaXNwbGF5bmFtZSI6ICIiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsyMDYwMzE0MCwgMTY3MTU2ODYsIDQ4NzQ1ODk1LCAxOTA3NjA0MCwgODc5NTY4MDQzLCAxMjM1MzUwMzAsIDE4MjE2NDkyMl19"}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":827,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1459182818229,"flow_last_seen":1459182818229,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1459182818229,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":33189,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":827,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1459182818229,"flow_last_seen":1459182818229,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"midstream":0,"thread_ts_msec":1459182818229,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":33189,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":827,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1459182818229,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1459182818229,"pkt":"8IQvSpdgeJKcD6iOCABFAABAQCRAAEARddHAqAFpwKgB\/oGlADUALERt3H0BAAABAAAAAAAABm5vdGlmeQdkcm9wYm94A2NvbQAAAQAB"}
00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":827,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1459182818229,"flow_last_seen":1459182818229,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1459182818229,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":33189,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"notify.dropbox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00785{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":827,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1459182818229,"flow_last_seen":1459182818229,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"midstream":0,"thread_ts_msec":1459182818229,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":33189,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"notify.dropbox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":828,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1459182818229,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1459182818229,"pkt":"8IQvSpdgeJKcD6iOCABFAABAQCRAAEARddHAqAFpwKgB\/oGlADUALERt3H0BAAABAAAAAAAABm5vdGlmeQdkcm9wYm94A2NvbQAAAQAB"}
00773{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":829,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1459182818263,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":294,"pkt_l4_len":260,"thread_ts_msec":1459182818263,"pkt":"eJKcD6iO8IQvSpdgCABFAAEYAABAAEARtR3AqAH+wKgBaQA1gaUBBH9u3H2BgAABAAEABAAEBm5vdGlmeQdkcm9wYm94A2NvbQAAAQABwAwAAQABAAAAcQAEon0Rg8AMAAIAAQAAAHEAFwducy0xMTU0CWF3c2Rucy0xNgNvcmcAwAwAAgABAAAAcQASBW5zLTgzCWF3c2Rucy0xMMAbwAwAAgABAAAAcQAWBm5zLTg5NQlhd3NkbnMtNDcDbmV0AMAMAAIAAQAAAHEAGQducy0xOTM2CWF3c2Rucy01MAJjbwJ1awDAYwABAAEAAVOfAATN+8BTwIEAAQABAAFTrgAEzfvDf8BAAAEAAQABU6sABM37xILAowABAAEAAVN1AATN+8eQ"}
00797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":829,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1459182818229,"flow_last_seen":1459182818263,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":252,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":108,"midstream":0,"thread_ts_msec":1459182818263,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":33189,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"notify.dropbox.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"162.125.17.131"}}
00802{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":829,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1459182818229,"flow_last_seen":1459182818263,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":252,"flow_tot_l4_payload_len":324,"midstream":0,"thread_ts_msec":1459182818263,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":33189,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"notify.dropbox.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"162.125.17.131"}}
00560{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":837,"source":"dropbox.pcap","alias":"nDPId-test","packets-captured":837,"packets-processed":836,"total-skipped-flows":0,"total-l4-payload-len":52930,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":6,"total-updates":0,"current-active-flows":7,"total-active-flows":11,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":69,"global_ts_msec":1535391465534}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":837,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1535391465534,"flow_last_seen":1535391465534,"flow_idle_time":200000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":0,"thread_ts_msec":1535391465534,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":837,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1535391465534,"flow_last_seen":1535391465534,"flow_idle_time":200000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"midstream":0,"thread_ts_msec":1535391465534,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":837,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1535391465534,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1535391465534,"pkt":"\/\/\/\/\/\/\/\/rNG4wD8JCABFAADEWzxAAEARHT\/AqAEG\/\/\/\/\/0RcRFwAsAWteyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiZGlzcGxheW5hbWUiOiAiIiwgImhvc3RfaW50IjogMTQyNjI0OTI5OTAwNTgxMDUzNDA3MzQwMDE2NzI1NzY2ODExMzI2LCAibmFtZXNwYWNlcyI6IFszMTE2NDIwNDE2LCAzMjA5MzgyOTQ0LCAxMjM1ODYyNywgMTEzODA0NDM2N119"}
00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":837,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1535391465534,"flow_last_seen":1535391465534,"flow_idle_time":200000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":0,"thread_ts_msec":1535391465534,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":838,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1535391465535,"flow_last_seen":1535391465535,"flow_idle_time":200000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":0,"thread_ts_msec":1535391465535,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":837,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1535391465534,"flow_last_seen":1535391465534,"flow_idle_time":200000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"midstream":0,"thread_ts_msec":1535391465534,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":838,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1535391465535,"flow_last_seen":1535391465535,"flow_idle_time":200000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"midstream":0,"thread_ts_msec":1535391465535,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":838,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1535391465535,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1535391465535,"pkt":"\/\/\/\/\/\/\/\/rNG4wD8JCABFAADENtRAAEARfv\/AqAEGwKgB\/0RcRFwAsEMFeyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiZGlzcGxheW5hbWUiOiAiIiwgImhvc3RfaW50IjogMTQyNjI0OTI5OTAwNTgxMDUzNDA3MzQwMDE2NzI1NzY2ODExMzI2LCAibmFtZXNwYWNlcyI6IFszMTE2NDIwNDE2LCAzMjA5MzgyOTQ0LCAxMjM1ODYyNywgMTEzODA0NDM2N119"}
00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":838,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1535391465535,"flow_last_seen":1535391465535,"flow_idle_time":200000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":0,"thread_ts_msec":1535391465535,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":839,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1459182798651,"flow_last_seen":1459182798820,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":624,"flow_avg_l4_payload_len":156,"midstream":0,"thread_ts_msec":1535391465535,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":50789,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"}}
00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":839,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1459182817566,"flow_last_seen":1459182830673,"flow_idle_time":200000,"flow_min_l4_payload_len":195,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":1170,"flow_avg_l4_payload_len":195,"midstream":0,"thread_ts_msec":1535391465535,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":839,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1459182798602,"flow_last_seen":1459182798781,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":264,"flow_tot_l4_payload_len":606,"flow_avg_l4_payload_len":151,"midstream":0,"thread_ts_msec":1535391465535,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":49112,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"}}
00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":839,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1459182796665,"flow_last_seen":1459182796786,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":291,"flow_tot_l4_payload_len":654,"flow_avg_l4_payload_len":163,"midstream":0,"thread_ts_msec":1535391465535,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":55407,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"}}
00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":839,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1459182817566,"flow_last_seen":1459182830673,"flow_idle_time":200000,"flow_min_l4_payload_len":195,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":1170,"flow_avg_l4_payload_len":195,"midstream":0,"thread_ts_msec":1535391465535,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":839,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1459182818229,"flow_last_seen":1459182818263,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":252,"flow_tot_l4_payload_len":576,"flow_avg_l4_payload_len":144,"midstream":0,"thread_ts_msec":1535391465535,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":33189,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"}}
00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":839,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1459182816605,"flow_last_seen":1459182816645,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":1054,"flow_avg_l4_payload_len":131,"midstream":0,"thread_ts_msec":1535391465535,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":36173,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"}}
00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":838,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1535391465535,"flow_last_seen":1535391465535,"flow_idle_time":200000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"midstream":0,"thread_ts_msec":1535391465535,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":839,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1459182798651,"flow_last_seen":1459182798820,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":624,"midstream":0,"thread_ts_msec":1535391465535,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":50789,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"}}
00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":839,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1459182817566,"flow_last_seen":1459182830673,"flow_idle_time":200000,"flow_min_l4_payload_len":195,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":1170,"midstream":0,"thread_ts_msec":1535391465535,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":839,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1459182798602,"flow_last_seen":1459182798781,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":264,"flow_tot_l4_payload_len":606,"midstream":0,"thread_ts_msec":1535391465535,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":49112,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"}}
00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":839,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1459182796665,"flow_last_seen":1459182796786,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":291,"flow_tot_l4_payload_len":654,"midstream":0,"thread_ts_msec":1535391465535,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":55407,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"}}
00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":839,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1459182817566,"flow_last_seen":1459182830673,"flow_idle_time":200000,"flow_min_l4_payload_len":195,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":1170,"midstream":0,"thread_ts_msec":1535391465535,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":839,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1459182818229,"flow_last_seen":1459182818263,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":252,"flow_tot_l4_payload_len":576,"midstream":0,"thread_ts_msec":1535391465535,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":33189,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"}}
00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":839,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1459182816605,"flow_last_seen":1459182816645,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":1054,"midstream":0,"thread_ts_msec":1535391465535,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":36173,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"}}
00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":839,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1535391495539,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1535391495539,"pkt":"\/\/\/\/\/\/\/\/rNG4wD8JCABFAADEaV5AAEARDx3AqAEG\/\/\/\/\/0RcRFwAsAWteyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiZGlzcGxheW5hbWUiOiAiIiwgImhvc3RfaW50IjogMTQyNjI0OTI5OTAwNTgxMDUzNDA3MzQwMDE2NzI1NzY2ODExMzI2LCAibmFtZXNwYWNlcyI6IFszMTE2NDIwNDE2LCAzMjA5MzgyOTQ0LCAxMjM1ODYyNywgMTEzODA0NDM2N119"}
00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":840,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1535391495539,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1535391495539,"pkt":"\/\/\/\/\/\/\/\/rNG4wD8JCABFAADEPR9AAEAReLTAqAEGwKgB\/0RcRFwAsEMFeyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiZGlzcGxheW5hbWUiOiAiIiwgImhvc3RfaW50IjogMTQyNjI0OTI5OTAwNTgxMDUzNDA3MzQwMDE2NzI1NzY2ODExMzI2LCAibmFtZXNwYWNlcyI6IFszMTE2NDIwNDE2LCAzMjA5MzgyOTQ0LCAxMjM1ODYyNywgMTEzODA0NDM2N119"}
00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":841,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1535391525545,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1535391525545,"pkt":"\/\/\/\/\/\/\/\/rNG4wD8JCABFAADEd25AAEARAQ3AqAEG\/\/\/\/\/0RcRFwAsAWteyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiZGlzcGxheW5hbWUiOiAiIiwgImhvc3RfaW50IjogMTQyNjI0OTI5OTAwNTgxMDUzNDA3MzQwMDE2NzI1NzY2ODExMzI2LCAibmFtZXNwYWNlcyI6IFszMTE2NDIwNDE2LCAzMjA5MzgyOTQ0LCAxMjM1ODYyNywgMTEzODA0NDM2N119"}
00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":842,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1535391525545,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1535391525545,"pkt":"\/\/\/\/\/\/\/\/rNG4wD8JCABFAADETEZAAEARaY3AqAEGwKgB\/0RcRFwAsEMFeyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiZGlzcGxheW5hbWUiOiAiIiwgImhvc3RfaW50IjogMTQyNjI0OTI5OTAwNTgxMDUzNDA3MzQwMDE2NzI1NzY2ODExMzI2LCAibmFtZXNwYWNlcyI6IFszMTE2NDIwNDE2LCAzMjA5MzgyOTQ0LCAxMjM1ODYyNywgMTEzODA0NDM2N119"}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":843,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1535391651168,"flow_last_seen":1535391651168,"flow_idle_time":200000,"flow_min_l4_payload_len":163,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":163,"flow_avg_l4_payload_len":163,"midstream":0,"thread_ts_msec":1535391651168,"l3_proto":"ip4","src_ip":"192.168.1.64","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":843,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1535391651168,"flow_last_seen":1535391651168,"flow_idle_time":200000,"flow_min_l4_payload_len":163,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":163,"midstream":0,"thread_ts_msec":1535391651168,"l3_proto":"ip4","src_ip":"192.168.1.64","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":843,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1535391651168,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1535391651168,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAAC\/jlBAAEAR6fXAqAFA\/\/\/\/\/0RcRFwAq9+deyJuYW1lc3BhY2VzIjogWzE5MDc2MDQwLCAyMDYwMzE0MCwgMTY3MTU2ODYsIDEyMzUzNTAzMF0sICJwb3J0IjogMTc1MDAsICJob3N0X2ludCI6IDMzMzEzOTY5NzEzOTU2MTA4MDE1Mzk5Mjk4MTIxOTY3OTIyMTUzNiwgImRpc3BsYXluYW1lIjogIiIsICJ2ZXJzaW9uIjogWzIsIDBdfQ=="}
00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":843,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1535391651168,"flow_last_seen":1535391651168,"flow_idle_time":200000,"flow_min_l4_payload_len":163,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":163,"flow_avg_l4_payload_len":163,"midstream":0,"thread_ts_msec":1535391651168,"l3_proto":"ip4","src_ip":"192.168.1.64","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":844,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1535391651170,"flow_last_seen":1535391651170,"flow_idle_time":200000,"flow_min_l4_payload_len":163,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":163,"flow_avg_l4_payload_len":163,"midstream":0,"thread_ts_msec":1535391651170,"l3_proto":"ip4","src_ip":"192.168.1.64","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":843,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1535391651168,"flow_last_seen":1535391651168,"flow_idle_time":200000,"flow_min_l4_payload_len":163,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":163,"midstream":0,"thread_ts_msec":1535391651168,"l3_proto":"ip4","src_ip":"192.168.1.64","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":844,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1535391651170,"flow_last_seen":1535391651170,"flow_idle_time":200000,"flow_min_l4_payload_len":163,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":163,"midstream":0,"thread_ts_msec":1535391651170,"l3_proto":"ip4","src_ip":"192.168.1.64","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":844,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1535391651170,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1535391651170,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAAC\/SNZAAEARbMjAqAFAwKgB\/0RcRFwAqxz2eyJuYW1lc3BhY2VzIjogWzE5MDc2MDQwLCAyMDYwMzE0MCwgMTY3MTU2ODYsIDEyMzUzNTAzMF0sICJwb3J0IjogMTc1MDAsICJob3N0X2ludCI6IDMzMzEzOTY5NzEzOTU2MTA4MDE1Mzk5Mjk4MTIxOTY3OTIyMTUzNiwgImRpc3BsYXluYW1lIjogIiIsICJ2ZXJzaW9uIjogWzIsIDBdfQ=="}
00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":844,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1535391651170,"flow_last_seen":1535391651170,"flow_idle_time":200000,"flow_min_l4_payload_len":163,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":163,"flow_avg_l4_payload_len":163,"midstream":0,"thread_ts_msec":1535391651170,"l3_proto":"ip4","src_ip":"192.168.1.64","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":844,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1535391651170,"flow_last_seen":1535391651170,"flow_idle_time":200000,"flow_min_l4_payload_len":163,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":163,"midstream":0,"thread_ts_msec":1535391651170,"l3_proto":"ip4","src_ip":"192.168.1.64","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":845,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1535391652506,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1535391652506,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAAC\/jm9AAEAR6dbAqAFA\/\/\/\/\/0RcRFwAq9+deyJuYW1lc3BhY2VzIjogWzE5MDc2MDQwLCAyMDYwMzE0MCwgMTY3MTU2ODYsIDEyMzUzNTAzMF0sICJwb3J0IjogMTc1MDAsICJob3N0X2ludCI6IDMzMzEzOTY5NzEzOTU2MTA4MDE1Mzk5Mjk4MTIxOTY3OTIyMTUzNiwgImRpc3BsYXluYW1lIjogIiIsICJ2ZXJzaW9uIjogWzIsIDBdfQ=="}
00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":846,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1535391652507,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1535391652507,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAAC\/SaBAAEARa\/7AqAFAwKgB\/0RcRFwAqxz2eyJuYW1lc3BhY2VzIjogWzE5MDc2MDQwLCAyMDYwMzE0MCwgMTY3MTU2ODYsIDEyMzUzNTAzMF0sICJwb3J0IjogMTc1MDAsICJob3N0X2ludCI6IDMzMzEzOTY5NzEzOTU2MTA4MDE1Mzk5Mjk4MTIxOTY3OTIyMTUzNiwgImRpc3BsYXluYW1lIjogIiIsICJ2ZXJzaW9uIjogWzIsIDBdfQ=="}
00689{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":847,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1535391465534,"flow_last_seen":1535391525545,"flow_idle_time":200000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":504,"flow_avg_l4_payload_len":168,"midstream":0,"thread_ts_msec":1535391652507,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00687{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":847,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1535391465535,"flow_last_seen":1535391525545,"flow_idle_time":200000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":504,"flow_avg_l4_payload_len":168,"midstream":0,"thread_ts_msec":1535391652507,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00694{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":847,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1535391465534,"flow_last_seen":1535391525545,"flow_idle_time":200000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":504,"midstream":0,"thread_ts_msec":1535391652507,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00692{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":847,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1535391465535,"flow_last_seen":1535391525545,"flow_idle_time":200000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":504,"midstream":0,"thread_ts_msec":1535391652507,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":847,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1535391682513,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1535391682513,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAAC\/nwpAAEAR2TvAqAFA\/\/\/\/\/0RcRFwAq9+deyJuYW1lc3BhY2VzIjogWzE5MDc2MDQwLCAyMDYwMzE0MCwgMTY3MTU2ODYsIDEyMzUzNTAzMF0sICJwb3J0IjogMTc1MDAsICJob3N0X2ludCI6IDMzMzEzOTY5NzEzOTU2MTA4MDE1Mzk5Mjk4MTIxOTY3OTIyMTUzNiwgImRpc3BsYXluYW1lIjogIiIsICJ2ZXJzaW9uIjogWzIsIDBdfQ=="}
00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":848,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1535391682514,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1535391682514,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAAC\/ZDZAAEARUWjAqAFAwKgB\/0RcRFwAqxz2eyJuYW1lc3BhY2VzIjogWzE5MDc2MDQwLCAyMDYwMzE0MCwgMTY3MTU2ODYsIDEyMzUzNTAzMF0sICJwb3J0IjogMTc1MDAsICJob3N0X2ludCI6IDMzMzEzOTY5NzEzOTU2MTA4MDE1Mzk5Mjk4MTIxOTY3OTIyMTUzNiwgImRpc3BsYXluYW1lIjogIiIsICJ2ZXJzaW9uIjogWzIsIDBdfQ=="}
00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":848,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1535391651168,"flow_last_seen":1535391682513,"flow_idle_time":200000,"flow_min_l4_payload_len":163,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":489,"flow_avg_l4_payload_len":163,"midstream":0,"thread_ts_msec":1535391682514,"l3_proto":"ip4","src_ip":"192.168.1.64","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":848,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1535391465534,"flow_last_seen":1535391525545,"flow_idle_time":200000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":504,"flow_avg_l4_payload_len":168,"midstream":0,"thread_ts_msec":1535391682514,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":848,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1535391651170,"flow_last_seen":1535391682514,"flow_idle_time":200000,"flow_min_l4_payload_len":163,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":489,"flow_avg_l4_payload_len":163,"midstream":0,"thread_ts_msec":1535391682514,"l3_proto":"ip4","src_ip":"192.168.1.64","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":848,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1535391465535,"flow_last_seen":1535391525545,"flow_idle_time":200000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":504,"flow_avg_l4_payload_len":168,"midstream":0,"thread_ts_msec":1535391682514,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":848,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1535391651168,"flow_last_seen":1535391682513,"flow_idle_time":200000,"flow_min_l4_payload_len":163,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":489,"midstream":0,"thread_ts_msec":1535391682514,"l3_proto":"ip4","src_ip":"192.168.1.64","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":848,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1535391465534,"flow_last_seen":1535391525545,"flow_idle_time":200000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":504,"midstream":0,"thread_ts_msec":1535391682514,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":848,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1535391651170,"flow_last_seen":1535391682514,"flow_idle_time":200000,"flow_min_l4_payload_len":163,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":489,"midstream":0,"thread_ts_msec":1535391682514,"l3_proto":"ip4","src_ip":"192.168.1.64","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":848,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1535391465535,"flow_last_seen":1535391525545,"flow_idle_time":200000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":504,"midstream":0,"thread_ts_msec":1535391682514,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00564{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":848,"source":"dropbox.pcap","alias":"nDPId-test","packets-captured":848,"packets-processed":848,"total-skipped-flows":0,"total-l4-payload-len":54916,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":6,"total-updates":2,"current-active-flows":0,"total-active-flows":15,"total-idle-flows":15,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":103,"global_ts_msec":1535391682514}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 848/848
@@ -109,8 +109,8 @@
~~ total active/idle flows...: 15/15
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6042341 bytes
~~ total memory freed........: 6042341 bytes
~~ total memory allocated....: 6042461 bytes
~~ total memory freed........: 6042461 bytes
~~ total allocations/frees...: 121774/121774
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 462 chars

14
test/results/dtls.pcap.out
View File

@@ -1,10 +1,10 @@
00455{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dtls.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00544{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dtls.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1545143424891}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dtls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1545143424891,"flow_last_seen":1545143424891,"flow_idle_time":200000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":0,"thread_ts_msec":1545143424891,"l3_proto":"ip4","src_ip":"192.168.13.203","dst_ip":"192.168.13.57","src_port":40739,"dst_port":56515,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dtls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1545143424891,"flow_last_seen":1545143424891,"flow_idle_time":200000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"midstream":0,"thread_ts_msec":1545143424891,"l3_proto":"ip4","src_ip":"192.168.13.203","dst_ip":"192.168.13.57","src_port":40739,"dst_port":56515,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00640{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dtls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1545143424891,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":197,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":197,"pkt_l4_len":163,"thread_ts_msec":1545143424891,"pkt":"WLEPD4fwhLVBbZhoCABFAAC3FtBAAEARhxHAqA3LwKgNOZ8j3MMAozuLFv7\/AAAAAAAAAAAAjgEAAIIAAAAAAAAAgv79zrBtKgTLKhUXwuJm7W22k25ueldyqs3Q4tvQaM4mc34AAAAYwCvAL8ypzKjACcATwArAFACcAC8ANQAKAQAAQP8BAAEAABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEADgAFAAIAAQAACwACAQAACgAIAAYAHQAXABg="}
01048{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dtls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1545143424891,"flow_last_seen":1545143424891,"flow_idle_time":200000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":0,"thread_ts_msec":1545143424891,"l3_proto":"ip4","src_ip":"192.168.13.203","dst_ip":"192.168.13.57","src_port":40739,"dst_port":56515,"l4_proto":"udp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"DTLS","breed":"Safe","category":"Web"},"tls": {"version":"DTLSv1.2","client_requested_server_name":"","ja3":"bd743610892cec1efed851b2b5efd4f5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dtls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1545143424891,"flow_last_seen":1545143424891,"flow_idle_time":200000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"midstream":0,"thread_ts_msec":1545143424891,"l3_proto":"ip4","src_ip":"192.168.13.203","dst_ip":"192.168.13.57","src_port":40739,"dst_port":56515,"l4_proto":"udp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"DTLS","breed":"Safe","category":"Web"},"tls": {"version":"DTLSv1.2","client_requested_server_name":"","ja3":"bd743610892cec1efed851b2b5efd4f5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00640{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dtls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1545143424891,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":197,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":197,"pkt_l4_len":163,"thread_ts_msec":1545143424891,"pkt":"WLEPD4fwhLVBbZhoCABFAAC3FtBAAEARhxHAqA3LwKgNOZ8j3MMAozuLFv7\/AAAAAAAAAAAAjgEAAIIAAAAAAAAAgv79zrBtKgTLKhUXwuJm7W22k25ueldyqs3Q4tvQaM4mc34AAAAYwCvAL8ypzKjACcATwArAFACcAC8ANQAKAQAAQP8BAAEAABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEADgAFAAIAAQAACwACAQAACgAIAAYAHQAXABg="}
00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"dtls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1545143424891,"flow_last_seen":1545143424891,"flow_idle_time":200000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":310,"flow_avg_l4_payload_len":155,"midstream":0,"thread_ts_msec":1545143424891,"l3_proto":"ip4","src_ip":"192.168.13.203","dst_ip":"192.168.13.57","src_port":40739,"dst_port":56515,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"dtls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1545143424891,"flow_last_seen":1545143424891,"flow_idle_time":200000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":310,"midstream":0,"thread_ts_msec":1545143424891,"l3_proto":"ip4","src_ip":"192.168.13.203","dst_ip":"192.168.13.57","src_port":40739,"dst_port":56515,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00548{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"dtls.pcap","alias":"nDPId-test","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":310,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_msec":1545143424891}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 2/2
@@ -14,10 +14,10 @@
~~ total active/idle flows...: 1/1
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6003143 bytes
~~ total memory freed........: 6003143 bytes
~~ total memory allocated....: 6003151 bytes
~~ total memory freed........: 6003151 bytes
~~ total allocations/frees...: 120879/120879
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 460 chars
~~ json string max len.......: 1053 chars
~~ json string avg len.......: 739 chars
~~ json string max len.......: 1058 chars
~~ json string avg len.......: 742 chars

18
test/results/dtls2.pcap.out
View File

@@ -1,13 +1,13 @@
00456{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dtls2.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00545{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dtls2.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1507911659748}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1507911659748,"flow_last_seen":1507911659748,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":1507911659748,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1507911659748,"flow_last_seen":1507911659748,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"midstream":0,"thread_ts_msec":1507911659748,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1507911659748,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":1507911659748,"pkt":"AAAAjZtQSEb7zh73CABFAABta10AAD8Ruf09RG6Z1CDWJ8818BEAWUhKFv7\/AAAAAAAAAAAARAEAADgAAAAAAAAAOP7\/xZOd2weR7n4d5xLXjiJT803Vm2GyIJyqcktro0p9KtUAAAAQADUALwAFAAQACgD7APwA\/QEA"}
01044{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1507911659748,"flow_last_seen":1507911659748,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":1507911659748,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"DTLS","breed":"Safe","category":"Web"},"tls": {"version":"DTLSv1.0","client_requested_server_name":"","ja3":"1b45c913a0c0fde5f263502e65999485","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1507911659748,"flow_last_seen":1507911659748,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"midstream":0,"thread_ts_msec":1507911659748,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"DTLS","breed":"Safe","category":"Web"},"tls": {"version":"DTLSv1.0","client_requested_server_name":"","ja3":"1b45c913a0c0fde5f263502e65999485","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1507911659964,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"thread_ts_msec":1507911659964,"pkt":"AAAAjZtQSEb7zh73CABFAABYGTZAAHIRmTnUINYnPURumfARzzUARCmdFv7\/AAAAAAAAAAAALwMAACMAAAAAAAAAI\/7\/IGQQTc4aUtGjb8ohVEQdgum4T0i11AHiQi9xw2nai\/UG"}
00588{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1507911659975,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":155,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":155,"pkt_l4_len":121,"thread_ts_msec":1507911659975,"pkt":"AAAAjZtQSEb7zh73CABFAACN5wIAAD8RPjg9RG6Z1CDWJ8818BEAeRSaFv7\/AAAAAAAAAAEAZAEAAFgAAQAAAAAAWP7\/xZOd2weR7n4d5xLXjiJT803Vm2GyIJyqcktro0p9KtUAIGQQTc4aUtGjb8ohVEQdgum4T0i11AHiQi9xw2nai\/UGABAANQAvAAUABAAKAPsA\/AD9AQA="}
01343{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1507911659748,"flow_last_seen":1507911660332,"flow_idle_time":200000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":825,"flow_tot_l4_payload_len":1079,"flow_avg_l4_payload_len":269,"midstream":0,"thread_ts_msec":1507911660332,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"DTLS","breed":"Safe","category":"Web"},"tls": {"version":"DTLSv1.0","client_requested_server_name":"","ja3":"1b45c913a0c0fde5f263502e65999485","ja3s":"749bd1edea60396ffaa65213b7971718","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US","subjectDN":"C=US, CN=*.relay.ros.rockstargames.com","fingerprint":"AB:59:0E:11:EC:94:4D:D5:D3:40:7E:6E:3B:8B:6A:19:CA:B7:85:2C"}}
01026{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":25,"source":"dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1507911659748,"flow_last_seen":1507911868551,"flow_idle_time":200000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":825,"flow_tot_l4_payload_len":3173,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1507911868551,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"DTLS","breed":"Safe","category":"Web"}}
01024{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1507911659748,"flow_last_seen":1507912041896,"flow_idle_time":200000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":825,"flow_tot_l4_payload_len":3731,"flow_avg_l4_payload_len":124,"midstream":0,"thread_ts_msec":1507912041896,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"DTLS","breed":"Safe","category":"Web"}}
01348{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1507911659748,"flow_last_seen":1507911660332,"flow_idle_time":200000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":825,"flow_tot_l4_payload_len":1079,"midstream":0,"thread_ts_msec":1507911660332,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"DTLS","breed":"Safe","category":"Web"},"tls": {"version":"DTLSv1.0","client_requested_server_name":"","ja3":"1b45c913a0c0fde5f263502e65999485","ja3s":"749bd1edea60396ffaa65213b7971718","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US","subjectDN":"C=US, CN=*.relay.ros.rockstargames.com","fingerprint":"AB:59:0E:11:EC:94:4D:D5:D3:40:7E:6E:3B:8B:6A:19:CA:B7:85:2C"}}
01032{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":25,"source":"dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":13,"flow_first_seen":1507911659748,"flow_last_seen":1507911868551,"flow_idle_time":200000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":825,"flow_tot_l4_payload_len":3173,"midstream":0,"thread_ts_msec":1507911868551,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"DTLS","breed":"Safe","category":"Web"}}
01030{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":16,"flow_first_seen":1507911659748,"flow_last_seen":1507912041896,"flow_idle_time":200000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":825,"flow_tot_l4_payload_len":3731,"midstream":0,"thread_ts_msec":1507912041896,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"DTLS","breed":"Safe","category":"Web"}}
00554{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"dtls2.pcap","alias":"nDPId-test","packets-captured":30,"packets-processed":30,"total-skipped-flows":0,"total-l4-payload-len":3731,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":1,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_msec":1507912041896}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 30/30
@@ -17,10 +17,10 @@
~~ total active/idle flows...: 1/1
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6004035 bytes
~~ total memory freed........: 6004035 bytes
~~ total memory allocated....: 6004043 bytes
~~ total memory freed........: 6004043 bytes
~~ total allocations/frees...: 120910/120910
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 461 chars
~~ json string max len.......: 1348 chars
~~ json string avg len.......: 892 chars
~~ json string max len.......: 1353 chars
~~ json string avg len.......: 895 chars

10
test/results/dtls_certificate.pcapng.out
View File

@@ -1,9 +1,9 @@
00469{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dtls_certificate.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00558{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dtls_certificate.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1645461580895}
00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dtls_certificate.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1645461580895,"flow_last_seen":1645461580895,"flow_idle_time":200000,"flow_min_l4_payload_len":1444,"flow_max_l4_payload_len":1444,"flow_tot_l4_payload_len":1444,"flow_avg_l4_payload_len":1444,"midstream":0,"thread_ts_msec":1645461580895,"l3_proto":"ip4","src_ip":"191.62.60.190","dst_ip":"163.205.15.180","src_port":443,"dst_port":38876,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00603{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dtls_certificate.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1645461580895,"flow_last_seen":1645461580895,"flow_idle_time":200000,"flow_min_l4_payload_len":1444,"flow_max_l4_payload_len":1444,"flow_tot_l4_payload_len":1444,"midstream":0,"thread_ts_msec":1645461580895,"l3_proto":"ip4","src_ip":"191.62.60.190","dst_ip":"163.205.15.180","src_port":443,"dst_port":38876,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02400{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dtls_certificate.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1645461580895,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1486,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1486,"pkt_l4_len":1452,"thread_ts_msec":1645461580895,"pkt":"AAEC3cZZAAAAw9EGCABFAAXASWxAADQRSEO\/Pjy+o80PtAG7l9wFrJO8Fv79AAAAAAAAAAIARQIAADkAAQAAAAAAOf79\/Kc4HE2ihqeGXU8HJgbvv17oNih5trwpTgkv9KYfrYAAwDAAABH\/AQABAAALAAQDAAECACMAABb+\/QAAAAAAAAADBPILAATmAAIAAAAABOYABOMABOAwggTcMIIDxKADAgECAhMzAAAAHLZ5tboHL3PzAAAAAAAcMA0GCSqGSIb3DQEBBQUAMIGCMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHUmVkbW9uZDEeMBwGA1UECgwVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSwwKgYDVQQDDCNNaWNyb3NvZnQgVXBkYXRlIFNlY3VyZSBTZXJ2ZXIgQ0EgMTAeFw0xNzAyMjcxMjAwMDBaFw0xOTAyMjcwMDAwMDBaMHkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdSZWRtb25kMRIwEAYDVQQKDAlNaWNyb3NvZnQxDDAKBgNVBAsMA0RTUDEhMB8GA1UEAwwYd3d3LnVwZGF0ZS5taWNyb3NvZnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxchtkZuNapLH78mZf0URm+rRwTx\/ZkyEWQKrdPC7T\/I\/VBlNaCjkhqqLjeWcxNjAXFgHV0DQS4Ohn1NUJhGwRm+C9xnh7uNg5h\/HW\/hZG6rQQT\/YIEe4RMEDoHNucdV0ldNkVXCWmH7VdyXRHfM9s1z8dmKF9BhxFUrUndT8KN51NorrFfTkRDxgaXL\/XiTXb5jjFdTMNDoWEcfCSn+mv6sdX3THlAvFHxknV8wAjqvNtxIjUk2YFzbeaTG2Q+ckuiam9dVPaH56OySqB0JYTcsJNz1EFEanNbn3YoH9U68KtmWqXQruXynN3poT1rVwEUFs6k6P4rp9p9jisxqFTQIDAQABo4IBUTCCAU0wDgYDVR0PAQH\/BAQDAgTwMBMGA1UdJQQMMAoGCCsGAQUFBwMBMB0GA1UdDgQWBBSLiU8Spy0D\/BrMqi4FzdoDPizAuzAfBgNVHSMEGDAWgBQTA4kJqE\/7jzADbipdbCNlgXR+uzBmBgNVHR8EXzBdMFugWaBXhlVodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NybC9NaWNyb3NvZnQlMjBVcGRhdGUlMjBTZWN1cmUlMjBTZXJ2ZXIlMjBDQSUyMDEuY3JsMHMGCCsGAQUFBwEBBGcwZTBjBggrBgEFBQcwAoZXaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNyb3NvZnQlMjBVcGRhdGUlMjBTZWN1cmUlMjBTZXJ2ZXIlMjBDQSUyMDEuY3J0MAkGA1UdEwQCMAAwDQYJKoZIhvcNAQEFBQADggEBAD\/XXW3cyN\/n\/BsXYc461vEQJ\/MooDP0uWOe5wtrpd3XUOKUuYcOvN70FidsM66xtY3sgdh6LUV7Vd3UbwrHsVXRThb+W0JmRxLpORJHovyCUjHJdgWcwAmAecZJ4QHbPt4JGKIezh1zC7zvwpMBEph7\/DE2rRq+Bk7Vj\/NpG5hi7ChZs0a\/4ZlQ63BMdels0iVL7Gl8j2rZV6AKE6rNjGoosoCEoztRWeQE8+sRCm+Ke3bWDxj6rORsUQGgzGimwUgWsdfd3Nhsgd7TmdyKcuJKVjK3IJvBgJOkTc6Wtb9I6keqOhJz+tW6pXPpKnm\/uuS9speSYMehXhdxy6auf74W\/v0AAAAAAAAABABGDAABSQADAAAAAAA6AwAXQQTUxAnF4aD29iFX08UpvzSYHoOfJnjbLUY7FaBYVdRtgMBGO\/4Mp6YBV28sDk7JZ2MLOl9WIA=="}
00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dtls_certificate.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1645461580895,"flow_last_seen":1645461580895,"flow_idle_time":200000,"flow_min_l4_payload_len":1444,"flow_max_l4_payload_len":1444,"flow_tot_l4_payload_len":1444,"flow_avg_l4_payload_len":1444,"midstream":0,"thread_ts_msec":1645461580895,"l3_proto":"ip4","src_ip":"191.62.60.190","dst_ip":"163.205.15.180","src_port":443,"dst_port":38876,"l4_proto":"udp","ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.WindowsUpdate","breed":"Safe","category":"SoftwareUpdate"}}
00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"dtls_certificate.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1645461580895,"flow_last_seen":1645461580895,"flow_idle_time":200000,"flow_min_l4_payload_len":1444,"flow_max_l4_payload_len":1444,"flow_tot_l4_payload_len":1444,"flow_avg_l4_payload_len":1444,"midstream":0,"thread_ts_msec":1645461580895,"l3_proto":"ip4","src_ip":"191.62.60.190","dst_ip":"163.205.15.180","src_port":443,"dst_port":38876,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.WindowsUpdate","breed":"Safe","category":"SoftwareUpdate"}}
00795{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dtls_certificate.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1645461580895,"flow_last_seen":1645461580895,"flow_idle_time":200000,"flow_min_l4_payload_len":1444,"flow_max_l4_payload_len":1444,"flow_tot_l4_payload_len":1444,"midstream":0,"thread_ts_msec":1645461580895,"l3_proto":"ip4","src_ip":"191.62.60.190","dst_ip":"163.205.15.180","src_port":443,"dst_port":38876,"l4_proto":"udp","ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.WindowsUpdate","breed":"Safe","category":"SoftwareUpdate"}}
00834{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"dtls_certificate.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1645461580895,"flow_last_seen":1645461580895,"flow_idle_time":200000,"flow_min_l4_payload_len":1444,"flow_max_l4_payload_len":1444,"flow_tot_l4_payload_len":1444,"midstream":0,"thread_ts_msec":1645461580895,"l3_proto":"ip4","src_ip":"191.62.60.190","dst_ip":"163.205.15.180","src_port":443,"dst_port":38876,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.WindowsUpdate","breed":"Safe","category":"SoftwareUpdate"}}
00563{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"dtls_certificate.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":1444,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_msec":1645461580895}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 1/1
@@ -13,8 +13,8 @@
~~ total active/idle flows...: 1/1
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6011535 bytes
~~ total memory freed........: 6011535 bytes
~~ total memory allocated....: 6011543 bytes
~~ total memory freed........: 6011543 bytes
~~ total allocations/frees...: 120882/120882
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 474 chars

16
test/results/dtls_certificate_fragments.pcap.out
View File

@@ -1,12 +1,12 @@
00477{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00566{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1556606275726}
00605{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1556606275726,"flow_last_seen":1556606275726,"flow_idle_time":200000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":0,"thread_ts_msec":1556606275726,"l3_proto":"ip4","src_ip":"10.186.198.149","dst_ip":"35.210.59.134","src_port":39347,"dst_port":44443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00610{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1556606275726,"flow_last_seen":1556606275726,"flow_idle_time":200000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"midstream":0,"thread_ts_msec":1556606275726,"l3_proto":"ip4","src_ip":"10.186.198.149","dst_ip":"35.210.59.134","src_port":39347,"dst_port":44443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00873{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1556606275726,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":354,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":354,"pkt_l4_len":320,"thread_ts_msec":1556606275726,"pkt":"AAAAp2BiAAAAtzPNCABFAAFUW5tAAD4Rr1YKusaVI9I7hpmzrZsBQKk0Fv7\/AAAAAAAAAAABKwEAAR8AAAAAAAABH\/79XLdFN6Sz4OQy2sCEjyxqziIlNS85zlQeFiYi19pl1vEAAACgwDDALMAowCTAFMAKAKUAowChAJ8AawBqAGkAaAA5ADgANwA2AIgAhwCGAIXAMsAuwCrAJsAPwAUAnQA9ADUAhMAvwCvAJ8AjwBPACQCkAKIAoACeAGcAQAA\/AD4AMwAyADEAMACaAJkAmACXAEUARABDAELAMcAtwCnAJcAOwAQAnAA8AC8AlgBBAAfAEsAIABYAEwAQAA3ADcADAAoA\/wEAAFUACwAEAwABAgAKABwAGgAXABkAHAAbABgAGgAWAA4ADQALAAwACQAKACMAAAANACAAHgYBBgIGAwUBBQIFAwQBBAIEAwMBAwIDAwIBAgICAwAPAAEB"}
01090{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1556606275726,"flow_last_seen":1556606275726,"flow_idle_time":200000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":0,"thread_ts_msec":1556606275726,"l3_proto":"ip4","src_ip":"10.186.198.149","dst_ip":"35.210.59.134","src_port":39347,"dst_port":44443,"l4_proto":"udp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCloud","breed":"Acceptable","category":"Cloud"},"tls": {"version":"DTLSv1.2","client_requested_server_name":"","ja3":"3c3d129780d0066cd8936a6291a8d44f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01095{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1556606275726,"flow_last_seen":1556606275726,"flow_idle_time":200000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"midstream":0,"thread_ts_msec":1556606275726,"l3_proto":"ip4","src_ip":"10.186.198.149","dst_ip":"35.210.59.134","src_port":39347,"dst_port":44443,"l4_proto":"udp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCloud","breed":"Acceptable","category":"Cloud"},"tls": {"version":"DTLSv1.2","client_requested_server_name":"","ja3":"3c3d129780d0066cd8936a6291a8d44f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1556606275848,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1556606275848,"pkt":"AAAAp2BiAAAAtzPNCABFIABM4VFAAD4RKogj0juGCrrGla2bmbMAOPKRFv7\/AAAAAAAAAAAAIwMAABcAAAAAAAAAF\/7\/FGas+MFHIUbk58MIduuc4UCKEPlD"}
00902{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1556606275913,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":374,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":374,"pkt_l4_len":340,"thread_ts_msec":1556606275913,"pkt":"AAAAp2BiAAAAtzPNCABFAAFoW6pAAD4RrzMKusaVI9I7hpmzrZsBVHbeFv7\/AAAAAAAAAAEBPwEAATMAAQAAAAABM\/79XLdFN6Sz4OQy2sCEjyxqziIlNS85zlQeFiYi19pl1vEAFGas+MFHIUbk58MIduuc4UCKEPlDAKDAMMAswCjAJMAUwAoApQCjAKEAnwBrAGoAaQBoADkAOAA3ADYAiACHAIYAhcAywC7AKsAmwA\/ABQCdAD0ANQCEwC\/AK8AnwCPAE8AJAKQAogCgAJ4AZwBAAD8APgAzADIAMQAwAJoAmQCYAJcARQBEAEMAQsAxwC3AKcAlwA7ABACcADwALwCWAEEAB8ASwAgAFgATABAADcANwAMACgD\/AQAAVQALAAQDAAECAAoAHAAaABcAGQAcABsAGAAaABYADgANAAsADAAJAAoAIwAAAA0AIAAeBgEGAgYDBQEFAgUDBAEEAgQDAwEDAgMDAgECAgIDAA8AAQE="}
01239{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1556606275726,"flow_last_seen":1556606276035,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":1412,"flow_tot_l4_payload_len":2104,"flow_avg_l4_payload_len":526,"midstream":0,"thread_ts_msec":1556606276035,"l3_proto":"ip4","src_ip":"10.186.198.149","dst_ip":"35.210.59.134","src_port":39347,"dst_port":44443,"l4_proto":"udp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCloud","breed":"Acceptable","category":"Cloud"},"tls": {"version":"DTLSv1.2","client_requested_server_name":"","ja3":"3c3d129780d0066cd8936a6291a8d44f","ja3s":"d45798bc098cd930de7eb2f5f866e994","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA"}}
01067{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1556606275726,"flow_last_seen":1556606278645,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":1412,"flow_tot_l4_payload_len":5138,"flow_avg_l4_payload_len":256,"midstream":0,"thread_ts_msec":1556606278645,"l3_proto":"ip4","src_ip":"10.186.198.149","dst_ip":"35.210.59.134","src_port":39347,"dst_port":44443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCloud","breed":"Acceptable","category":"Cloud"}}
01244{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1556606275726,"flow_last_seen":1556606276035,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":1412,"flow_tot_l4_payload_len":2104,"midstream":0,"thread_ts_msec":1556606276035,"l3_proto":"ip4","src_ip":"10.186.198.149","dst_ip":"35.210.59.134","src_port":39347,"dst_port":44443,"l4_proto":"udp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCloud","breed":"Acceptable","category":"Cloud"},"tls": {"version":"DTLSv1.2","client_requested_server_name":"","ja3":"3c3d129780d0066cd8936a6291a8d44f","ja3s":"d45798bc098cd930de7eb2f5f866e994","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA"}}
01072{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":9,"flow_first_seen":1556606275726,"flow_last_seen":1556606278645,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":1412,"flow_tot_l4_payload_len":5138,"midstream":0,"thread_ts_msec":1556606278645,"l3_proto":"ip4","src_ip":"10.186.198.149","dst_ip":"35.210.59.134","src_port":39347,"dst_port":44443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCloud","breed":"Acceptable","category":"Cloud"}}
00575{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":5138,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_msec":1556606278645}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 20/20
@@ -16,10 +16,10 @@
~~ total active/idle flows...: 1/1
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6003701 bytes
~~ total memory freed........: 6003701 bytes
~~ total memory allocated....: 6003709 bytes
~~ total memory freed........: 6003709 bytes
~~ total allocations/frees...: 120898/120898
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 482 chars
~~ json string max len.......: 1244 chars
~~ json string avg len.......: 850 chars
~~ json string max len.......: 1249 chars
~~ json string avg len.......: 852 chars

28
test/results/dtls_mid_sessions.pcapng.out
View File

@@ -1,27 +1,27 @@
00470{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dtls_mid_sessions.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00559{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dtls_mid_sessions.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1644251732783}
00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1644251732783,"flow_last_seen":1644251732783,"flow_idle_time":200000,"flow_min_l4_payload_len":93,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":93,"flow_avg_l4_payload_len":93,"midstream":0,"thread_ts_msec":1644251732783,"l3_proto":"ip4","src_ip":"53.214.238.65","dst_ip":"199.186.151.155","src_port":53558,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1644251732783,"flow_last_seen":1644251732783,"flow_idle_time":200000,"flow_min_l4_payload_len":93,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":93,"midstream":0,"thread_ts_msec":1644251732783,"l3_proto":"ip4","src_ip":"53.214.238.65","dst_ip":"199.186.151.155","src_port":53558,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1644251732783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":135,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":135,"pkt_l4_len":101,"thread_ts_msec":1644251732783,"pkt":"AAAAAAAAAAUAH77DCABFAAB5TfQAAHkRcBI11u5Bx7qXm9E2AbsAZQC2FwEAAAEAAAAA1BUAUFbLHE7KkMRUAMa+BCcg\/DTD4cWbj4CR\/ou6\/eEj1qcEoJjrsJeHH7KwZMNGTwAG1rS\/\/iatJdFhJzn0FDJ0hSfdwvHN8cKVzNzbvFPCN5Gy"}
00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1644251732783,"flow_last_seen":1644251732783,"flow_idle_time":200000,"flow_min_l4_payload_len":93,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":93,"flow_avg_l4_payload_len":93,"midstream":0,"thread_ts_msec":1644251732783,"l3_proto":"ip4","src_ip":"53.214.238.65","dst_ip":"199.186.151.155","src_port":53558,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","breed":"Safe","category":"Web"}}
00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1644251732795,"flow_last_seen":1644251732795,"flow_idle_time":200000,"flow_min_l4_payload_len":378,"flow_max_l4_payload_len":378,"flow_tot_l4_payload_len":378,"flow_avg_l4_payload_len":378,"midstream":0,"thread_ts_msec":1644251732795,"l3_proto":"ip4","src_ip":"135.215.56.198","dst_ip":"124.73.140.89","src_port":443,"dst_port":61189,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1644251732783,"flow_last_seen":1644251732783,"flow_idle_time":200000,"flow_min_l4_payload_len":93,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":93,"midstream":0,"thread_ts_msec":1644251732783,"l3_proto":"ip4","src_ip":"53.214.238.65","dst_ip":"199.186.151.155","src_port":53558,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","breed":"Safe","category":"Web"}}
00601{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1644251732795,"flow_last_seen":1644251732795,"flow_idle_time":200000,"flow_min_l4_payload_len":378,"flow_max_l4_payload_len":378,"flow_tot_l4_payload_len":378,"midstream":0,"thread_ts_msec":1644251732795,"l3_proto":"ip4","src_ip":"135.215.56.198","dst_ip":"124.73.140.89","src_port":443,"dst_port":61189,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00957{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1644251732795,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":420,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":420,"pkt_l4_len":386,"thread_ts_msec":1644251732795,"pkt":"AAAAAAAAAA0A4CzfCABFAAGW4ZIAAPMRG4SH1zjGfEmMWQG77wUBgjnKF\/79AAEAAAAMGs0BbbJE\/pYaT4dviGdRi2WOW3oR6c89g2R+B6cawD8bIDdGtNIdChofe7UWFvQsORIVWYmmB1ARH2\/YcAr2riegnyfmmD5WNzjlTxQKV6PsE39+eKr8boH2o8jfYvfY6pYtfswzpn9K6hafEVXA2FkG+xAviECcyUgulZBKj4E9uB5YFuX0y7TxSC60ET9QuiIYZ4UUay4t2BEEd5FC6C5uWNuKgCANMbDPWWDHNenOhqCQ0yF83uBqHq5r406ipnTN4XmSI+EDNc9u2FN1pMCLrm4dBrNrnCATji9ZfGECArYgjEqRBAyHOL2Vvc56w\/Qgv8pMx2l0H\/kzzxsaovLIADZ0nv90fLwWxgJh5LTsHegomfRJxO6vDkSmbGbpSLoc1i0NS6B5uEf0iwFQrPlN8SwGIkJI3yry5\/bY50nqmbGvAmRGRPr67RoYsMs3XyFBKaVKTGI+C7wl3+a9aZ7IG79al3N\/ir30CorciRns"}
00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1644251732795,"flow_last_seen":1644251732795,"flow_idle_time":200000,"flow_min_l4_payload_len":378,"flow_max_l4_payload_len":378,"flow_tot_l4_payload_len":378,"flow_avg_l4_payload_len":378,"midstream":0,"thread_ts_msec":1644251732795,"l3_proto":"ip4","src_ip":"135.215.56.198","dst_ip":"124.73.140.89","src_port":443,"dst_port":61189,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","breed":"Safe","category":"Web"}}
00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1644251732819,"flow_last_seen":1644251732819,"flow_idle_time":200000,"flow_min_l4_payload_len":1243,"flow_max_l4_payload_len":1243,"flow_tot_l4_payload_len":1243,"flow_avg_l4_payload_len":1243,"midstream":0,"thread_ts_msec":1644251732819,"l3_proto":"ip4","src_ip":"170.151.105.215","dst_ip":"121.152.255.238","src_port":443,"dst_port":8460,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1644251732795,"flow_last_seen":1644251732795,"flow_idle_time":200000,"flow_min_l4_payload_len":378,"flow_max_l4_payload_len":378,"flow_tot_l4_payload_len":378,"midstream":0,"thread_ts_msec":1644251732795,"l3_proto":"ip4","src_ip":"135.215.56.198","dst_ip":"124.73.140.89","src_port":443,"dst_port":61189,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","breed":"Safe","category":"Web"}}
00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1644251732819,"flow_last_seen":1644251732819,"flow_idle_time":200000,"flow_min_l4_payload_len":1243,"flow_max_l4_payload_len":1243,"flow_tot_l4_payload_len":1243,"midstream":0,"thread_ts_msec":1644251732819,"l3_proto":"ip4","src_ip":"170.151.105.215","dst_ip":"121.152.255.238","src_port":443,"dst_port":8460,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02136{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1644251732819,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1285,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1285,"pkt_l4_len":1251,"thread_ts_msec":1644251732819,"pkt":"AAAAAAAAAAwAL85GCABFAAT3jYAAAD8RW4Cql2nXeZj\/7gG7IQwE469EF\/79AAEAAAAOADMEzpBZfrcT0WIwMaDtBJeOBmxdcsJNOoXMZL6URfohbDk+fMmixVNI9xolr8+oLL1F4twNjv+WWISFzhnbON+quhvr\/URpD+ws1Hw5ypw9kryCC3Gz\/V0VjiX8Xc\/vtdTUbPgNhVWHd4bAhh40ADLhQPQkBAsCOtbK+iLtMag8MKHa7XNeUssDEU2YZ+LVLTSuMPPRFA7Bn70EZWs\/DCi27ASgPoWey+zwI1xIXuPrzL3CEE0ryC7xCVWmB7SiiwnTXaWTMiWuKckduKf2vcqeUInANsr5N7tIclBo8npD6Wv5TYmAETN2yU8Nm\/538q30IPqbVb+BDK3Mm8YWXVJwGjPmfJMeSqlurhbLk+lY8A7H5w4CNWa5sLnwiYR0t1nGGT+c6gH4t9io9FfDfRocu2Hs8MORtesCyko\/XlrpKkxc7dT+hoUQ2Ig6qEPXA3sYuuaHBk29mkEb0AQ5r3Yeoi2i9uz3LKLmrnRHrUK\/fmzNPiFJaxXPVKpQfGCdE0kEm5BCPbK9vfyBOOB3\/7sYIoj0zRw0ujkmi\/fms\/mWUCW\/DAq0p0bR5iVVH+Ngw2uqr6zQEm4XRGnGZFmuu0l0H6YD3Eb1B2UCW9vuErCQHHIww4lSfamNKn\/MNTatiSE9AEGAXFnsatbLq1Z5io9Y\/TdYF6+t1UHJOwZwD7b9V9i+mtPfgQLl8NiU2j0hMADfqqZO+d6StX4ZPzcJzKEOTgyaK0nvBKJhkOP0NgYPHYSdDxApEbupq0dKHpaNbacM2uKwu504erdoidcewH\/7L7YuIPeHxN8B2CxpNmSaolF2ih\/soS48V5\/y2G2vsTf20WLKhZOVAc2HAwSJWppTXIXZ2ymaI2ccqmtA+Jj1Sh\/aySJmCNJgQRb+Tcb4UAIe2s7Ss0ohk8dIJaV1VTOiYqi2PO\/cmF2fbWjn7YCBHVONNgmgwVurzrLR\/7LKD6+RtyeBaiIiRznG7koq5+WUC4s4lIhOAXYNXcFJlGpDczzjCsWhAucM29DaONa7p6yAmBSnUB\/yr6Ovdz\/0qrxF0A2mKqF9Fr8wa1k2+IVlWXdO5M8MrkylBlafgM+pBrC++fqAsB5Z8ntzGyEEAIhIguvUc7eEMfLb8ompiZN0LG\/UQFL8Hdeydye8KizDxkDbrTMl+gvHDUgxrwrHaNEfQLZEE9yOxjouCuzqHoOHaNLdHXriALPdgO8PgZg52Nl0rFNULXT9vXKUz77IS3AzkI0jn3jD4IUvZGga3YFZwaH\/U061fPLL4j+BBr50LUISnA80AXu8pkPA+ItEniZjyvqJbWwUiGDKodjVfcrlS0rEunQNIk1gZJIvR9OfRy2oQ+VN6aSshdDXKDEBImK+wljVdTA53XPi5\/MccimOI9bmxkLRSSaFifU8SwSGq79LgaobQpMdKTgkyZj4oryYIvGYLwbOQOlxuysPSmzwLQSgG62CyC9PDl93WjiS04EZ2I8t0QapYhEHiYvaC6XnL5vFE61pGN6LvAFh8VjcHdTgX+xBxR7SDTPMEMIjTHgXfKH7wy5Cg3nULpAYX6cJGMwlbrjXj8yi+MUAjhinxtvIPi08w3jd2aoqmwKJ16S\/lRU2isekmVfixMPHHoKAkMAhFQvyUcTC5r0kOs5hmQ=="}
00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1644251732819,"flow_last_seen":1644251732819,"flow_idle_time":200000,"flow_min_l4_payload_len":1243,"flow_max_l4_payload_len":1243,"flow_tot_l4_payload_len":1243,"flow_avg_l4_payload_len":1243,"midstream":0,"thread_ts_msec":1644251732819,"l3_proto":"ip4","src_ip":"170.151.105.215","dst_ip":"121.152.255.238","src_port":443,"dst_port":8460,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","breed":"Safe","category":"Web"}}
00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1644251732819,"flow_last_seen":1644251732819,"flow_idle_time":200000,"flow_min_l4_payload_len":1243,"flow_max_l4_payload_len":1243,"flow_tot_l4_payload_len":1243,"midstream":0,"thread_ts_msec":1644251732819,"l3_proto":"ip4","src_ip":"170.151.105.215","dst_ip":"121.152.255.238","src_port":443,"dst_port":8460,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","breed":"Safe","category":"Web"}}
00725{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1644251732824,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":248,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":248,"pkt_l4_len":214,"thread_ts_msec":1644251732824,"pkt":"AAAAAAAAAA0A4CzfCABFAADqm5gAAPMRYiqH1zjGfEmMWQG77wUA1gTeF\/79AAEAAAAMHEgAwbJE\/pYaT4jqSUPNYrxJL8Codo+NI1ON15wpo0UXGwutN5NqnUCtT4dyFWAwgXODy+FvALQSrXC5ZUWgnBdE5XT3NYf0YexgHZ5a2Idl8QW41Rj7Lf2MjzpVZcdBplQYlFQw8nR6sXhVOTnwn+aZxjvNjegLOT\/kssRbnCbEZBdFElSPioELBFUc51QWw1KkVU7sCAsrnomfJlGQXKgbAgDCxy96WQjMbwdI0DC9j1PjopVLRsWpCdrq61oMc+AXpbs="}
00991{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1644251732837,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":444,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":444,"pkt_l4_len":410,"thread_ts_msec":1644251732837,"pkt":"AAAAAAAAAA0A4CzfCABFAAGul4wAAPMRZXKH1zjGfEmMWQG77wUBmmGkF\/79AAEAAAAMHEsBhbJE\/pYaT4jtxwUFArtWMM0UapEkJqGElOoBLeIEH2dap\/HHoRfD+WZCZVeWcfs89omPS71pdPjHruF4M8hY0GDqFGaq4hwXSFhdKzQYz9O+XrC2R3kLNO+7d9ahfIZgOf3IzVC3go+4VnJWVPbutZawFrPDHu4OI2DkufkbgN2w2MdfyHY7tFIv3sv9Yec+tmHqp+TfY\/7K48nV\/SpID+BxX8vM1sjsa38xKBOp231zDMTPzXJ6BXVnEv38pt+e6QYodnl8j0\/\/iNXd\/0ygBx2Gbs+PMnBPhRl6mKflFEu+Rd1rHxB+cdW9TD5Zu0JuceAevKUzl8EhV8zP0uj8u2txE2Wy+x7Ur2Sf3iDsNtMEnmSFOBlZ4L0kTTNdryI+9vkWxgqkIpD+tTHrsbvnuosn8rINm4EEiwmOHxT5Txkfi0nQj3KhwBB\/CrnZUgKygw4AqCnOteFXYUOpGWPiW3ph5GOerUZvQJGtAXvFm9GNRbBLrfJbU+1TGc+0prjKcuXwKJXs"}
00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1644251732859,"flow_last_seen":1644251732859,"flow_idle_time":200000,"flow_min_l4_payload_len":1453,"flow_max_l4_payload_len":1453,"flow_tot_l4_payload_len":1453,"flow_avg_l4_payload_len":1453,"midstream":0,"thread_ts_msec":1644251732859,"l3_proto":"ip4","src_ip":"170.151.105.215","dst_ip":"72.102.179.218","src_port":443,"dst_port":62811,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1644251732859,"flow_last_seen":1644251732859,"flow_idle_time":200000,"flow_min_l4_payload_len":1453,"flow_max_l4_payload_len":1453,"flow_tot_l4_payload_len":1453,"midstream":0,"thread_ts_msec":1644251732859,"l3_proto":"ip4","src_ip":"170.151.105.215","dst_ip":"72.102.179.218","src_port":443,"dst_port":62811,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02423{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1644251732859,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1495,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1495,"pkt_l4_len":1461,"thread_ts_msec":1644251732859,"pkt":"AAAAAAAAAAwAL85GCABFAAXJjqAAAD8R1tSql2nXSGaz2gG79VsFtfY\/F\/79AAEAAAAB\/fEFoF3h0hdGzu1TA0QyQd7pCFDSC3afBB7oBt63isvB1x36GJE6p5uYZLqeMCF8Kq0L9np57tsKxCxlUs+HEPNPgjqe\/5xfHnAfj07cLfClN5VTtTUB5qb\/Uzgw\/vvP21xao12ZqooD5yTV1LTW6vA7if2PeOLOISFIxtnk7K2YvqcYKSdlvHG6yR+nEkUYbU6TN2Si0w3F\/bXRIVZn\/utSvUrMMpJQJGoyc7+0D7gvTiD9elmM37eoGxMYN55aok\/Rqv5EzI9hLqHql4oyLrfR42TDTlKAkRrc8o4qI6IJa2LOra10lxuvJr\/k1kRymQi6OxdIBknFY9dxgj5ObzX8O8pZOayh3UP4Vz2Jf9AKuKYkDQt849LLzHcrz0KblbvSBh2+N16WkmUh4djf9UB8Gz1JDPiAayjCAJw5hmhil7+YLZ296spISGAB5r+u2tjzsifTOVhY7bN2UxxQL0fIlvoaWY\/y9\/ZCMN\/+nJC7y\/XaroqRUKCqLjMYIujedrY1z0fJdM0JfAxaURRtxuDg6RFwNJnO9cLRQvh2RBzs\/gEowITgrTOESBsB55ioZA+Tux2j7WJNEhcOrgqTxI1bbJVWgffituxrnfBek0e9qluQHI\/txOueYvkNqy+HmJuv6W9AqBW3FLdr3Vvac5XD4DcALe3OScCVumc+FhPk75xVgGSkCoI4G0TrOiDufPdLg8z2pt3BUcoLG3IOtO+HLK7pOSMmXHAtxLVvAmBgQRWFG2JQmfDm8onH1OYL8Iltb4x64j6qzL6hMWdqlw+a\/02Thb3V8PyMIouKtfvvmtMlyz08F\/FoFzYRF\/35lnpkyu7ILHtXf1gpl0BZFCjkiCrF80wOmxr34kk1Gh1nYmpvmR2c1gELo7egBTM4KmQu9zFJfddi1h5O5opVp2pZuvj7z0f+FQazcpP4K9W13C5doxhwqXYYRZUtt4pqSg7VuALKfHsI\/K4Nx5Pzjd8Iq83sBzE+Sij3K\/EOkb5S9OiJ5d4w\/8wChDtFtsZpbRqkgwtGZ4TnrZnmSWbnnYYmGLqkMVmQuWU3rujzIrOQB3K0aG7ROps9lH7HqkjO+xYl5kdVzAGlgBs4BUa5byQ9qr7+gASs2al+BeQGeNCk2lpX2dqMAWnlf9SFESF2PJ\/+D6wtsuLQNHWW98GDiQpZzl+TQEPv6M1IetlQnSEOrzTPvlVQ0qow\/isWdiWwy8jpT8kNltVS+TkyWuH33iJfs3osf1kc5j7VlJaSBFpBjStPiqCDgKjsbq+6tvZLCOrEhWktxUlyr4aS9FORJj6ifTHGiv9WaymbCyoyXZJIFaxmPOAb7c5uS\/0cFN3bjuM3H7QT7GWZlj6gyPR9zg4bGxlM97TWOC4d3ARcYsEBlv8VHv18CdgJohP47cPxOB9a+opIrMkOrhFGrrK44v+vTKioNn1c8+f9NCG8Fbxr5tdxL7fxVfgjuqbXOIBakcJUzdLWRNsAzRKgrPtIANoM9cxCLHkQD90heWs8wEJNR32F2du7L9Qj1wLSY255H+1dRBEN8sdZF3daSWc6HVfsiBsrKqYjNzYxgRW9EdxQnKRaUyEHb86zwYV+sCsCdtwBsST+orAadvLP+wODDjxGrp9hm5xmQsK0\/f+1q95HNtla\/h6LX2PUKlV9s\/xr32qoZMz5UYCZspfSbz\/g8qULof8RlfM8mCMFFROIBVYtfH3DfZvErVwl5dv6Ws2OhC7zPqb2i5xtt3COdOQq\/9wpconfg6RsNV4FfxrLV9+c1vSJ4BpssIk13lXRoHchuE7VyZo0yumolNBEM51qkcDI6ZUDyZOm4xRNlKZ4zHbJKFbfP6fXjB+0\/\/eyWSigKAUOj3m6IU\/DBl7etveDbav3int0J2aVp9BTKqRhvW7r4DdpbGP0lgAopZGSAdRjWrFa\/w=="}
00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1644251732859,"flow_last_seen":1644251732859,"flow_idle_time":200000,"flow_min_l4_payload_len":1453,"flow_max_l4_payload_len":1453,"flow_tot_l4_payload_len":1453,"flow_avg_l4_payload_len":1453,"midstream":0,"thread_ts_msec":1644251732859,"l3_proto":"ip4","src_ip":"170.151.105.215","dst_ip":"72.102.179.218","src_port":443,"dst_port":62811,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","breed":"Safe","category":"Web"}}
00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1644251732859,"flow_last_seen":1644251732859,"flow_idle_time":200000,"flow_min_l4_payload_len":1453,"flow_max_l4_payload_len":1453,"flow_tot_l4_payload_len":1453,"midstream":0,"thread_ts_msec":1644251732859,"l3_proto":"ip4","src_ip":"170.151.105.215","dst_ip":"72.102.179.218","src_port":443,"dst_port":62811,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","breed":"Safe","category":"Web"}}
00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1644251732895,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":135,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":135,"pkt_l4_len":101,"thread_ts_msec":1644251732895,"pkt":"AAAAAAAAAA0A4CzfCABFAAB5eiMAAHURPVt5mP\/uqpdp1yEMAbsAZRo2F\/79AAEAAAAMhRMAUKWzGmfeg9vDd7\/B3T+kirAR7zq6Tf8oB5f1Qe4Uo6LIUlneZEoesMiQtJMzhmqS3RqJKvvRB2aCGmdCfvmL62icrVJNR6\/VZ+07XbOviqwQ"}
00790{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1644251732899,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_msec":1644251732899,"pkt":"AAAAAAAAAA0A4CzfCABFAAEXWbEAAHsR1HVIZrPaqpdp1\/VbAbsBA4vCF\/79AAEAAAABzVAA7sDAOt7ZNYadwFH6SHccSVCdGOeDS5VAVNAWpaw7BhQgb+1bCi82Zlyb4VWcAVH\/n1elQ7THJB3xDUKy4xtskzMRGshyDl5w6kBiV+\/uymBxK+YhMTQUTq1HeBxB7zUOp+X+xuu7HM616iGjTAfQnnvrYWz\/HmxBxjmowsnmxGXDMK7PSSumdsoeyWUI738iBD4CXuuT0D1mQ3mFUW6\/Pk13ysfBe5VqGzIqxDG7bUTMvbDlBM25yv2N52iEk51XTxj0yy9gjACGD6yvi0albjjmw6qqv2ayTvP7YsK8J5EjIW\/WNb6g+p99LqUDPkA="}
00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1644251732904,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":135,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":135,"pkt_l4_len":101,"thread_ts_msec":1644251732904,"pkt":"AAAAAAAAAAwAL85GCABFAAB5j\/YAAD8RXYiql2nXeZj\/7gG7IQwAZQo0F\/79AAEAAAAOADoAUJBZfrcT0WI3vKOvm48zQRKNwV9xk31D25d9i4LGPOZLsa\/MxEM\/iT8j5X2NeXzZcl7g81+pOvAYTMQ6CMg7uw6mEidESPz\/p+RCZ0ysmpq9"}
00644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1644251733036,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_msec":1644251733036,"pkt":"AAAAAAAAAAwAL85GCABFAACskrIAAD8R19+ql2nXSGaz2gG79VsAmK\/7F\/79AAEAAAAB\/fQAg13h0hdGzu1WNO2vU\/IbgHdYF0RFMS34pXUQgZKyQWeJANVsXGZq+9MFiIsKjl3D7HT8luq5HJMe4S4Zb3zMPZ6zO4gT5DOoVt7Is6ObHtcjGB0kUDwHIjrh3nhApNylKNWwtoR5rdprjwF7EWz\/b9mEcMLFaMAE3VniOUA3LqrIzirj"}
00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":91,"source":"dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1644251732795,"flow_last_seen":1644251733063,"flow_idle_time":200000,"flow_min_l4_payload_len":78,"flow_max_l4_payload_len":1339,"flow_tot_l4_payload_len":7981,"flow_avg_l4_payload_len":266,"midstream":0,"thread_ts_msec":1644251736135,"l3_proto":"ip4","src_ip":"135.215.56.198","dst_ip":"124.73.140.89","src_port":443,"dst_port":61189,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","breed":"Safe","category":"Web"}}
00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":91,"source":"dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1644251732819,"flow_last_seen":1644251733371,"flow_idle_time":200000,"flow_min_l4_payload_len":93,"flow_max_l4_payload_len":1453,"flow_tot_l4_payload_len":17146,"flow_avg_l4_payload_len":571,"midstream":0,"thread_ts_msec":1644251736135,"l3_proto":"ip4","src_ip":"170.151.105.215","dst_ip":"121.152.255.238","src_port":443,"dst_port":8460,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","breed":"Safe","category":"Web"}}
00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":91,"source":"dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1644251732783,"flow_last_seen":1644251732783,"flow_idle_time":200000,"flow_min_l4_payload_len":93,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":93,"flow_avg_l4_payload_len":93,"midstream":0,"thread_ts_msec":1644251736135,"l3_proto":"ip4","src_ip":"53.214.238.65","dst_ip":"199.186.151.155","src_port":53558,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","breed":"Safe","category":"Web"}}
00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":91,"source":"dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1644251732859,"flow_last_seen":1644251736135,"flow_idle_time":200000,"flow_min_l4_payload_len":93,"flow_max_l4_payload_len":1453,"flow_tot_l4_payload_len":8826,"flow_avg_l4_payload_len":294,"midstream":0,"thread_ts_msec":1644251736135,"l3_proto":"ip4","src_ip":"170.151.105.215","dst_ip":"72.102.179.218","src_port":443,"dst_port":62811,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","breed":"Safe","category":"Web"}}
00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":91,"source":"dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":0,"flow_first_seen":1644251732795,"flow_last_seen":1644251733063,"flow_idle_time":200000,"flow_min_l4_payload_len":78,"flow_max_l4_payload_len":1339,"flow_tot_l4_payload_len":7981,"midstream":0,"thread_ts_msec":1644251736135,"l3_proto":"ip4","src_ip":"135.215.56.198","dst_ip":"124.73.140.89","src_port":443,"dst_port":61189,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","breed":"Safe","category":"Web"}}
00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":91,"source":"dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":13,"flow_first_seen":1644251732819,"flow_last_seen":1644251733371,"flow_idle_time":200000,"flow_min_l4_payload_len":93,"flow_max_l4_payload_len":1453,"flow_tot_l4_payload_len":17146,"midstream":0,"thread_ts_msec":1644251736135,"l3_proto":"ip4","src_ip":"170.151.105.215","dst_ip":"121.152.255.238","src_port":443,"dst_port":8460,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","breed":"Safe","category":"Web"}}
00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":91,"source":"dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1644251732783,"flow_last_seen":1644251732783,"flow_idle_time":200000,"flow_min_l4_payload_len":93,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":93,"midstream":0,"thread_ts_msec":1644251736135,"l3_proto":"ip4","src_ip":"53.214.238.65","dst_ip":"199.186.151.155","src_port":53558,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","breed":"Safe","category":"Web"}}
00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":91,"source":"dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":17,"flow_first_seen":1644251732859,"flow_last_seen":1644251736135,"flow_idle_time":200000,"flow_min_l4_payload_len":93,"flow_max_l4_payload_len":1453,"flow_tot_l4_payload_len":8826,"midstream":0,"thread_ts_msec":1644251736135,"l3_proto":"ip4","src_ip":"170.151.105.215","dst_ip":"72.102.179.218","src_port":443,"dst_port":62811,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","breed":"Safe","category":"Web"}}
00569{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":91,"source":"dtls_mid_sessions.pcapng","alias":"nDPId-test","packets-captured":91,"packets-processed":91,"total-skipped-flows":0,"total-l4-payload-len":34046,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":25,"global_ts_msec":1644251736135}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 91/91
@@ -31,8 +31,8 @@
~~ total active/idle flows...: 4/4
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6008896 bytes
~~ total memory freed........: 6008896 bytes
~~ total memory allocated....: 6008928 bytes
~~ total memory freed........: 6008928 bytes
~~ total allocations/frees...: 120979/120979
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 475 chars

16
test/results/dtls_old_version.pcapng.out
View File

@@ -1,12 +1,12 @@
00469{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dtls_old_version.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00558{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dtls_old_version.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1592388130600}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dtls_old_version.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592388130600,"flow_last_seen":1592388130600,"flow_idle_time":200000,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":99,"flow_avg_l4_payload_len":99,"midstream":0,"thread_ts_msec":1592388130600,"l3_proto":"ip4","src_ip":"37.188.4.115","dst_ip":"70.66.6.128","src_port":56453,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dtls_old_version.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1592388130600,"flow_last_seen":1592388130600,"flow_idle_time":200000,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":99,"midstream":0,"thread_ts_msec":1592388130600,"l3_proto":"ip4","src_ip":"37.188.4.115","dst_ip":"70.66.6.128","src_port":56453,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dtls_old_version.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1592388130600,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"thread_ts_msec":1592388130600,"pkt":"AAAAAAAAAAYArvxgCABFAAB\/OTwAAH8Ri0ElvARzRkIGgNyFAbsAaxY5FgEAAAAAAAAAAAAAVgEAAEoAAAAAAAAASgEAXunqImL3nzdrUBZ\/BhfTQm46UvY\/Zrav40oHNoY96qUgA8IpvhXWIFFe7w7KCq\/byTjgCP7o8hqBpXIG\/Tdba9gAAAIANQEA"}
00767{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dtls_old_version.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592388130600,"flow_last_seen":1592388130600,"flow_idle_time":200000,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":99,"flow_avg_l4_payload_len":99,"midstream":0,"thread_ts_msec":1592388130600,"l3_proto":"ip4","src_ip":"37.188.4.115","dst_ip":"70.66.6.128","src_port":56453,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"DTLS","breed":"Safe","category":"Web"}}
00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dtls_old_version.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1592388130600,"flow_last_seen":1592388130600,"flow_idle_time":200000,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":99,"midstream":0,"thread_ts_msec":1592388130600,"l3_proto":"ip4","src_ip":"37.188.4.115","dst_ip":"70.66.6.128","src_port":56453,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"DTLS","breed":"Safe","category":"Web"}}
00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dtls_old_version.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1592388131604,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"thread_ts_msec":1592388131604,"pkt":"AAAAAAAAAAYArvxgCABFAAB\/OUAAAH8Riz0lvARzRkIGgNyFAbsAaxY5FgEAAAAAAAAAAAAAVgEAAEoAAAAAAAAASgEAXunqImL3nzdrUBZ\/BhfTQm46UvY\/Zrav40oHNoY96qUgA8IpvhXWIFFe7w7KCq\/byTjgCP7o8hqBpXIG\/Tdba9gAAAIANQEA"}
00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dtls_old_version.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1592388131689,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1592388131689,"pkt":"AAAAAAAAAAYArvxgCABFAABM6u4AAPIRZsFGQgaAJbwEcwG73IUAOKixFgEAAAAAAAAAAAAAIwMAABcAAAAAAAAAFwEAFJQvJfDCZcKI8kzWgOcHI1Oo1d90"}
00881{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"dtls_old_version.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1592388130600,"flow_last_seen":1592388137817,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":700,"flow_avg_l4_payload_len":100,"midstream":0,"thread_ts_msec":1592388137817,"l3_proto":"ip4","src_ip":"37.188.4.115","dst_ip":"70.66.6.128","src_port":56453,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"DTLS","breed":"Safe","category":"Web"}}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"dtls_old_version.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1592388130600,"flow_last_seen":1592388137817,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":700,"flow_avg_l4_payload_len":100,"midstream":0,"thread_ts_msec":1592388137817,"l3_proto":"ip4","src_ip":"37.188.4.115","dst_ip":"70.66.6.128","src_port":56453,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00886{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"dtls_old_version.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1592388130600,"flow_last_seen":1592388137817,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":700,"midstream":0,"thread_ts_msec":1592388137817,"l3_proto":"ip4","src_ip":"37.188.4.115","dst_ip":"70.66.6.128","src_port":56453,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"DTLS","breed":"Safe","category":"Web"}}
00596{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"dtls_old_version.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1592388130600,"flow_last_seen":1592388137817,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":700,"midstream":0,"thread_ts_msec":1592388137817,"l3_proto":"ip4","src_ip":"37.188.4.115","dst_ip":"70.66.6.128","src_port":56453,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00563{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"dtls_old_version.pcapng","alias":"nDPId-test","packets-captured":7,"packets-processed":7,"total-skipped-flows":0,"total-l4-payload-len":700,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_msec":1592388137817}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 7/7
@@ -16,10 +16,10 @@
~~ total active/idle flows...: 1/1
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6003327 bytes
~~ total memory freed........: 6003327 bytes
~~ total memory allocated....: 6003335 bytes
~~ total memory freed........: 6003335 bytes
~~ total allocations/frees...: 120885/120885
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 474 chars
~~ json string max len.......: 886 chars
~~ json string avg len.......: 670 chars
~~ json string max len.......: 891 chars
~~ json string avg len.......: 672 chars

16
test/results/dtls_session_id_and_coockie_both.pcap.out
View File

@@ -1,12 +1,12 @@
00483{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00572{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1592388499775}
00610{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592388499775,"flow_last_seen":1592388499775,"flow_idle_time":200000,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":99,"flow_avg_l4_payload_len":99,"midstream":0,"thread_ts_msec":1592388499775,"l3_proto":"ip4","src_ip":"185.196.113.239","dst_ip":"223.116.105.247","src_port":50257,"dst_port":44443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00616{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1592388499775,"flow_last_seen":1592388499775,"flow_idle_time":200000,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":99,"midstream":0,"thread_ts_msec":1592388499775,"l3_proto":"ip4","src_ip":"185.196.113.239","dst_ip":"223.116.105.247","src_port":50257,"dst_port":44443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00594{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1592388499775,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"thread_ts_msec":1592388499775,"pkt":"AAAAAAAAAAEAvpsKCABFAAB\/T3sAAH8RdtO5xHHv33Rp98RRrZsAazO3Fv79AAAAAAAAAAAAVgEAAEoAAAAAAAAASv79P8FbOXt8ZkgBLvoC72ni+sdFNMYxwEb+hvs\/sv9L1B0gODIAL4OTx2HjtkquDfJ\/XJtXFrGeH36FJxKlpF5tST4AAALALAEA"}
01075{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592388499775,"flow_last_seen":1592388499775,"flow_idle_time":200000,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":99,"flow_avg_l4_payload_len":99,"midstream":0,"thread_ts_msec":1592388499775,"l3_proto":"ip4","src_ip":"185.196.113.239","dst_ip":"223.116.105.247","src_port":50257,"dst_port":44443,"l4_proto":"udp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"DTLS","breed":"Safe","category":"Web"},"tls": {"version":"DTLSv1.2","client_requested_server_name":"","ja3":"e15c510766789ed8f49de0e37951c1da","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01081{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1592388499775,"flow_last_seen":1592388499775,"flow_idle_time":200000,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":99,"midstream":0,"thread_ts_msec":1592388499775,"l3_proto":"ip4","src_ip":"185.196.113.239","dst_ip":"223.116.105.247","src_port":50257,"dst_port":44443,"l4_proto":"udp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"DTLS","breed":"Safe","category":"Web"},"tls": {"version":"DTLSv1.2","client_requested_server_name":"","ja3":"e15c510766789ed8f49de0e37951c1da","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1592388499786,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1592388499786,"pkt":"AAAAAAAAAAcAwedSCABFAABMjnQAAPMRxAzfdGn3ucRx762bxFEAOGNSFv7\/AAAAAAAAAAAAIwMAABcAAAAAAAAAF\/7\/FBwO\/CFwEASeBoBTHTZO4F6qQqae"}
00621{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1592388499813,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":161,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":161,"pkt_l4_len":127,"thread_ts_msec":1592388499813,"pkt":"AAAAAAAAAAEAvpsKCABFAACTT3wAAH8Rdr65xHHv33Rp98RRrZsAf9dAFv79AAAAAAAAAAEAagEAAF4AAQAAAAAAXv79P8FbOXt8ZkgBLvoC72ni+sdFNMYxwEb+hvs\/sv9L1B0gODIAL4OTx2HjtkquDfJ\/XJtXFrGeH36FJxKlpF5tST4UHA78IXAQBJ4GgFMdNk7gXqpCpp4AAsAsAQA="}
01134{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1592388499775,"flow_last_seen":1592388499833,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":436,"flow_avg_l4_payload_len":109,"midstream":0,"thread_ts_msec":1592388499833,"l3_proto":"ip4","src_ip":"185.196.113.239","dst_ip":"223.116.105.247","src_port":50257,"dst_port":44443,"l4_proto":"udp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"DTLS","breed":"Safe","category":"Web"},"tls": {"version":"DTLSv1.2","client_requested_server_name":"","ja3":"e15c510766789ed8f49de0e37951c1da","ja3s":"a1d48eca741e476d8ee735578a26bdbd","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"}}
00949{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1592388499775,"flow_last_seen":1592388499833,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":436,"flow_avg_l4_payload_len":109,"midstream":0,"thread_ts_msec":1592388499833,"l3_proto":"ip4","src_ip":"185.196.113.239","dst_ip":"223.116.105.247","src_port":50257,"dst_port":44443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"DTLS","breed":"Safe","category":"Web"}}
01139{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1592388499775,"flow_last_seen":1592388499833,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":436,"midstream":0,"thread_ts_msec":1592388499833,"l3_proto":"ip4","src_ip":"185.196.113.239","dst_ip":"223.116.105.247","src_port":50257,"dst_port":44443,"l4_proto":"udp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"DTLS","breed":"Safe","category":"Web"},"tls": {"version":"DTLSv1.2","client_requested_server_name":"","ja3":"e15c510766789ed8f49de0e37951c1da","ja3s":"a1d48eca741e476d8ee735578a26bdbd","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"}}
00954{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1592388499775,"flow_last_seen":1592388499833,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":436,"midstream":0,"thread_ts_msec":1592388499833,"l3_proto":"ip4","src_ip":"185.196.113.239","dst_ip":"223.116.105.247","src_port":50257,"dst_port":44443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"DTLS","breed":"Safe","category":"Web"}}
00577{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","packets-captured":4,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":436,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_msec":1592388499833}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 4/4
@@ -16,10 +16,10 @@
~~ total active/idle flows...: 1/1
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6003201 bytes
~~ total memory freed........: 6003201 bytes
~~ total memory allocated....: 6003209 bytes
~~ total memory freed........: 6003209 bytes
~~ total allocations/frees...: 120881/120881
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 488 chars
~~ json string max len.......: 1139 chars
~~ json string avg len.......: 805 chars
~~ json string max len.......: 1144 chars
~~ json string avg len.......: 808 chars

52
test/results/emotet.pcap.out
View File

@@ -1,48 +1,48 @@
00457{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"emotet.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00546{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"emotet.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1645830066121}
00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"emotet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1645830066121,"flow_last_seen":1645830066121,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1645830066121,"l3_proto":"ip4","src_ip":"10.2.25.102","dst_ip":"193.252.22.84","src_port":57309,"dst_port":587,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"emotet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1645830066121,"flow_last_seen":1645830066121,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1645830066121,"l3_proto":"ip4","src_ip":"10.2.25.102","dst_ip":"193.252.22.84","src_port":57309,"dst_port":587,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"emotet.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1645830066121,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1645830066121,"pkt":"IOUqtpPxAAgCHEeuCABFAAA0wBJAAIAGPvkKAhlmwfwWVN\/dAkvNIWS2AAAAAIAC+vBkZgAAAgQFtAEDAwgBAQQC"}
00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"emotet.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1645830066871,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1645830066871,"pkt":"AAgCHEeuIOUqtpPxCABFAAAsxzIAAIAGd+HB\/BZUCgIZZgJL392K6SffzSFkt2AS+vDaogAAAgQFtA=="}
00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"emotet.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1645830066871,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1645830066871,"pkt":"IOUqtpPxAAgCHEeuCABFAAAowBNAAIAGPwQKAhlmwfwWVN\/dAkvNIWS3iukn4FAQ+vDyXwAA"}
00669{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"emotet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1645830066121,"flow_last_seen":1645830068348,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":160,"flow_tot_l4_payload_len":235,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1645830068348,"l3_proto":"ip4","src_ip":"10.2.25.102","dst_ip":"193.252.22.84","src_port":57309,"dst_port":587,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"SMTP","breed":"Acceptable","category":"Email"},"smtp": {"user":"","password":""}}
00675{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"emotet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1645830066121,"flow_last_seen":1645830068348,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":160,"flow_tot_l4_payload_len":235,"midstream":0,"thread_ts_msec":1645830068348,"l3_proto":"ip4","src_ip":"10.2.25.102","dst_ip":"193.252.22.84","src_port":57309,"dst_port":587,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"SMTP","breed":"Acceptable","category":"Email"},"smtp": {"user":"","password":""}}
00557{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":627,"source":"emotet.pcap","alias":"nDPId-test","packets-captured":627,"packets-processed":626,"total-skipped-flows":0,"total-l4-payload-len":404645,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_msec":1648563468993}
00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":627,"source":"emotet.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1648563468993,"flow_last_seen":1648563468993,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1648563468993,"l3_proto":"ip4","src_ip":"10.3.29.101","dst_ip":"104.161.127.22","src_port":56309,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":627,"source":"emotet.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648563468993,"flow_last_seen":1648563468993,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1648563468993,"l3_proto":"ip4","src_ip":"10.3.29.101","dst_ip":"104.161.127.22","src_port":56309,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":627,"source":"emotet.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1648563468993,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1648563468993,"pkt":"IOUqtpPxAAgCHEeuCABFAAA0EddAAIAG2c0KAx1laKF\/Ftv1AFBvd7IvAAAAAIAC+vBnEwAAAgQFtAEDAwgBAQQC"}
00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":628,"source":"emotet.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1648563469109,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1648563469109,"pkt":"AAgCHEeuIOUqtpPxCABFAAAsoCoAAIAGi4JooX8WCgMdZQBQ2\/UuAEklb3eyMGAS+vAY8wAAAgQFtA=="}
00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":629,"source":"emotet.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1648563469109,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1648563469109,"pkt":"IOUqtpPxAAgCHEeuCABFAAAoEdhAAIAG2dgKAx1laKF\/Ftv1AFBvd7IwLgBJJlAQ+vAwsAAA"}
00895{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":630,"source":"emotet.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1648563468993,"flow_last_seen":1648563469109,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":446,"flow_tot_l4_payload_len":446,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1648563469109,"l3_proto":"ip4","src_ip":"10.3.29.101","dst_ip":"104.161.127.22","src_port":56309,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"fkl.co.ke","url":"fkl.co.ke\/wp-content\/Elw3kPvOsZxM5\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/99.0.4844.74 Safari\/537.36 Edg\/99.0.1150.55"}}
00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":831,"source":"emotet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":626,"flow_first_seen":1645830066121,"flow_last_seen":1645830085160,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":404645,"flow_avg_l4_payload_len":646,"midstream":0,"thread_ts_msec":1648563473087,"l3_proto":"ip4","src_ip":"10.2.25.102","dst_ip":"193.252.22.84","src_port":57309,"dst_port":587,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SMTP","breed":"Acceptable","category":"Email"}}
00900{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":630,"source":"emotet.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1648563468993,"flow_last_seen":1648563469109,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":446,"flow_tot_l4_payload_len":446,"midstream":0,"thread_ts_msec":1648563469109,"l3_proto":"ip4","src_ip":"10.3.29.101","dst_ip":"104.161.127.22","src_port":56309,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"fkl.co.ke","url":"fkl.co.ke\/wp-content\/Elw3kPvOsZxM5\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/99.0.4844.74 Safari\/537.36 Edg\/99.0.1150.55"}}
00689{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":831,"source":"emotet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":303,"flow_dst_packets_processed":323,"flow_first_seen":1645830066121,"flow_last_seen":1645830085160,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":404645,"midstream":0,"thread_ts_msec":1648563473087,"l3_proto":"ip4","src_ip":"10.2.25.102","dst_ip":"193.252.22.84","src_port":57309,"dst_port":587,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SMTP","breed":"Acceptable","category":"Email"}}
00558{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":835,"source":"emotet.pcap","alias":"nDPId-test","packets-captured":835,"packets-processed":834,"total-skipped-flows":0,"total-l4-payload-len":582320,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_msec":1650490398530}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":835,"source":"emotet.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1650490398530,"flow_last_seen":1650490398530,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1650490398530,"l3_proto":"ip4","src_ip":"10.4.20.102","dst_ip":"107.161.178.210","src_port":54319,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":835,"source":"emotet.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1650490398530,"flow_last_seen":1650490398530,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1650490398530,"l3_proto":"ip4","src_ip":"10.4.20.102","dst_ip":"107.161.178.210","src_port":54319,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":835,"source":"emotet.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1650490398530,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1650490398530,"pkt":"IOUqtpPxAAgCHEeuCABFAAA0\/mJAAIAGv4MKBBRma6Gy0tQvAFBRzVZmAAAAAIAC\/\/+1fwAAAgQFtAEDAwgBAQQC"}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":836,"source":"emotet.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1650490398627,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1650490398627,"pkt":"AAgCHEeuIOUqtpPxCABFAAAwAABAADIGC+trobLSCgQUZgBQ1C8M9mn7Uc1WZ3ASchDhvAAAAgQFbAEDAwc="}
00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":837,"source":"emotet.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1650490398628,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1650490398628,"pkt":"IOUqtpPxAAgCHEeuCABFAAAo\/mNAAIAGv44KBBRma6Gy0tQvAFBRzVZnDPZp\/FAQBAB7UAAAAAAAAAAA"}
00834{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":838,"source":"emotet.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1650490398530,"flow_last_seen":1650490398628,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":225,"flow_tot_l4_payload_len":225,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1650490398628,"l3_proto":"ip4","src_ip":"10.4.20.102","dst_ip":"107.161.178.210","src_port":54319,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"gandhitoday.org","url":"gandhitoday.org\/video\/6JvA8\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64; Trident\/7.0; rv:11.0) like Gecko"}}
00971{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":839,"source":"emotet.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1650490398530,"flow_last_seen":1650490398888,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1613,"flow_avg_l4_payload_len":322,"midstream":0,"thread_ts_msec":1650490398888,"l3_proto":"ip4","src_ip":"10.4.20.102","dst_ip":"107.161.178.210","src_port":54319,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"gandhitoday.org","url":"gandhitoday.org\/video\/6JvA8\/","code":200,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64; Trident\/7.0; rv:11.0) like Gecko"}}
00681{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1664,"source":"emotet.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":208,"flow_first_seen":1648563468993,"flow_last_seen":1648563480808,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1361,"flow_tot_l4_payload_len":177675,"flow_avg_l4_payload_len":854,"midstream":0,"thread_ts_msec":1650490407650,"l3_proto":"ip4","src_ip":"10.3.29.101","dst_ip":"104.161.127.22","src_port":56309,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
00840{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":838,"source":"emotet.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1650490398530,"flow_last_seen":1650490398628,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":225,"flow_tot_l4_payload_len":225,"midstream":0,"thread_ts_msec":1650490398628,"l3_proto":"ip4","src_ip":"10.4.20.102","dst_ip":"107.161.178.210","src_port":54319,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"gandhitoday.org","url":"gandhitoday.org\/video\/6JvA8\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64; Trident\/7.0; rv:11.0) like Gecko"}}
00976{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":839,"source":"emotet.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1650490398530,"flow_last_seen":1650490398888,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1613,"midstream":0,"thread_ts_msec":1650490398888,"l3_proto":"ip4","src_ip":"10.4.20.102","dst_ip":"107.161.178.210","src_port":54319,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"gandhitoday.org","url":"gandhitoday.org\/video\/6JvA8\/","code":200,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64; Trident\/7.0; rv:11.0) like Gecko"}}
00687{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1664,"source":"emotet.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":72,"flow_dst_packets_processed":136,"flow_first_seen":1648563468993,"flow_last_seen":1648563480808,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1361,"flow_tot_l4_payload_len":177675,"midstream":0,"thread_ts_msec":1650490407650,"l3_proto":"ip4","src_ip":"10.3.29.101","dst_ip":"104.161.127.22","src_port":56309,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
00562{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1664,"source":"emotet.pcap","alias":"nDPId-test","packets-captured":1664,"packets-processed":1663,"total-skipped-flows":0,"total-l4-payload-len":1352571,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":23,"global_ts_msec":1650905413858}
00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1664,"source":"emotet.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1650905413858,"flow_last_seen":1650905413858,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1650905413858,"l3_proto":"ip4","src_ip":"10.4.25.101","dst_ip":"77.105.36.156","src_port":49797,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1664,"source":"emotet.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1650905413858,"flow_last_seen":1650905413858,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1650905413858,"l3_proto":"ip4","src_ip":"10.4.25.101","dst_ip":"77.105.36.156","src_port":49797,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1664,"source":"emotet.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1650905413858,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1650905413858,"pkt":"IOUqtpPxAAgCHEeuCABFAAA0LKVAAIAGOLEKBBllTWkknMKFAFDxFWwgAAAAAIAC+vC+pQAAAgQFtAEDAwgBAQQC"}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1665,"source":"emotet.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1650905414042,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1650905414042,"pkt":"AAgCHEeuIOUqtpPxCABFAAA0AABAADEGtFZNaSScCgQZZQBQwoUpbDcH8RVsIYASOQggUwAAAgQFbAEBBAIBAwMH"}
00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1666,"source":"emotet.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1650905414043,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1650905414043,"pkt":"IOUqtpPxAAgCHEeuCABFAAAoLKZAAIAGOLwKBBllTWkknMKFAFDxFWwhKWw3CFAQAgOX4gAAAAAAAAAA"}
00912{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1667,"source":"emotet.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1650905413858,"flow_last_seen":1650905414043,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":152,"flow_tot_l4_payload_len":152,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1650905414043,"l3_proto":"ip4","src_ip":"10.4.25.101","dst_ip":"77.105.36.156","src_port":49797,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"filmmogzivota.rs","url":"filmmogzivota.rs\/SpryAssets\/gDR\/","code":0,"content_type":"","user_agent":"vBKbaQgjyvRRbcgfvlsc"}}
01062{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1669,"source":"emotet.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1650905413858,"flow_last_seen":1650905414335,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":572,"flow_tot_l4_payload_len":724,"flow_avg_l4_payload_len":120,"midstream":0,"thread_ts_msec":1650905414335,"l3_proto":"ip4","src_ip":"10.4.25.101","dst_ip":"77.105.36.156","src_port":49797,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Download"},"http": {"hostname":"filmmogzivota.rs","url":"filmmogzivota.rs\/SpryAssets\/gDR\/","code":200,"content_type":"application\/x-msdownload","user_agent":"vBKbaQgjyvRRbcgfvlsc"}}
00806{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2228,"source":"emotet.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":829,"flow_first_seen":1650490398530,"flow_last_seen":1650490407650,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":770251,"flow_avg_l4_payload_len":929,"midstream":0,"thread_ts_msec":1650905415845,"l3_proto":"ip4","src_ip":"10.4.20.102","dst_ip":"107.161.178.210","src_port":54319,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2228,"source":"emotet.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1650905467542,"flow_last_seen":1650905467542,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1650905467542,"l3_proto":"ip4","src_ip":"10.4.25.101","dst_ip":"138.197.147.101","src_port":49803,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00918{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1667,"source":"emotet.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1650905413858,"flow_last_seen":1650905414043,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":152,"flow_tot_l4_payload_len":152,"midstream":0,"thread_ts_msec":1650905414043,"l3_proto":"ip4","src_ip":"10.4.25.101","dst_ip":"77.105.36.156","src_port":49797,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"filmmogzivota.rs","url":"filmmogzivota.rs\/SpryAssets\/gDR\/","code":0,"content_type":"","user_agent":"vBKbaQgjyvRRbcgfvlsc"}}
01067{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1669,"source":"emotet.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1650905413858,"flow_last_seen":1650905414335,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":572,"flow_tot_l4_payload_len":724,"midstream":0,"thread_ts_msec":1650905414335,"l3_proto":"ip4","src_ip":"10.4.25.101","dst_ip":"77.105.36.156","src_port":49797,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Download"},"http": {"hostname":"filmmogzivota.rs","url":"filmmogzivota.rs\/SpryAssets\/gDR\/","code":200,"content_type":"application\/x-msdownload","user_agent":"vBKbaQgjyvRRbcgfvlsc"}}
00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2228,"source":"emotet.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":272,"flow_dst_packets_processed":557,"flow_first_seen":1650490398530,"flow_last_seen":1650490407650,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":770251,"midstream":0,"thread_ts_msec":1650905415845,"l3_proto":"ip4","src_ip":"10.4.20.102","dst_ip":"107.161.178.210","src_port":54319,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2228,"source":"emotet.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1650905467542,"flow_last_seen":1650905467542,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1650905467542,"l3_proto":"ip4","src_ip":"10.4.25.101","dst_ip":"138.197.147.101","src_port":49803,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2228,"source":"emotet.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1650905467542,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1650905467542,"pkt":"IOUqtpPxAAgCHEeuCABFAAA0C55AAIAGrZIKBBllisWTZcKLAbv3Q1KhAAAAAIAC\/\/8fUQAAAgQFtAEDAwgBAQQC"}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2229,"source":"emotet.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1650905467652,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1650905467652,"pkt":"AAgCHEeuIOUqtpPxCABFAAA0AABAADAGCTGKxZNlCgQZZQG7wotH+MA690NSooAS+vAcZQAAAgQFbAEBBAIBAwMH"}
00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2230,"source":"emotet.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1650905467652,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1650905467652,"pkt":"IOUqtpPxAAgCHEeuCABFAAAoC59AAIAGrZ0KBBllisWTZcKLAbv3Q1KiR\/jAO1AQBABT4AAAAAAAAAAA"}
01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2231,"source":"emotet.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1650905467542,"flow_last_seen":1650905467666,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1650905467666,"l3_proto":"ip4","src_ip":"10.4.25.101","dst_ip":"138.197.147.101","src_port":49803,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"51c64c77e60f3980eea90869b68c58a8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01468{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2233,"source":"emotet.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1650905467542,"flow_last_seen":1650905467789,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1378,"flow_tot_l4_payload_len":1527,"flow_avg_l4_payload_len":254,"midstream":0,"thread_ts_msec":1650905467789,"l3_proto":"ip4","src_ip":"10.4.25.101","dst_ip":"138.197.147.101","src_port":49803,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"51c64c77e60f3980eea90869b68c58a8","ja3s":"ec74a5c51106f0419184d0dd08fb05bc","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=GB, ST=London, L=London, O=Global Security, OU=IT Department, CN=example.com","subjectDN":"C=GB, ST=London, L=London, O=Global Security, OU=IT Department, CN=example.com","fingerprint":"43:A2:39:73:AC:4D:2C:15:7B:D6:4E:32:EA:22:11:B7:97:65:1A:93"}}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2359,"source":"emotet.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1650905469778,"flow_last_seen":1650905469778,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1650905469778,"l3_proto":"ip4","src_ip":"10.4.25.101","dst_ip":"138.197.147.101","src_port":49804,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2231,"source":"emotet.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1650905467542,"flow_last_seen":1650905467666,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"midstream":0,"thread_ts_msec":1650905467666,"l3_proto":"ip4","src_ip":"10.4.25.101","dst_ip":"138.197.147.101","src_port":49803,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"51c64c77e60f3980eea90869b68c58a8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01473{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2233,"source":"emotet.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1650905467542,"flow_last_seen":1650905467789,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1378,"flow_tot_l4_payload_len":1527,"midstream":0,"thread_ts_msec":1650905467789,"l3_proto":"ip4","src_ip":"10.4.25.101","dst_ip":"138.197.147.101","src_port":49803,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"51c64c77e60f3980eea90869b68c58a8","ja3s":"ec74a5c51106f0419184d0dd08fb05bc","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=GB, ST=London, L=London, O=Global Security, OU=IT Department, CN=example.com","subjectDN":"C=GB, ST=London, L=London, O=Global Security, OU=IT Department, CN=example.com","fingerprint":"43:A2:39:73:AC:4D:2C:15:7B:D6:4E:32:EA:22:11:B7:97:65:1A:93"}}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2359,"source":"emotet.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1650905469778,"flow_last_seen":1650905469778,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1650905469778,"l3_proto":"ip4","src_ip":"10.4.25.101","dst_ip":"138.197.147.101","src_port":49804,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2359,"source":"emotet.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1650905469778,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1650905469778,"pkt":"IOUqtpPxAAgCHEeuCABFAAA0C9hAAIAGrVgKBBllisWTZcKMAbv+vEuFAAAAAIAC\/\/8e8wAAAgQFtAEDAwgBAQQC"}
00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2360,"source":"emotet.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1650905469855,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1650905469855,"pkt":"AAgCHEeuIOUqtpPxCABFAAA0AABAADAGCTGKxZNlCgQZZQG7woy1bvT7\/rxLhoAS+vB5zwAAAgQFbAEBBAIBAwMH"}
00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2361,"source":"emotet.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1650905469855,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1650905469855,"pkt":"IOUqtpPxAAgCHEeuCABFAAAoC9lAAIAGrWMKBBllisWTZcKMAbv+vEuGtW70\/FAQBACxSgAAAAAAAAAA"}
01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2362,"source":"emotet.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1650905469778,"flow_last_seen":1650905469856,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":325,"flow_tot_l4_payload_len":325,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":1650905469856,"l3_proto":"ip4","src_ip":"10.4.25.101","dst_ip":"138.197.147.101","src_port":49804,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"51c64c77e60f3980eea90869b68c58a8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01100{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2364,"source":"emotet.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1650905469778,"flow_last_seen":1650905469964,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":325,"flow_tot_l4_payload_len":434,"flow_avg_l4_payload_len":72,"midstream":0,"thread_ts_msec":1650905469964,"l3_proto":"ip4","src_ip":"10.4.25.101","dst_ip":"138.197.147.101","src_port":49804,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"51c64c77e60f3980eea90869b68c58a8","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}}
00924{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2380,"source":"emotet.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":564,"flow_first_seen":1650905413858,"flow_last_seen":1650905415845,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":544468,"flow_avg_l4_payload_len":965,"midstream":0,"thread_ts_msec":1650905518385,"l3_proto":"ip4","src_ip":"10.4.25.101","dst_ip":"77.105.36.156","src_port":49797,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Download"}}
01027{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2380,"source":"emotet.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":136,"flow_first_seen":1650905467542,"flow_last_seen":1650905495928,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":96457,"flow_avg_l4_payload_len":709,"midstream":0,"thread_ts_msec":1650905518385,"l3_proto":"ip4","src_ip":"10.4.25.101","dst_ip":"138.197.147.101","src_port":49803,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
00920{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2380,"source":"emotet.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1650905469778,"flow_last_seen":1650905518385,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":660,"flow_tot_l4_payload_len":1729,"flow_avg_l4_payload_len":101,"midstream":0,"thread_ts_msec":1650905518385,"l3_proto":"ip4","src_ip":"10.4.25.101","dst_ip":"138.197.147.101","src_port":49804,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2362,"source":"emotet.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1650905469778,"flow_last_seen":1650905469856,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":325,"flow_tot_l4_payload_len":325,"midstream":0,"thread_ts_msec":1650905469856,"l3_proto":"ip4","src_ip":"10.4.25.101","dst_ip":"138.197.147.101","src_port":49804,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"51c64c77e60f3980eea90869b68c58a8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01106{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2364,"source":"emotet.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1650905469778,"flow_last_seen":1650905469964,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":325,"flow_tot_l4_payload_len":434,"midstream":0,"thread_ts_msec":1650905469964,"l3_proto":"ip4","src_ip":"10.4.25.101","dst_ip":"138.197.147.101","src_port":49804,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"51c64c77e60f3980eea90869b68c58a8","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}}
00931{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2380,"source":"emotet.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":169,"flow_dst_packets_processed":395,"flow_first_seen":1650905413858,"flow_last_seen":1650905415845,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":544468,"midstream":0,"thread_ts_msec":1650905518385,"l3_proto":"ip4","src_ip":"10.4.25.101","dst_ip":"77.105.36.156","src_port":49797,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Download"}}
01032{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2380,"source":"emotet.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":61,"flow_dst_packets_processed":75,"flow_first_seen":1650905467542,"flow_last_seen":1650905495928,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":96457,"midstream":0,"thread_ts_msec":1650905518385,"l3_proto":"ip4","src_ip":"10.4.25.101","dst_ip":"138.197.147.101","src_port":49803,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
00925{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2380,"source":"emotet.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":7,"flow_first_seen":1650905469778,"flow_last_seen":1650905518385,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":660,"flow_tot_l4_payload_len":1729,"midstream":0,"thread_ts_msec":1650905518385,"l3_proto":"ip4","src_ip":"10.4.25.101","dst_ip":"138.197.147.101","src_port":49804,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
00564{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2380,"source":"emotet.pcap","alias":"nDPId-test","packets-captured":2380,"packets-processed":2380,"total-skipped-flows":0,"total-l4-payload-len":1995225,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":46,"global_ts_msec":1650905518385}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 2380/2380
@@ -52,10 +52,10 @@
~~ total active/idle flows...: 6/6
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6084247 bytes
~~ total memory freed........: 6084247 bytes
~~ total memory allocated....: 6084295 bytes
~~ total memory freed........: 6084295 bytes
~~ total allocations/frees...: 123297/123297
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 453 chars
~~ json string max len.......: 1473 chars
~~ json string avg len.......: 962 chars
~~ json string max len.......: 1478 chars
~~ json string avg len.......: 964 chars

22
test/results/encrypted_sni.pcap.out
View File

@@ -1,17 +1,17 @@
00464{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"encrypted_sni.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00553{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"encrypted_sni.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1590680386576}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680386576,"flow_last_seen":1590680386576,"flow_idle_time":7580000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680386576,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1590680386576,"flow_last_seen":1590680386576,"flow_idle_time":7580000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680386576,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
01422{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1590680386576,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":770,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":770,"pkt_l4_len":736,"thread_ts_msec":1590680386576,"pkt":"EBMx8Tl2KDc3AG3ICABFAAL0AABAAEAGjOfAqAEMaBuBTcLeAbt3Q5LX\/48DFVAYIACwHgAAFgMBAscBAALDAwOTwM86TEdZaYZx77QiKeLaOUyI6FPS+J3L+0S3MA31OCDtrXy2AkmiC5EC8aXH8NKs5TG5ofTGvlsmIWUcTFlOhgAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAMwA5AC8ANQAKAQACVgAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAMwBrAGkAHQAg9C+VXLX0pUAYcvwRMlm2BfjMFL+A2Ha+teHeYm8XszAAFwBBBKhP+5j\/iIqKULsVEv1xkLdgIoxwczB5EVKfTq\/0aLaIOqqUx255GoGIKzaHGdYeWvgG2FTscntynOjMKiH+1xMAKwAJCAMEAwMDAgMBAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAf\/OAW4TAQAdACAoJey8d6KdccaSJO2lCYt20kw0EEYFyldVNE\/b+wVlLQAgHyQSymUyoBaYNvGbjOJlOzPcW4r7yiRdTxErCb+vUsgBJJYkyzxOIwgn94z1v2QNIt6jP8xZjqajLZOZBVhvvpl7nmhmH4lW1IkwcuGd4kzR+4ip9x\/EzAG6tckU\/flqZH1nG16JhZuu6rEiIYaISW303wwyjD1flAsQnOsqJ0PVy+NZQoiiKbjH4viDA+P+GiaonlAB8r2TaJD+948G4F7MBjpovbjBjfrBFM8f7NuL4fwv7ssjFdJ5mNaCsSn9Hj6115hdy9xFKhCCzMA44L9pVw\/vrGvG+5UfibZ5LK2nZAPALOtdzhzm7d0W1ff7a4XSuSSFRI3gCI5CHoPx4osmf747Wa4ElvuEUhPCcdTFrF6efl9qMHJEUwf8zrcwZxBFmZHEDMTcH8MlFUx5dN14A3E5eAVFahmuI+6IR1wd8HaXtmYAHAACQAE="}
00900{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680386576,"flow_last_seen":1590680386576,"flow_idle_time":7580000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680386576,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"957015a0b1e2500d8777219893a09495","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680387847,"flow_last_seen":1590680387847,"flow_idle_time":7580000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680387847,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.16.125.175","src_port":49887,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00905{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1590680386576,"flow_last_seen":1590680386576,"flow_idle_time":7580000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680386576,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"957015a0b1e2500d8777219893a09495","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1590680387847,"flow_last_seen":1590680387847,"flow_idle_time":7580000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680387847,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.16.125.175","src_port":49887,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
01426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1590680387847,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":770,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":770,"pkt_l4_len":736,"thread_ts_msec":1590680387847,"pkt":"EBMx8Tl2KDc3AG3ICABFAAL0AABAAEAGkJDAqAEMaBB9r8LfAbu98X4VZuCG7lAYIACqfgAAFgMBAscBAALDAwPZvt6xqK7JiSO2eRBioUk2Uu867QdPWpn6Sv4hYS472iAz8c+AKNafKEsBeorsjdYMXk2HdHvKJL23Af8gga\/qxAAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAMwA5AC8ANQAKAQACVgAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAMwBrAGkAHQAg0HCVKAanlLS9J1B8hdchDfkoKDxcPc3B5hBZYsZWdz8AFwBBBCakAur\/e3rF+tGl0au7NOTY4DQpBg\/YjV6ew74w8otvaCGiCdoeWGhEGjsldqwZrBxN3o59i8BSdRX+YPQ+GgkAKwAJCAMEAwMDAgMBAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAf\/OAW4TAQAdACAFyK2kXV21yqtAW2T62b\/NDTnJgxOrhECle3qcjynhZQAgHyQSymUyoBaYNvGbjOJlOzPcW4r7yiRdTxErCb+vUsgBJLkAAE456EuY9a6HsKAg7En+2G8rSItqsoven5V2IfJ3Q2bekOZcTKgIZokRYkaF7ExtxsFhqXy+gigbwIQnaXqjvmpA5fAKz4tj4ykxew5OhWQtUKuHkOYZfaYtn1syOdzFlDd5f+dopSDJ1HH+q6E3XfYeSjmwk2PLEJ57JKeThEiW3dFrbufb5XbXZxYdeC179v7EU6Bakj2Njpvv\/Jfo5WxPGqtw\/pm8l4GeHZCKXzswlPS\/Jet6JKlP28PhB6QjuLs0HyKQD3u9h3gOMLbs85P+uPv\/61THn6BnP+Gq0XsiHUv\/ZFCqDNSvUTBmtmCAtgIUfzrLcUWkNsVonaILrLi\/m6vYUQElVuyPe7nXS\/qvJdz0NipXdWB8POXCwp8YOWkAHAACQAE="}
00901{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680387847,"flow_last_seen":1590680387847,"flow_idle_time":7580000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680387847,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.16.125.175","src_port":49887,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"957015a0b1e2500d8777219893a09495","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680391590,"flow_last_seen":1590680391590,"flow_idle_time":7580000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680391590,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.22.71.197","src_port":49897,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00906{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1590680387847,"flow_last_seen":1590680387847,"flow_idle_time":7580000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680387847,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.16.125.175","src_port":49887,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"957015a0b1e2500d8777219893a09495","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1590680391590,"flow_last_seen":1590680391590,"flow_idle_time":7580000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680391590,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.22.71.197","src_port":49897,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
01420{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1590680391590,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":770,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":770,"pkt_l4_len":736,"thread_ts_msec":1590680391590,"pkt":"EBMx8Tl2KDc3AG3ICABFAAL0AABAAEAGxnTAqAEMaBZHxcLpAbsLJg40SW6gUlAYIAANXgAAFgMBAscBAALDAwMJLl9l\/OldUJYbpqd0xOpts3Kv4zg2hroTXcdX9KeB2CBjkfBVUTqX532YPuVZHQd0J5lIK2OZH9nsSRBnWwKDWwAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAMwA5AC8ANQAKAQACVgAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAMwBrAGkAHQAgsbxhJX9IcnjB7rdgEb2YIBohnnxEhKIToNk1er8CIioAFwBBBLtlLNXLCuP0okhISXwuyj6tgeyLGZ5yaSZ9uT3zAbum2y5l1gYjS6RGBBL9dNcuY2pA4Ze582sOuuo0cAvw2TsAKwAJCAMEAwMDAgMBAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAf\/OAW4TAQAdACCgcq\/jSZGFwhXJHl9nfU84W9RHblecX+XHXi+knd++egAgHyQSymUyoBaYNvGbjOJlOzPcW4r7yiRdTxErCb+vUsgBJM1prHJ\/+qDqcKEqpG5xU365kjS5loGMkTxyoKwRhL+l3TthfgE+TKCSsunPt4vNjTPLrxKpdN+3jkm4v5pXmXQY7xTIeDCWHjyEgNKkvyfWHZEc70MAkkqfNhBXSLrthF\/1heQEBlRbs1xtqteJZDPsTf1rb0lyjahdcH23rHhPVaZljcat4wh7Hka7vt+kTz6HVLMaa8+FGdKR02KYBfqCbkN5nqbjMCHPCoPKBXF7APN9aYQZNPW1vyVMZGeIilksOKMAfbO31cu423QrZX+PlzwFC6qBeqVxOTzYpLwLIxJGCnfdBRD0u85D1TvPM05OjHVwJVu9F3FEA\/S2klQ0zWf5b6ngXXAHdoEO61eGscgYik1z+CCLYUuTKEqAk5KVlL4AHAACQAE="}
00900{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680391590,"flow_last_seen":1590680391590,"flow_idle_time":7580000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680391590,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.22.71.197","src_port":49897,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"957015a0b1e2500d8777219893a09495","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680386576,"flow_last_seen":1590680386576,"flow_idle_time":7580000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680391590,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680391590,"flow_last_seen":1590680391590,"flow_idle_time":7580000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680391590,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.22.71.197","src_port":49897,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680387847,"flow_last_seen":1590680387847,"flow_idle_time":7580000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680391590,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.16.125.175","src_port":49887,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00905{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1590680391590,"flow_last_seen":1590680391590,"flow_idle_time":7580000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680391590,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.22.71.197","src_port":49897,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"957015a0b1e2500d8777219893a09495","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00595{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1590680386576,"flow_last_seen":1590680386576,"flow_idle_time":7580000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680391590,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00595{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1590680391590,"flow_last_seen":1590680391590,"flow_idle_time":7580000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680391590,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.22.71.197","src_port":49897,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00596{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1590680387847,"flow_last_seen":1590680387847,"flow_idle_time":7580000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680391590,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.16.125.175","src_port":49887,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00559{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","packets-captured":3,"packets-processed":3,"total-skipped-flows":0,"total-l4-payload-len":2148,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_msec":1590680391590}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 3/3
@@ -21,8 +21,8 @@
~~ total active/idle flows...: 3/3
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6013309 bytes
~~ total memory freed........: 6013309 bytes
~~ total memory allocated....: 6013333 bytes
~~ total memory freed........: 6013333 bytes
~~ total allocations/frees...: 120899/120899
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 469 chars

16
test/results/esp.pcapng.out
View File

@@ -1,16 +1,16 @@
00456{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"esp.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00545{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"esp.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1587340723655}
00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"esp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587340723655,"flow_last_seen":1587340723655,"flow_idle_time":200000,"flow_min_l4_payload_len":358,"flow_max_l4_payload_len":358,"flow_tot_l4_payload_len":358,"flow_avg_l4_payload_len":358,"midstream":0,"thread_ts_msec":1587340723655,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","src_port":500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"esp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587340723655,"flow_last_seen":1587340723655,"flow_idle_time":200000,"flow_min_l4_payload_len":358,"flow_max_l4_payload_len":358,"flow_tot_l4_payload_len":358,"midstream":0,"thread_ts_msec":1587340723655,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","src_port":500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00918{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"esp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1587340723655,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":400,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":400,"pkt_l4_len":366,"thread_ts_msec":1587340723655,"pkt":"qrvMAAMQqrvMAAIQCABFwAGCAN8AAP8RncEKAgMCCgMEBAH0AfQBbm9jBawPTRIgE\/QAAAAAAAAAACEgIggAAAAAAAABZiIAADAAAAAsAQEABAMAAAwBAAAMgA4BAAMAAAgCAAAGAwAACAMAAA0AAAAIBAAAFCgAAGgAFAAADDsDka\/duvsZYQytelWlC6NzARHfxQ9jT\/JU2Un7NCQA+jXJ08WlF7e\/NDuPTB526R8Cb4Zuk\/QhNNiyysAyBZ0W7cfOpAFmMETkjg2lvpSaO0W743zdwZbhwL5xtEDwKwAAJBinv2eNdHZsJ29wVvPTnOU5tMnnhBtj26lK3VUpGlaPKwAAF0NJU0NPLURFTEVURS1SRUFTT04rAAATQ0lTQ09WUE4tUkVWLTAyKwAAF0NJU0NPLURZTkFNSUMtUk9VVEUpAAAVRkxFWFZQTi1TVVBQT1JURUQpAAAcAABABE++qlf\/rnDMCHdomXQhhbbCu7VdAAAAHAAAQAWxbxU4srTSjW8apuj3nZ6SyjPUCQ=="}
00619{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"esp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587340723655,"flow_last_seen":1587340723655,"flow_idle_time":200000,"flow_min_l4_payload_len":358,"flow_max_l4_payload_len":358,"flow_tot_l4_payload_len":358,"flow_avg_l4_payload_len":358,"midstream":0,"thread_ts_msec":1587340723655,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","src_port":500,"dst_port":500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}}
00624{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"esp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587340723655,"flow_last_seen":1587340723655,"flow_idle_time":200000,"flow_min_l4_payload_len":358,"flow_max_l4_payload_len":358,"flow_tot_l4_payload_len":358,"midstream":0,"thread_ts_msec":1587340723655,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","src_port":500,"dst_port":500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}}
00915{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"esp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1587340723662,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":400,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":400,"pkt_l4_len":366,"thread_ts_msec":1587340723662,"pkt":"qrvMAAIQqrvMAAMQCABFwAGCALsAAP4RnuUKAwQECgIDAgH0AfQBbq1OBawPTRIgE\/RfRu5wvExdDSEgIiAAAAAAAAABZiIAADAAAAAsAQEABAMAAAwBAAAMgA4BAAMAAAgCAAAGAwAACAMAAA0AAAAIBAAAFCgAAGgAFAAAeXKfqwaHkiVcMu+s4hPX5cnikVUBSUWhEvjp8uoOs40Tz5cGWTSvQJV6y1mRBbxFiQyb2IMgnjb1iZi0xKtA\/z0+EIGKekMJYxfmbb\/4xwAcTsSdkiXWBGpDjFPvtwoFKwAAJFV3ojUiOZ96AboWM1NGpIwiUnFn+cWbLdwgiG0miL+8KwAAF0NJU0NPLURFTEVURS1SRUFTT04rAAATQ0lTQ09WUE4tUkVWLTAyKwAAF0NJU0NPLURZTkFNSUMtUk9VVEUpAAAVRkxFWFZQTi1TVVBQT1JURUQpAAAcAABABM9z9pZZgKD+9ZzdamlEsYrKkUeFAAAAHAAAQAW1v1HiklqGfJbwATvaTOUm2F82pg=="}
00903{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"esp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1587340723670,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":386,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":386,"pkt_l4_len":352,"thread_ts_msec":1587340723670,"pkt":"qrvMAAMQqrvMAAIQCABFwAF0AOAAAP8Rnc4KAgMCCgMEBAH0AfQBYJxOBawPTRIgE\/RfRu5wvExdDS4gIwgAAAABAAABWCsAATwo9kmU8gXj0EedKmJNK+VWGrNk6m7d+9Hkki0QPpJ2UQ5K8xYpTzRz1oZI364ZkaSAYAohIEiUwnprO5bmbmb9qIM0+fTiZw1DojFlouyNg03a\/0kz6o8jRJv4PqCaYhITIh\/4NKPCOB9tcYohRiSgu\/5zHv5JvWQ3XksC8IcgVNMiE\/5aFElRFljlmMpjAGXZkK5XnvWJkamx2rhcvcJAij70Uj\/oD\/j\/w0o\/c6VbgHLqoRwpcPmMvxRAwmOQ9oz2xcYWrhIQBi3xWUKWjmz+pxNn90bdNL3SDkdsODmIIBQap7G54zol1jJWQerYPntwLshRMgA0rGIBYYU+04lQqf81IAAxPlDlMj5Hwsr6MJ2wlEyY2dKouxpx9+iHwUGg8fELtW5lR77T\/2mt7GtUUmU2DqAv\/QQ="}
00536{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"esp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587340725658,"flow_last_seen":1587340725658,"flow_idle_time":620000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1587340725658,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","l4_proto":50,"flow_datalink":1,"flow_max_packets":3}
00541{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"esp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587340725658,"flow_last_seen":1587340725658,"flow_idle_time":620000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"midstream":0,"thread_ts_msec":1587340725658,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","l4_proto":50,"flow_datalink":1,"flow_max_packets":3}
00601{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"esp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1587340725658,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_msec":1587340725658,"pkt":"qrvMAAMQqrvMAAIQCABFAACYACQAAP8yoAUKAgMCCgMEBCNgsOMAAAABectfgWUl04YUbzWcC+4xd1UOV3SUluMVSc1O+uGKzjlWG3KV9r0S61l07FAMCtvDlpgFzU5YdVATZgur7sMbrkC7o3l\/upPdN3M20ENHGJg7SyVgEI8QrdTAVpl1VXAu7t+SCLVFZwaCQYUWnFFZvKSDZFqF6SACpTMBZA=="}
00586{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"esp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587340725658,"flow_last_seen":1587340725658,"flow_idle_time":620000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1587340725658,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","l4_proto":50,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}}
00591{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"esp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587340725658,"flow_last_seen":1587340725658,"flow_idle_time":620000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"midstream":0,"thread_ts_msec":1587340725658,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","l4_proto":50,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}}
00603{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"esp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1587340725659,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_msec":1587340725659,"pkt":"qrvMAAIQqrvMAAMQCABFAACYACQAAP4yoQUKAwQECgIDAvAJLLUAAAABLX+WjVQswRpYbFeiaZdQW6eWJsw6BS2eB7OP9\/5eHwi2mYpUZ6G3t755XGwuYLanMk25K6hMBwBSxcZ\/ydNZPrrxBrySAlcBAFV4v6tDTuHpnnv89BSOnoK6gF0SG3nSCAMIxyxKQV4U+ecInNO5d\/EnrgCW7OWI7NuXZg=="}
00659{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"esp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1587340723655,"flow_last_seen":1587340723676,"flow_idle_time":200000,"flow_min_l4_payload_len":296,"flow_max_l4_payload_len":358,"flow_tot_l4_payload_len":1356,"flow_avg_l4_payload_len":339,"midstream":0,"thread_ts_msec":1587340725659,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","src_port":500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}}
00625{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"esp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587340725658,"flow_last_seen":1587340725659,"flow_idle_time":620000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":264,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1587340725659,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","l4_proto":50,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}}
00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"esp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1587340723655,"flow_last_seen":1587340723676,"flow_idle_time":200000,"flow_min_l4_payload_len":296,"flow_max_l4_payload_len":358,"flow_tot_l4_payload_len":1356,"midstream":0,"thread_ts_msec":1587340725659,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","src_port":500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}}
00630{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"esp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587340725658,"flow_last_seen":1587340725659,"flow_idle_time":620000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":264,"midstream":0,"thread_ts_msec":1587340725659,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","l4_proto":50,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}}
00551{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"esp.pcapng","alias":"nDPId-test","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":1620,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_msec":1587340725659}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 6/6
@@ -20,8 +20,8 @@
~~ total active/idle flows...: 2/2
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6004311 bytes
~~ total memory freed........: 6004311 bytes
~~ total memory allocated....: 6004327 bytes
~~ total memory freed........: 6004327 bytes
~~ total allocations/frees...: 120886/120886
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 461 chars

448
test/results/ethereum.pcap.out
View File

@@ -1,434 +1,434 @@
00459{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ethereum.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00548{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"ethereum.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1578508362274}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508362274,"flow_last_seen":1578508362274,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508362274,"l3_proto":"ip4","src_ip":"87.14.222.25","dst_ip":"192.168.1.184","src_port":56693,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508362274,"flow_last_seen":1578508362274,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508362274,"l3_proto":"ip4","src_ip":"87.14.222.25","dst_ip":"192.168.1.184","src_port":56693,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1578508362274,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_msec":1578508362274,"pkt":"KDc3AG3IEBMx8Tl2CABFAACc0mBAADURe2hXDt4ZwKgBuN11dl8AiEJtHMys6Q29AOp21rwpZSDXERjTbIzhwNph0idC5kCkV\/FDnhOUP\/GMZC9pQ1ikY4tKfgVohRJdDV\/jhdY3JkNQ8nfjTjeSnG7Ixlzbx1L2txMkADCUTD6WfRXFuzz03\/IfAAHdBMuEfwAAAYJ2X4J2X8mETxbOvYLp94CEXhYgXgU="}
00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508362274,"flow_last_seen":1578508362274,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508362274,"l3_proto":"ip4","src_ip":"87.14.222.25","dst_ip":"192.168.1.184","src_port":56693,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508362274,"flow_last_seen":1578508362274,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508362274,"l3_proto":"ip4","src_ip":"87.14.222.25","dst_ip":"192.168.1.184","src_port":56693,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1578508363333,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1578508363333,"pkt":"KDc3AG3IEBMx8Tl2CABFAADH0wVAADURephXDt4ZwKgBuN11dl8As\/l1jW6o\/uOLsNilE7wPPGgWLrGBgPfvOzwO1DfZyAOcgKFZ114jjOcqSahrn1BNVaBcqPiZ+5Zw3KmlNNeK6areM2YGHfDo3L4DI03KcwYwznBps1b+iFJS+0Kipikc3Gq9AQP4R7hAl090ZgbQhHWBj8BMRwa4LeNB32fKxPZW6UW3BwzH4FX8L40Uh5Yh\/LpdLpgFyY0tX7A7rx7OhPCc704eHlKGuoReFiBf"}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508363692,"flow_last_seen":1578508363692,"flow_idle_time":200000,"flow_min_l4_payload_len":129,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":129,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1578508363692,"l3_proto":"ip4","src_ip":"60.191.32.71","dst_ip":"192.168.1.184","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508363692,"flow_last_seen":1578508363692,"flow_idle_time":200000,"flow_min_l4_payload_len":129,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":129,"midstream":0,"thread_ts_msec":1578508363692,"l3_proto":"ip4","src_ip":"60.191.32.71","dst_ip":"192.168.1.184","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1578508363692,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1578508363692,"pkt":"KDc3AG3IEBMx8Tl2CABFAACdOfxAACwR9O08vyBHwKgBuHZfdl8AicNGfxf10Wb92tmu8P4AYDHc1S9CYBd0hA8u+7bp2exSZpfjoD4stw3HK2zECpnkODZdOg6LxGWvabU8eolUhCpRWxf283jKbdR45yXwcXrtjWJbPi2JRR9Nts4CTYECrpr\/AQHeBcuErBIAAoJ2X4J2X8uETxbOvYLp94J2X4ReFiBe"}
00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508363692,"flow_last_seen":1578508363692,"flow_idle_time":200000,"flow_min_l4_payload_len":129,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":129,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1578508363692,"l3_proto":"ip4","src_ip":"60.191.32.71","dst_ip":"192.168.1.184","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364272,"flow_last_seen":1578508364272,"flow_idle_time":200000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":0,"thread_ts_msec":1578508364272,"l3_proto":"ip4","src_ip":"3.112.138.57","dst_ip":"192.168.1.184","src_port":25516,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508363692,"flow_last_seen":1578508363692,"flow_idle_time":200000,"flow_min_l4_payload_len":129,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":129,"midstream":0,"thread_ts_msec":1578508363692,"l3_proto":"ip4","src_ip":"60.191.32.71","dst_ip":"192.168.1.184","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364272,"flow_last_seen":1578508364272,"flow_idle_time":200000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"midstream":0,"thread_ts_msec":1578508364272,"l3_proto":"ip4","src_ip":"3.112.138.57","dst_ip":"192.168.1.184","src_port":25516,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1578508364272,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":181,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":181,"pkt_l4_len":147,"thread_ts_msec":1578508364272,"pkt":"KDc3AG3IEBMx8Tl2CABFCACn7eVAACURF08DcIo5wKgBuGOsdl8Ak1lonaJ3QYcb7U0uMgLRKCkYOOmsVBzd6scD1gTgbTNauX3kB3bPaDZ67w0\/6JScqj4YBzeDQtx9d9GUfbwpNwws+A3fj9N5t1f25M57T8Etpo9cRpw0Ipg9vE7GnadXMLBRAAHoBNeQAAAAAAAAAAAAAAAAAAAAAIInD4InD8mETxbOvYLp94CEXhYgYA=="}
00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364272,"flow_last_seen":1578508364272,"flow_idle_time":200000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":0,"thread_ts_msec":1578508364272,"l3_proto":"ip4","src_ip":"3.112.138.57","dst_ip":"192.168.1.184","src_port":25516,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364382,"flow_last_seen":1578508364382,"flow_idle_time":200000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"thread_ts_msec":1578508364382,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364272,"flow_last_seen":1578508364272,"flow_idle_time":200000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"midstream":0,"thread_ts_msec":1578508364272,"l3_proto":"ip4","src_ip":"3.112.138.57","dst_ip":"192.168.1.184","src_port":25516,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364382,"flow_last_seen":1578508364382,"flow_idle_time":200000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"midstream":0,"thread_ts_msec":1578508364382,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1578508364382,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1578508364382,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHswoAAEAR05vAqAG4A9EtT3Zfdl8As46jAUq3Z7jOf6Ug2frhkOredmKGawH96dNwPwCsVwwwAuHNRLachJG6Hj8pd5+\/iUKj3xzFalkHy\/4zo7e13\/nakEgcyoOcntMlISOmld4GtANNEoWSHW0IYrUbIiG7qvHSAQP4R7hAGwckxV38aoEQ3R3z6i1sbxgztMaJbhd8mlK6anhGQ6H0+w6JOUS\/FIH4b+eX+gcKRXXgkrfcf69BwK1A+Siq+4ReFiBg"}
00759{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364382,"flow_last_seen":1578508364382,"flow_idle_time":200000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"thread_ts_msec":1578508364382,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364382,"flow_last_seen":1578508364382,"flow_idle_time":200000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"thread_ts_msec":1578508364382,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364382,"flow_last_seen":1578508364382,"flow_idle_time":200000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"midstream":0,"thread_ts_msec":1578508364382,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364382,"flow_last_seen":1578508364382,"flow_idle_time":200000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"midstream":0,"thread_ts_msec":1578508364382,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1578508364382,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1578508364382,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHegkAAEARY2nAqAG4NOelbHZfdl8As+VvAUq3Z7jOf6Ug2frhkOredmKGawH96dNwPwCsVwwwAuHNRLachJG6Hj8pd5+\/iUKj3xzFalkHy\/4zo7e13\/nakEgcyoOcntMlISOmld4GtANNEoWSHW0IYrUbIiG7qvHSAQP4R7hAGwckxV38aoEQ3R3z6i1sbxgztMaJbhd8mlK6anhGQ6H0+w6JOUS\/FIH4b+eX+gcKRXXgkrfcf69BwK1A+Siq+4ReFiBg"}
00762{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364382,"flow_last_seen":1578508364382,"flow_idle_time":200000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"thread_ts_msec":1578508364382,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364382,"flow_last_seen":1578508364382,"flow_idle_time":200000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"thread_ts_msec":1578508364382,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00767{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364382,"flow_last_seen":1578508364382,"flow_idle_time":200000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"midstream":0,"thread_ts_msec":1578508364382,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364382,"flow_last_seen":1578508364382,"flow_idle_time":200000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"midstream":0,"thread_ts_msec":1578508364382,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1578508364382,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1578508364382,"pkt":"EBMx8Tl2KDc3AG3ICABFAADH\/g8AAEAROunAqAG4EopsQ3Zfdl8As0D2AUq3Z7jOf6Ug2frhkOredmKGawH96dNwPwCsVwwwAuHNRLachJG6Hj8pd5+\/iUKj3xzFalkHy\/4zo7e13\/nakEgcyoOcntMlISOmld4GtANNEoWSHW0IYrUbIiG7qvHSAQP4R7hAGwckxV38aoEQ3R3z6i1sbxgztMaJbhd8mlK6anhGQ6H0+w6JOUS\/FIH4b+eX+gcKRXXgkrfcf69BwK1A+Siq+4ReFiBg"}
00761{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364382,"flow_last_seen":1578508364382,"flow_idle_time":200000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"thread_ts_msec":1578508364382,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364421,"flow_last_seen":1578508364421,"flow_idle_time":200000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"thread_ts_msec":1578508364421,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.97.172.22","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364382,"flow_last_seen":1578508364382,"flow_idle_time":200000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"midstream":0,"thread_ts_msec":1578508364382,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364421,"flow_last_seen":1578508364421,"flow_idle_time":200000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"midstream":0,"thread_ts_msec":1578508364421,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.97.172.22","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1578508364421,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1578508364421,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHWYMAAEARj8vAqAG4ImGsFnZfdl8As\/EZ15lp9gBLtC6IaCW33is1Th50j8UHjOmT4mAffcZn+yYEl4jGBnLnkKaeXePCjndUh79\/WTQA2R4kNex3KmtFmldicE1yJNj24ZecPC4hxpTcI9qIeMXPlU0BU5Rec0LcAQP4R7hAggEUSZWpWZm0YK3HCqZiBR7sHJ3wp8USPzyX73HGoWVqts4UjRd8TfDxZuCIPe7jI\/CXMWJB7l7pTCCyfJvg8YReFiBg"}
00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364421,"flow_last_seen":1578508364421,"flow_idle_time":200000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"thread_ts_msec":1578508364421,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.97.172.22","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364422,"flow_last_seen":1578508364422,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508364422,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"66.42.82.246","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364421,"flow_last_seen":1578508364421,"flow_idle_time":200000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"midstream":0,"thread_ts_msec":1578508364421,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.97.172.22","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364422,"flow_last_seen":1578508364422,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508364422,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"66.42.82.246","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1578508364422,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_msec":1578508364422,"pkt":"EBMx8Tl2KDc3AG3ICABFAACcLWUAAEAR9WvAqAG4QipS9nZfdl8AiGZvYT14ALKwnMdgMCBzf19RhoDEZwfAnRP1Mz5t1CQfWH9BMW+RtakCpISLcdct0MfsiOdcBIDUccBBbd+y\/K0wDya+KeRA13HRMdUz2NPxyyUESIw4\/BeiGYIdI8USz9rYAAHdBMuEfwAAAYJ2X4J2X8mEQipS9oJ2X4CEXhYgYAU="}
00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364422,"flow_last_seen":1578508364422,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508364422,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"66.42.82.246","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364422,"flow_last_seen":1578508364422,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508364422,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"66.42.82.246","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1578508364422,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1578508364422,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHAOAAAEAR3JLAqAG4NOelbHZfdl8As+U915lp9gBLtC6IaCW33is1Th50j8UHjOmT4mAffcZn+yYEl4jGBnLnkKaeXePCjndUh79\/WTQA2R4kNex3KmtFmldicE1yJNj24ZecPC4hxpTcI9qIeMXPlU0BU5Rec0LcAQP4R7hAggEUSZWpWZm0YK3HCqZiBR7sHJ3wp8USPzyX73HGoWVqts4UjRd8TfDxZuCIPe7jI\/CXMWJB7l7pTCCyfJvg8YReFiBg"}
01863{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1578508364519,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1097,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1097,"pkt_l4_len":1063,"thread_ts_msec":1578508364519,"pkt":"KDc3AG3IEBMx8Tl2CABFAAQ7F1RAAC8RPN4D0S1PwKgBuHZfdl8EJ4PVaVYTvO9LrTk6yni9j9O4lLCx8c3w2iOwFQRksfASVhzN6T8K7lnXRwHY7v3+ONhElGFbYOffjDytd02o206R62nDNZ+LcEa5V5K9KHZQh029ihE8Ury3mI0LZjHE13ZDAAT5A7r5A7L4S4QjtPapgnZdgLhAO5qC1ATimkffsyZlSJIXGVIuxdFsM86E7cqAjFOnv\/8DXNCQHJBVJiDXoCE+xGUbCBkPCreAagxpFk0Kv5X\/6PhNhKUWayGCdl+Cdl+4QFK2HHRAlM9Mj+TxGD7ACVRZHZtB58hxcD+hW2XdmacQwMOkGeflfz3iQaCGa6bw7UpxurZYH9DtQSW8Gn+wiV74TYRZJmMignZfgnZfuEBNXexB6IZur6GByNXF5kqBGoYoINyuPaRzRT\/L\/XeZwo80a\/N6vMBtsgrq2ZF9h4G0sqa47Wg7uKDWSZtY6p\/o+E2EsoDD3IJ2X4J2X7hAE9D206tRuSrRWszd5+5PqyxrzPQHPgJ6M4jR3YAwA4SXyWoQd9UmDUgHBtsrr3UYDBX+DpI9ijrH8jmNKWfim\/hNhKLzoFOCdl+Cdl+4QFcgAb+wxvXRoA\/jZ6pZpvtWMqWRnDTAVCrWET9xUm+STSO+d5OO9wGG7pHu9I5ueUw\/fAd5lu3NtaUH9uwTgQX4TYQSilEcgnZfgnZfuEDrOA+HQ7eWMjwlUeqXlrKvkuj1DTxVelkYAtV5dglpnIhrBZIeo034r7N3OARecEoNp0x6OeeY\/TD1OnJUir9u+E2EMyY8T4J2X4J2X7hAjvDxlr5M7BUzw40ony1SnzUKukEALVTn0B8WrIdd1Y\/HWL6mkTC4nsoMDegX1FF++rFMqjeViKJkeSDvzXh7sPhNhChDkICCdl+Cdl+4QHLmnbcNhaAJxQnuC0km5NBqC0yHT\/O8y7iwbqWb3zIi\/JNBIGOytm1SPyhBCVXEAh08vp59waAp0Fl3XZsLDpX4TYTH56bignZggnZguEAmai5v1neViV7teAsEvO\/IJYfemYLf2+j3ix3twO4cHaO8DDPa+4MSEcEzAFsUx\/2pmlUPII1TqUXgDk2+EYuF+E2EMyZRtIJ2X4J2X7hAgHT+RrAG20B8DB\/bHPvQKm79m+Z0+BB1fJpuHmieLdFavNthxznxmL2TjLC2hF17uhr9nJ8lRGk+kyETydUasfhNhFKR3PmCdl+Cdl+4QN1yRfRd+2g8MnNCa1j1Cnr1GFpxy7vxkYduQKQx1cGeo9xW0LFVTR4sISMRFqTJvP1+kBDeZDQ7++taiTPWLVf4TYSfy1QfgnZfgnZfuEATr9aMDwnYcu1Ru9AfCYxf1j4pIYv3iEkEPcprByn6GaZXC692Pg7aNtJE7Ibn2jkRlWjrNM1fsvjqm9oBENLzhF4WIGA="}
01006{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1578508364519,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":467,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":467,"pkt_l4_len":433,"thread_ts_msec":1578508364519,"pkt":"KDc3AG3IEBMx8Tl2CABFAAHFF1VAAC8RP1MD0S1PwKgBuHZfdl8BsTR2htDCYwB7bPwVHRrppzCkGewLkUUNlB3jVcwKSsPl3PpRPPiYpogGSbVhGO6LOf+6vpmiVjQKuGK9fr9HzQor5V9uX7UyvZMEj8wMYsgT45Bz2Z7bdsQaazyQJOYgw3sXAAT5AUT5ATz4TYSi5B2ggnZfgnZfuEAwVdpN68jOobX+wHrrL2RH\/wK1ka2szeSJGHiHFFoNLEPxKwxFy33NRZ3ovPOnkwdh3qJaARUyaYeXnrMHfiPL+E2EpERrUoJ2YYJ2YbhAbVK4hBOIFxjMK61hoo+B2E1DFAGWystZDApZ1qWqMdGzPO6EtDCqKOy2kznyTf9sEf\/6IzNe3mDxF09nkCXqPPhNhCPpxYOCdl+Cdl+4QEyRwYHw012pKtGG4pX25QXUlp9AiY+SLu1l7sUn3fRNHZfvnNA3az+glcVdf8irWyfLyfxkF3pVP8czohGx7uH4TYTR+vDNgnZfgnZfuEDT1Pf73xy4M3qZSRLleOgEdgguFkAavHpg2I9RZUlU1ZSe7W107ts9v4ZrZs61PWJz3Pgt4YI56NsUnL8RZ7gNhF4WIGA="}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364522,"flow_last_seen":1578508364522,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364522,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"66.42.82.246","src_port":56612,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364522,"flow_last_seen":1578508364522,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364522,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"66.42.82.246","src_port":56612,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1578508364522,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364522,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG4zfAqAG4QipS9t0kdl9\/aKJnAAAAALAC\/\/+zAAAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364522,"flow_last_seen":1578508364522,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364522,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"165.22.107.33","src_port":56610,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364522,"flow_last_seen":1578508364522,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364522,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"165.22.107.33","src_port":56610,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1578508364522,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364522,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGaCDAqAG4pRZrId0idl9zKqGzAAAAALAC\/\/9E3QAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364522,"flow_last_seen":1578508364522,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364522,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"104.42.217.25","src_port":56611,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364522,"flow_last_seen":1578508364522,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364522,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"104.42.217.25","src_port":56611,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1578508364522,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364522,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGNxTAqAG4aCrZGd0jdl\/sFGYiAAAAALAC\/\/\/WdgAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364522,"flow_last_seen":1578508364522,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364522,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.243.160.83","src_port":56613,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364522,"flow_last_seen":1578508364522,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364522,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.243.160.83","src_port":56613,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1578508364522,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364522,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGNRHAqAG4ovOgU90ldl\/qeq6yAAAAALAC\/\/+NewAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364522,"flow_last_seen":1578508364522,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364522,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.158.244.151","src_port":56615,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364522,"flow_last_seen":1578508364522,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364522,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.158.244.151","src_port":56615,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1578508364522,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364522,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGYCLAqAG4I570l90ndl+E\/i4vAAAAALAC\/\/+eigAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364523,"flow_last_seen":1578508364523,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364523,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.97.172.22","src_port":56617,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364523,"flow_last_seen":1578508364523,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364523,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.97.172.22","src_port":56617,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1578508364523,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364523,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGqeDAqAG4ImGsFt0pdl+dmoURAAAAALAC\/\/94yAAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364523,"flow_last_seen":1578508364523,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364523,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":56618,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364523,"flow_last_seen":1578508364523,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364523,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":56618,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1578508364523,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364523,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGngTAqAG4NOelbN0qdl\/FC\/gzAAAAALAC\/\/\/SVwAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364523,"flow_last_seen":1578508364523,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364523,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"191.234.162.198","src_port":56620,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364523,"flow_last_seen":1578508364523,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364523,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"191.234.162.198","src_port":56620,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1578508364523,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364523,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGFafAqAG4v+qixt0sdl9ft67AAAAAALAC\/\/\/4vwAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364523,"flow_last_seen":1578508364523,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364523,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.187.207.27","src_port":56621,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364523,"flow_last_seen":1578508364523,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364523,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.187.207.27","src_port":56621,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1578508364523,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364523,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGdIHAqAG4NLvPG90tdl\/U+mmAAAAAALAC\/\/8nlgAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364523,"flow_last_seen":1578508364523,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364523,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":56622,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364523,"flow_last_seen":1578508364523,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364523,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":56622,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1578508364523,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364523,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+YrAqAG4EopsQ90udl8TbQyrAAAAALAC\/\/\/LAQAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364523,"flow_last_seen":1578508364523,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364523,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.81.28","src_port":56623,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364523,"flow_last_seen":1578508364523,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364523,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.81.28","src_port":56623,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1578508364523,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364523,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGFLLAqAG4EopRHN0vdl8VNVkbAAAAALAC\/\/+X7wAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364523,"flow_last_seen":1578508364523,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364523,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"89.38.99.34","src_port":56624,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364523,"flow_last_seen":1578508364523,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364523,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"89.38.99.34","src_port":56624,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1578508364523,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364523,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGvA\/AqAG4WSZjIt0wdl+afwcPAAAAALAC\/\/8MDgAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364523,"flow_last_seen":1578508364523,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364523,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"5.1.83.226","src_port":56625,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364523,"flow_last_seen":1578508364523,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364523,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"5.1.83.226","src_port":56625,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1578508364523,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364523,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGH3XAqAG4BQFT4t0xdl\/cLTE7AAAAALAC\/\/8DmAAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364523,"flow_last_seen":1578508364523,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364523,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.128.195.220","src_port":56626,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364523,"flow_last_seen":1578508364523,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364523,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.128.195.220","src_port":56626,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1578508364523,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364523,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGAfvAqAG4soDD3N0ydl\/wysJIAAAAALAC\/\/9AcgAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364523,"flow_last_seen":1578508364523,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364523,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.255.23.113","src_port":56627,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364523,"flow_last_seen":1578508364523,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364523,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.255.23.113","src_port":56627,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1578508364523,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364523,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGPejAqAG4Iv8Xcd0zdl8e+UQoAAAAALAC\/\/\/MUAAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364523,"flow_last_seen":1578508364523,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364523,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":56628,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364523,"flow_last_seen":1578508364523,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364523,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":56628,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1578508364523,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364523,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGRzjAqAG4A9EtT900dl+bF1VlAAAAALAC\/\/9IRAAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
00639{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1578508364563,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":191,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":191,"pkt_l4_len":157,"thread_ts_msec":1578508364563,"pkt":"KDc3AG3IEBMx8Tl2CABFAACxV7ZAADERmgVCKlL2wKgBuHZfdl8AnaK0fEIbGBqDvIrgEkHISxvw4daIo1RSAPsaWiRQZnDOwteCpdNuEHAKkf4qhTn951kjq+ta18NQVXgW\/g4PPXuXiV0Qa\/G9UyK1NNATBLMnTaWqYuSaSklfuyWrYJCN+duPAALyy4RPFs69gun3gun3oGE9eACysJzHYDAgc39fUYaAxGcHwJ0T9TM+bdQkH1h\/hF4WIIg="}
00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1578508364565,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364565,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAAC0GcyYjnvSXwKgBuHZf3ScG6rxyhP4uMKAScSBDbwAAAgQFrAQCCAo03AK8ItiUTwEDAwc="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1578508364565,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364565,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGYC7AqAG4I570l90ndl+E\/i4wBuq8c4AQECzS\/AAAAQEICiLYlHo03AK8"}
00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1578508364566,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364566,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGDf+ygMPcwKgBuHZf3TL4VGlQ8MrCSaAScSATXAAAAgQFrAQCCApfPQwNItiUTwEDAwc="}
00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":1578508364566,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364566,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGAgfAqAG4soDD3N0ydl\/wysJJ+FRpUYAQECyi6QAAAQEICiLYlHpfPQwN"}
00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364522,"flow_last_seen":1578508364568,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":495,"flow_tot_l4_payload_len":495,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":1578508364568,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.158.244.151","src_port":56615,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364568,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":546,"flow_tot_l4_payload_len":546,"flow_avg_l4_payload_len":136,"midstream":0,"thread_ts_msec":1578508364568,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.128.195.220","src_port":56626,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00768{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364522,"flow_last_seen":1578508364568,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":495,"flow_tot_l4_payload_len":495,"midstream":0,"thread_ts_msec":1578508364568,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.158.244.151","src_port":56615,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00769{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364523,"flow_last_seen":1578508364568,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":546,"flow_tot_l4_payload_len":546,"midstream":0,"thread_ts_msec":1578508364568,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.128.195.220","src_port":56626,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1578508364569,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364569,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGyBNZJmMiwKgBuHZf3TAEAfQVmn8HEKAScSAQTQAAAgQFrAQCCApfmkPpItiUTwEDAwc="}
00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1578508364569,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364569,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGvBvAqAG4WSZjIt0wdl+afwcQBAH0FoAQECyf1wAAAQEICiLYlH1fmkPp"}
00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364571,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":473,"flow_tot_l4_payload_len":473,"flow_avg_l4_payload_len":118,"midstream":0,"thread_ts_msec":1578508364571,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"89.38.99.34","src_port":56624,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364523,"flow_last_seen":1578508364571,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":473,"flow_tot_l4_payload_len":473,"midstream":0,"thread_ts_msec":1578508364571,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"89.38.99.34","src_port":56624,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1578508364593,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364593,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACcGVuwi\/xdxwKgBuHZf3TMrXBsGHvlEKaAScSD3ewAAAgQFrAQCCAqnEIc7ItiUTwEDAwc="}
00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1578508364593,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364593,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGPfTAqAG4Iv8Xcd0zdl8e+UQpK1wbB4AQECyG7wAAAQEICiLYlJSnEIc7"}
00762{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364595,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508364595,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.255.23.113","src_port":56627,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00767{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364523,"flow_last_seen":1578508364595,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"midstream":0,"thread_ts_msec":1578508364595,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.255.23.113","src_port":56627,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
01870{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1578508364631,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1099,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1099,"pkt_l4_len":1065,"thread_ts_msec":1578508364631,"pkt":"KDc3AG3IEBMx8Tl2CABFAAQ9McxAACoRfjA056VswKgBuHZfdl8EKSMV0Tk6zLZQqYdPasDvQYAfjhJ8qeDK0iQF1oC6v4BIFO8Ukv4XviQf8O74kSNp590utu+\/aRkEwwpxoabIrzvIzmTnyJlNpeyfgvNPwLIyg8I+w4LWPa4MA\/W2\/Jap8zB7AAT5A7z5A7T4TYQS26efgnZfgnZfuEAwkgYgUPIi4WiJg+QLzg9wGMhxPAR7azw\/xSKBAPOQbQlR3L69+mdeoxh\/qQi76RfNXeauKXl5ICJHofVK35cH+E2EUt2AH4J2YIJ2YLhAIbpA\/cDFhpXtS\/hixQb3nA9r93xmFVARyWt8mvD62Q42RXQv9d4buwnSPqvoZ8VPM1tV452Mu7b1nW6WCZP3H\/hNhJBbeIeCdl+Cdl+4QHDcQogYDcUZvsmo9wM3ftVwQss5t6Xz7SYpcIe0QCLsJRPOe\/7IMshT7rIUH59Wvzm2VWBMciyHxs11tRtvlg74TYSyPgragnZfgnZfuECktuxNZlsAPCNrxc8drmg5UZJYYlgJcgwixi3dHcHaL+SmxYYPit8ZDD0AQGDBI97zkdb5Vg5h5AMJ3ltOege3+E2Esj4dt4J2X4J2X7hAbSf3keqm\/kX1w8mhO8tfUrHPkpEON98Bfi90NSvh60PrPxJjJwxphJtd9yYNAp6bvKKmXex+Pf1jNZwIZzl1LfhNhA3mbCqCdl+Cdl+4QOL5cPG1naCZem66zt1KAC6uDCfFoxJhecyNkCxirh\/KFEuDlQVcZ87QmYypugLnAbyvaDrG2A\/fgNNcBVjcu7P4TYS524U+gnZfgnZfuEAvzWrhvDjoXJOa\/ZdCbLgHiFuGktYvbPu1Kx0QfSszMjCe5P4b3hECkMlBLQo90CRjw1UcL0V+qQHcUkhH7ixE+E2ErGlePoJ2X4J2X7hAXGqY3uhYXKqMbPC9rcGcCUaWh+Dhi0uXFAXOGFtMr99hmG7UDnrqzTA\/o5MeRw5C1b8eG9l8GAevaeYZyFb6JfhNhLaioT2Cdl+Cdl+4QIU96ApVNnmCgofL7UIVwC0ussPQFE9BZpIkW9NYXxtm+4r+lcBEpjNfLr4w84vJM4LIgefP7wW0fAmtWWHpBj34TYRZo5RJgnklgnkluED1tj7tRebZlvZCTgHMIT8H0RpJXJ6gH+sJFUxXqZs38C\/hpzENTsCSDh1o2HUHvKg2FabU7+4S+HyXXU68T+Xi+E2EM01tNoLk1oLk1rhAfag2FjkUzZm46\/aJuVMW3oNNsPORtJDs86feqI9xjoUJ09giSja9nrnxBmA4a19j\/wmY0SxfQ5ijGeyrdMEjJvhNhCPk+oyCdl+Cdl+4QD9WPrST\/PNOA12+8bgX6kV4hJFBTbV9EgAQ6hcCTUo0f0CQNtNTkrUkC7hmmUaZ\/d9jh6CLjUr6pActojR+FlyEXhYgYA=="}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364632,"flow_last_seen":1578508364632,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364632,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.60.79","src_port":56629,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364632,"flow_last_seen":1578508364632,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364632,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.60.79","src_port":56629,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1578508364632,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364632,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGCOPAqAG4MyY8T901dl\/qiNMXAAAAALAC\/\/88YQAAAgQFtAEDAwUBAQgKItiUuAAAAAAEAgAA"}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1578508364646,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364646,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIGQxWi86BTwKgBuHZf3SW77REO6nqus6AScSAW9gAAAgQFrAQCCAp1Z9P7ItiUTwEDAwc="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1578508364646,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364646,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGNR3AqAG4ovOgU90ldl\/qeq6zu+0RD4AQECymNwAAAQEICiLYlMZ1Z9P7"}
00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364522,"flow_last_seen":1578508364647,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":458,"flow_tot_l4_payload_len":458,"flow_avg_l4_payload_len":114,"midstream":0,"thread_ts_msec":1578508364647,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.243.160.83","src_port":56613,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00769{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364522,"flow_last_seen":1578508364647,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":458,"flow_tot_l4_payload_len":458,"midstream":0,"thread_ts_msec":1578508364647,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.243.160.83","src_port":56613,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
01875{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1578508364649,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1099,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1099,"pkt_l4_len":1065,"thread_ts_msec":1578508364649,"pkt":"KDc3AG3IEBMx8Tl2CABFAAQ9Do1AACcR\/\/USimxDwKgBuHZfdl8EKXURHZU493PpfyH72WrYTKC\/rHcqyoxdJnlAGqx0IUPpfCDPrp1RbMe2PXXL\/Y0gUgYBHgBKX+LNKEC1qdxuKnvxvXevxKSr69S3rpBsxtD9oPpZta4nmfTh\/aybl9dDX7mZAQT5A7z5A7T4TYTKcBxqgnZfgnZfuECGOOF\/DUGQRmRtLD+gVTFTpr29WNtAkV6+wzvS1j2\/a652c2Up+3+CFGHvVHTbjE15jtDjeTNqp85aDPL\/y+3R+E2E1YVu74J6R4J6R7hACdquySb8h9bDyyzBVqIC4RVjIfrd43xNEhVl26cR8q+zCkRbVR7YOVOrP+cqMugQfvn+wj\/y\/7lEeLvwq\/902PhNhIpLq76Cdl+Cdl+4QPw+TE9tCaxzvKUZLrSUydGaIDt2Km6jvC1h7Hg9CIqQESMae7r6mkOxEncigdCNSYhdj\/fphc\/puhfvJzVEsBH4TYSd5phXgnZfgnZfuEBkLPllDdiGnUJSXb9oWAEuO01k9HXnM4R6tvd0I0GkOXQUhl2VOHTo9e2RsOThxTPe4UrR1rsnalRZskcUYP8N+E2EuRnM0YJv8YJv8bhAWtd39T3gGPqV5\/kAxth9r0Z21IwC3OO8ijNQxmi2ggVwJqg2W08zX0qhgUwFTxRZ7CbZwhQtBb9MNGyCEZnVqfhNhDOhFwyCdl+Cdl+4QK0vqa8HM5bIAwN2G4EpFPUp1DIN0fK8JdET2pxyCxTou65T7kwDQcRwG9J87PVp8UWu5zbalyVDTlzNuCAazd\/4TYQ0CYBEgnZfgnZfuEDgMt94d8TQv+3IGK5MVBJ+471CdMGgEuFgADFs\/sfR77hApAbinmLOWlg0KBI76fx3iPiGmIjPc2DjV6Y5S+dt+E2EI+XoE4J2X4J2X7hAIvfQZKlYQVCc0QQPwdirlpv8ThVD2qtJQ\/hHeZ\/oRum3Dym8iOrz0uJZ5KMKMAHJAax\/7cDcr+ygJhYzzSAsNPhNhBLbp5+Cdl+Cdl+4QDCSBiBQ8iLhaImD5AvOD3AYyHE8BHtrPD\/FIoEA85BtCVHcvr36Z16jGH+pCLvpF81d5q4peXkgIkeh9Urflwf4TYR82eu0gnZfgnZfuEBXvLisck0JGnGrgRqWL\/bDyJ8qsCwpUwM0sk3OmDN\/PU2NXINnOwgDzonj2zUWAZS5\/UZawhYcs8O8n12+UDva+E2EXN5bw4Jv8YJv8bhAmWLd+VP5u1ibBrgKagKp3py+njifftSzD32rmGG+J3QgFhiB28tAr4XUS33ESEXzhatHLB80xoRt5yzzOLxbKvhNhCPEd72CeRmCeRm4QEsv12Yq4nMYX4LQY5r9d7BNkGpNa1KOs2Gd6C4u3NZleL+d2v4Anfsu4uoql9o1Ksl2BdYCVg1KygwMa9DuSGuEXhYgYA=="}
01013{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1578508364650,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":467,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":467,"pkt_l4_len":433,"thread_ts_msec":1578508364650,"pkt":"KDc3AG3IEBMx8Tl2CABFAAHFDo5AACcRAm0SimxDwKgBuHZfdl8BsYIGz0wiJjKaUzFXr6IJm0KhJJHh14UxEkvPcQ\/Rk7Fgvbo\/feZhAIkP1PMVdfnmkT0ej4RbRZLeGs4r7KmIG\/NoSRob2DIRR9KSxxR5ApQK0GtL+DiOoUZ+LI2SWe0lCUL6AQT5AUT5ATz4TYSnR61sglIIglIIuEB7ukp3Oj6MzbNl3nDN0jQiNpC1V5v5rn9Rt7ZEw1VBzFla5k6rBHcylJhBRGAYzBX+17ncBsVtgVPJrKMh7nvV+E2EEop59oKMoIKMoLhASS3OSNDf3z8b3OyL7l\/Hx\/k821PEzINQHbZfniqNPVksrwSkp6jrG6UYCpQoXvgKZOetorWlposBzYkgatgcWfhNhDP\/TVmCdl2Cdl24QM3iC4E\/jtROh\/yrXbgvFZypcqA1E0NM1pmVBNhPzAEVOKwUDY19JR7HzoFwywH46oqp8Nqzrz5YKF3TzRCEzqb4TYS57vnMglLcglLcuECRN7VxzSUAEA2k0pdpV6OAanNBmMgqxX6AGOkM+qhp9apzS9PVbGdlMMSUUvnshxBsN5liOIkWGjzwRsyI7kXrhF4WIGA="}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":109,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364654,"flow_last_seen":1578508364654,"flow_idle_time":200000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"thread_ts_msec":1578508364654,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"128.0.51.140","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":109,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364654,"flow_last_seen":1578508364654,"flow_idle_time":200000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"midstream":0,"thread_ts_msec":1578508364654,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"128.0.51.140","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00669{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1578508364654,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1578508364654,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHl8oAAEARbG\/AqAG4gAAzjHZfdl8AswwF15lp9gBLtC6IaCW33is1Th50j8UHjOmT4mAffcZn+yYEl4jGBnLnkKaeXePCjndUh79\/WTQA2R4kNex3KmtFmldicE1yJNj24ZecPC4hxpTcI9qIeMXPlU0BU5Rec0LcAQP4R7hAggEUSZWpWZm0YK3HCqZiBR7sHJ3wp8USPzyX73HGoWVqts4UjRd8TfDxZuCIPe7jI\/CXMWJB7l7pTCCyfJvg8YReFiBg"}
00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364654,"flow_last_seen":1578508364654,"flow_idle_time":200000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"thread_ts_msec":1578508364654,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"128.0.51.140","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00768{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364654,"flow_last_seen":1578508364654,"flow_idle_time":200000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"midstream":0,"thread_ts_msec":1578508364654,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"128.0.51.140","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1578508364657,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364657,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAAC8GWDwD0S1PwKgBuHZf3TTdrvLSmxdVZqAScSC43wAAAgQFrAQCCApOlRAnItiUTwEDAwc="}
00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_last_seen":1578508364657,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364657,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGR0TAqAG4A9EtT900dl+bF1Vm3a7y04AQECxIFwAAAQEICiLYlNBOlRAn"}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":140,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364659,"flow_last_seen":1578508364659,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364659,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"40.67.144.128","src_port":56630,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":140,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364659,"flow_last_seen":1578508364659,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364659,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"40.67.144.128","src_port":56630,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1578508364659,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364659,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGv5TAqAG4KEOQgN02dl98bCWSAAAAALAC\/\/8OmwAAAgQFtAEDAwUBAQgKItiU0QAAAAAEAgAA"}
00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":141,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364659,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":395,"flow_tot_l4_payload_len":395,"flow_avg_l4_payload_len":98,"midstream":0,"thread_ts_msec":1578508364659,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":56628,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":141,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364523,"flow_last_seen":1578508364659,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":395,"flow_tot_l4_payload_len":395,"midstream":0,"thread_ts_msec":1578508364659,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":56628,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1578508364667,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364667,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADEG8jtCKlL2wKgBuHZf3SQj+YV4f2iiaKAScSArVwAAAgQFrAQCCAodkmB\/ItiUTwEDAwc="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1578508364667,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364667,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG40PAqAG4QipS9t0kdl9\/aKJoI\/mFeYAQECy6hgAAAQEICiLYlNgdkmB\/"}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1578508364668,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364668,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADEGF+czJjxPwKgBuHZf3TW8w0qY6ojTGKAScSDV+QAAAgQFrAQCCAphOp2qItiUuAEDAwc="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1578508364668,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364668,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGCO\/AqAG4MyY8T901dl\/qiNMYvMNKmYAQECxlkQAAAQEICiLYlNlhOp2q"}
00761{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":185,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364522,"flow_last_seen":1578508364669,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":429,"flow_tot_l4_payload_len":429,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1578508364669,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"66.42.82.246","src_port":56612,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00761{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":186,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364632,"flow_last_seen":1578508364670,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":421,"flow_tot_l4_payload_len":421,"flow_avg_l4_payload_len":105,"midstream":0,"thread_ts_msec":1578508364670,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.60.79","src_port":56629,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":198,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364682,"flow_last_seen":1578508364682,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364682,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.81.180","src_port":56632,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":185,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364522,"flow_last_seen":1578508364669,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":429,"flow_tot_l4_payload_len":429,"midstream":0,"thread_ts_msec":1578508364669,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"66.42.82.246","src_port":56612,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":186,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364632,"flow_last_seen":1578508364670,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":421,"flow_tot_l4_payload_len":421,"midstream":0,"thread_ts_msec":1578508364670,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.60.79","src_port":56629,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":198,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364682,"flow_last_seen":1578508364682,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364682,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.81.180","src_port":56632,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":198,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1578508364682,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364682,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG833AqAG4MyZRtN04dl9aLQCVAAAAALAC\/\/+JqQAAAgQFtAEDAwUBAQgKItiU5gAAAAAEAgAA"}
01980{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":212,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1578508364694,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1178,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1178,"pkt_l4_len":1144,"thread_ts_msec":1578508364694,"pkt":"KDc3AG3IEBMx8Tl2CABFAASM2BBAADcR1ngiYawWwKgBuHZfdl8EeMBgH0wTNhnEtwanpj7oWlZ\/Hp0Gak0vyLNY48lrCKzEN97iWOlAwiKU8J2As0GDwpvqMobAk\/doYUwERgBj\/dX1qwI+w93bqV+opA8zeXK5DOY5QqaAWe1EmRlafyw14V0SAAT5BAv5BAP4TYRPFs69gun3gun3uECCARRJlalZmbRgrccKpmIFHuwcnfCnxRI\/PJfvccahZWq2zhSNF3xN8PFm4Ig97uMj8JcxYkHuXulMILJ8m+Dx+E2ENiSg04J2X4J2X7hAPRqHFTz0e8oEsmOadgUbUG0\/Gq1XFXFWshB59yMDlMnzDbSaQte3vRlNp0x8bXK\/C0IExkQW+7e6O42uaIsSOfhNhG\/lALSCTtaCTta4QNKaGvf27ePtI09PYWMWWoqsTgBFWVV\/OStWx2mo9mqS58z7TiK83yibq71BZSi0CSsekwb4Zyr8nj5zQd0mqCb4TYSkhGWfgnZfgnZfuEBoaZQlH\/tAMTmENPyYivdiK6qXFlTxe+\/p6cPLqiael7D6BFBiRXZHacw3oUOaGk4+u32W1NMUjoJXk06B2mEI+E2ELzgXtoJ2X4J2X7hAZ5DyvV4L2UjTbfMTNRlwVlkkGIIkt\/VYvYJ76IXUVE6r5fvcx+2tWoDAFaFaLZO1vJw5B3fbXfeObFaJ1qahJvhNhHLbOhmCTtaCTta4QOsAfRHCWayd+ePpaQzEOGf3dXjZZgxjuurzp9q\/DaDAlIrlX0hFIpZGowqYAlmPGRQlb2Zp7G196tUzRB5lA1D4TYRQniRSgnZfgnZfuEDy+3Y1qZpk8\/KZSHkhI\/dUtq2PmnojEAJ+pvc2bi3A23IJ6RM8OAW49hm6EgP+nw9QrdJ1FOvq3+1MzaqVwKmC+E2EI9yzYIJ2YIJ2YLhAOJyQU2JE6mr+PrqS1VpbvrNoILvKRQR+abFnLs+XgISTnL1u7Up3BqfrKb9hyDFv4+EivNbWhPn9c0jykBsfLvhNhC9ngvuCdmKCdmK4QMQewuj5qn6FtR+caLmA7fiCCCWlXl5n4eHsa\/hStv5IXJfR3qW2xYlmjRashSfhzXIk\/cArlEuFCVyLKkliTzj4TYR68x8XgglNgk7WuEDyUr+wEhCRTzC+abav+Qq8gCoJQuHHGbcH\/DZQmfl9EGgUirj+pxEJRc8L7rXREu747IWcesHQp9HRE6vORWkC+E2E1W2gk4Kvx4Kvx7hAdMXaCMYMMwBE0nd2ZguY7X9OffS41d7S\/Y+mPW\/bN2r4s5PDjCrWaOVF\/TvDBjFcUWsPiqOXMHIqsOoggNo9SvhNhE4vwp6Cdl+Cdl+4QPkOM4NqDnpAiCaFdcv7mpRSPLANloklV4wbFH\/35BGlAWuLnC96pYG30ySaUekbUEoxDdJFuDpuhxs7uesYXD\/4TYSOLK6TgnZhgnZhuEDoktJdZWuqibhkACX5AYXpi\/92jauNHaPZe57KQENT7f3lptm8vn\/KsHCyQGycNosbcDhgVNlPlUl4B5KRi2QIhF4WIGA="}
00906{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1578508364694,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":386,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":386,"pkt_l4_len":352,"thread_ts_msec":1578508364694,"pkt":"KDc3AG3IEBMx8Tl2CABFAAF02BFAADcR2Y8iYawWwKgBuHZfdl8BYBsKk2vVIKFBe5srt6TuKGLoSQyIYHTHTIh8E6CjfYCc9i8bqGNRb1RdySNn+Iv9WrBeYgM40YLK2f29HLFDjWvrLH5PzXOrZjlyFrfNSw\/LgHRZLq7JZkTKJJivek9A0KFTAQT49Pjt+E2EWSTXC4J2YYJ2YbhAKsm6hrEBgceppDA8y6y8ToI4LATCvXtK2lH6G5Ea4z\/xJThSCDAuG5MSvtPStPEkcnXcb7SOx0jpL4DMcyqusPhNhJ+KPreCdl+Cdl+4QFFks1Hi1w5Dzl6eTycY4XMH5jgPi\/IsM\/Xh\/aiCTq6KUBnNNvsH2QEEcq8Eurha1gzN35pyz9iUxxW+rcV0tUj4TYTPtOCBgg09gg09uEBD39Z7PE\/miF\/gBzQtLgOKuJmlQiP1\/EPNHjqCw\/jys2eg7dySq1uz5KP5CQPL3LPisAyyzl2cNiKWtBUo4PgQhF4WIGA="}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":214,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364697,"flow_last_seen":1578508364697,"flow_idle_time":200000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"thread_ts_msec":1578508364697,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"54.36.160.211","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":214,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364697,"flow_last_seen":1578508364697,"flow_idle_time":200000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"midstream":0,"thread_ts_msec":1578508364697,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"54.36.160.211","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1578508364697,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1578508364697,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHkfoAAEARTtTAqAG4NiSg03Zfdl8As+iZ15lp9gBLtC6IaCW33is1Th50j8UHjOmT4mAffcZn+yYEl4jGBnLnkKaeXePCjndUh79\/WTQA2R4kNex3KmtFmldicE1yJNj24ZecPC4hxpTcI9qIeMXPlU0BU5Rec0LcAQP4R7hAggEUSZWpWZm0YK3HCqZiBR7sHJ3wp8USPzyX73HGoWVqts4UjRd8TfDxZuCIPe7jI\/CXMWJB7l7pTCCyfJvg8YReFiBg"}
00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":214,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364697,"flow_last_seen":1578508364697,"flow_idle_time":200000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"thread_ts_msec":1578508364697,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"54.36.160.211","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":237,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364714,"flow_last_seen":1578508364714,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364714,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"82.145.220.249","src_port":56633,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00769{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":214,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364697,"flow_last_seen":1578508364697,"flow_idle_time":200000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"midstream":0,"thread_ts_msec":1578508364697,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"54.36.160.211","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":237,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364714,"flow_last_seen":1578508364714,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364714,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"82.145.220.249","src_port":56633,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":237,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1578508364714,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364714,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGSM3AqAG4UpHc+d05dl+ffKVSAAAAALAC\/\/\/0ywAAAgQFtAEDAwUBAQgKItiVBQAAAAAEAgAA"}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":238,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1578508364717,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364717,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACMGVBhoKtkZwKgBuHZf3SMhYrdg7BRmI6AS\/ohxlQAAAgQFoAQCCAru0q\/IItiUTwEDAwc="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":239,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1578508364717,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364717,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGNyDAqAG4aCrZGd0jdl\/sFGYjIWK3YYAQEAmOFAAAAQEICiLYlQju0q\/I"}
00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":240,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364522,"flow_last_seen":1578508364719,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":490,"flow_tot_l4_payload_len":490,"flow_avg_l4_payload_len":122,"midstream":0,"thread_ts_msec":1578508364719,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"104.42.217.25","src_port":56611,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00768{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":240,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364522,"flow_last_seen":1578508364719,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":490,"flow_tot_l4_payload_len":490,"midstream":0,"thread_ts_msec":1578508364719,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"104.42.217.25","src_port":56611,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
01871{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":252,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1578508364729,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1097,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1097,"pkt_l4_len":1063,"thread_ts_msec":1578508364729,"pkt":"KDc3AG3IEBMx8Tl2CABFAAQ7gO1AADART9iAADOMwKgBuHZfdl8EJxcg9PffAeslidE0A2XYKUWPfQSrSzELT24RQsZMkDFAUC\/8t71UobxaKgVF9YFxtOS9Li4RLrxMDnrT4k5PGgw2NDHZtKrKg8J\/d2YlScEj\/YBR+sG3bhx8yqSCwFLu+QmtAQT5A7r5A7L4TYRQniRSgnZfgnZfuEDy+3Y1qZpk8\/KZSHkhI\/dUtq2PmnojEAJ+pvc2bi3A23IJ6RM8OAW49hm6EgP+nw9QrdJ1FOvq3+1MzaqVwKmC+E2ETi\/CnoJ2X4J2X7hA+Q4zg2oOekCIJoV1y\/ualFI8sA2WiSVXjBsUf\/fkEaUBa4ucL3qlgbfTJJpR6RtQSjEN0kW4Om6HGzu56xhcP\/hNhF6CJvWCdl+Cdl+4QCa0AdVA2\/h5KxbzG7wSXhKLcgLDQf3VZM6j4pcDpEr22I0w8vjr3eeZrANzqy+B0k7Jw6sj9qOYOkYu9v1\/HcL4S4QXZGXDgsVFgLhA4dMHiHESZvaZv5XwOSEg7GIAhtTuq\/1+kuZamW7NEWy5Mx7jYjqriPSY+yi8MCrIJ809xx8ts8E05ybrI5RK9vhNhHTKaT+Cdl+Cdl+4QNscTNh1YzVnvcLB2a2lU2bz3gyaTlXXbE+pFLDVoDdFI5ADpod42cruH9wQt79YZLxlJa01FygTlV6X9wnzbsb4TYRSpWAfgnZhgnZhuECxFAegsyOgyfrql\/zztxCELDSekbbhUJf21H8iSNiW9cKP2xirrTz8RKLVHxNA2LkFNcMF8l9m+GUUJJ3wo0ve+E2EZ\/0rzIJ2X4J2X7hA0+1Q\/zfDwmqiJ4L7\/yvPXaADca3\/aoKeqi6XasejIDSTPmS2ILmdZ2LgwWGNQRAtsR66VqR5PIUppHE6JTXzu\/hNhC9aDGqCdl+Cdl+4QEWucUJTr5uswusybUrNZinvmACa+spHP3M8Ca80aMiKTDP2An9QqqbsJgkcvDnFqQSdwmVB0j3FFWWOWXchmBH4TYQ03B+BglLcglLcuEC4ECYNzxwi2kJoJQjyJ6lUniuRlC+UndNWqAZRufW0X533Ymm1WtW8x0w\/1eGqPwGeOGNfU57w7mmrZv5S0MuC+E2EoBCKUoJ2X4J2X7hA7pvrsi4uzujUwcCnzbOXM3k+PSTxp6vSaGlZ+vjNNS2DLnFg12pt76j1a3+aMxZ2sjeuJ4ACTqyhbBihj1yObfhNhLB96meCdl+Cdl+4QMGwHxHg22IaagGZCrHWyox4ceWSrkz5+TUJ7FvSKEAsyUrKnBQ1BKg4U4OyDXv653Ump5Su2Klg\/PAjth\/4FVX4TYQDCFzcgnZfgnZfuEAOe5LjgOGocDnrwWucrGwohrnh\/PIVvUNi2EPcxA3lL9o2I1kGKrrcltIHdy07g5GmzReWD9IntTCd9ncDRnHuhF4WIGA="}
01011{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":253,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1578508364729,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":467,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":467,"pkt_l4_len":433,"thread_ts_msec":1578508364729,"pkt":"KDc3AG3IEBMx8Tl2CABFAAHFgO5AADARUk2AADOMwKgBuHZfdl8BsUbFE+HTPyEyomNSay73CyfrLD8rHnhX7vxj92G3He3rB8i3yggvxA3gI120fMxC8T5NSVg69zUML0xXdXDn6x+i1UJlYzm2ZsL8HkXRcVxsD7\/Cz8uc2cDeR5GmI31rs3BBAAT5AUT5ATz4TYRWzyr3gnZfgnZfuEAwPG4npPFCKterF6wXX6hmKDtHpPLV5Gpyh4HRvQlb1WOtMBiFa5iB1p48IlU7yQzlUhHlEKU2TAWk+UxWCOtE+E2EwKkGMYJ2X4J2X7hAXDWjwnntCdEfY7ZsbIcma6dZim0sS\/6AZlg+cBMsOylaupmT4K85DC7A88jAAB9\/AkNP7Q7FRuWOzTw655z20fhNhF\/YD6SCdl+Cdl+4QMhe7o3oH5yNMBpAbg7BFfLQiRhzAx0IcRlGupvV\/Zui89t4l4x5tGAZhBv4cgNKbiHVFqGfCeCtDh7KA5ZNUtn4TYQ2yX4zgnZfgnZfuEBWXo894U5qji3Sd9oPTupJEBwpi5JkOWop7uGO9PMehSCnS4eHg4+tauk7NJIwG19teeCjKxS93DtycMhLIWGEhF4WIGA="}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":254,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364732,"flow_last_seen":1578508364732,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508364732,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"111.229.0.180","src_port":30303,"dst_port":20182,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":254,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364732,"flow_last_seen":1578508364732,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508364732,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"111.229.0.180","src_port":30303,"dst_port":20182,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":254,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1578508364732,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_msec":1578508364732,"pkt":"EBMx8Tl2KDc3AG3ICABFAACccxcAAEAR1EDAqAG4b+UAtHZfTtYAiDTvS0gyrIvyYAXql+rzEz+AR\/cLOiJor5McpZ3aQTzvVtbxvdlPVHOvm8x2T63kxRajQJXVXM7hf79y1fQG9XWokxXgcqkKLlUPoIFVVYrTntTkZjbBJdoltYqy5v2xN8\/CAAHdBMuEfwAAAYJ2X4J2X8mEb+UAtIJO1oCEXhYgYAU="}
00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":254,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364732,"flow_last_seen":1578508364732,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508364732,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"111.229.0.180","src_port":30303,"dst_port":20182,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00769{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":254,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364732,"flow_last_seen":1578508364732,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508364732,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"111.229.0.180","src_port":30303,"dst_port":20182,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":262,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1578508364751,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364751,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACsGCIIzJlG0wKgBuHZf3ThkB68VWi0AlqAScSALcgAAAgQFrAQCCAqBHInXItiU5gEDAwc="}
00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":263,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1578508364751,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364751,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG84nAqAG4MyZRtN04dl9aLQCWZAevFoAQECya6gAAAQEICiLYlSaBHInX"}
00762{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":264,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364682,"flow_last_seen":1578508364752,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":479,"flow_tot_l4_payload_len":479,"flow_avg_l4_payload_len":119,"midstream":0,"thread_ts_msec":1578508364752,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.81.180","src_port":56632,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00767{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":264,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364682,"flow_last_seen":1578508364752,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":479,"flow_tot_l4_payload_len":479,"midstream":0,"thread_ts_msec":1578508364752,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.81.180","src_port":56632,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
01977{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":265,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1578508364773,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1178,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1178,"pkt_l4_len":1144,"thread_ts_msec":1578508364773,"pkt":"KDc3AG3IEBMx8Tl2CABFGASMuzZAAC8R8ro2JKDTwKgBuHZfdl8EeHOhfS8\/VKeU4xriCeJZNmbyiR29m3N42\/uIKvLbiJlgdyaSwrO2BgcDcenrD2C97edthDBouwifboHgE3u3hLHcQi8I2aNx02z5+NzOkszQMNgplhV2V\/wYwtE8G8IvYQ3cAAT5BAv5BAP4TYRPFs69gun3gun3uECCARRJlalZmbRgrccKpmIFHuwcnfCnxRI\/PJfvccahZWq2zhSNF3xN8PFm4Ig97uMj8JcxYkHuXulMILJ8m+Dx+E2E0WGPAYLDUILDULhAQhNvCoDxAncltx4bh9WffZwzBdE\/9xF06wXJo57MMUhoLLSI90CIePrV\/tYmYiKEiyDSrJDYOlCFHmZ3pqDCwfhNhGoMJ6iCdn2Cdn24QH6QBf7Np\/9Y+eiOrugFzIsIhVcNcp\/OYct+34QkqEfvlXbuNfWnoEs1IzwGORRl6zR7xwwZW1+45dnGnJxxFET4TYTAnuIugnZfgnZfuECuDYcQjm3wJMglum1qnPXPBozHysGZ9VxiaJNnx\/kw7dAhqZoxI6CdfBdLdPaGhgI412g7XwrxymiHNjtEpybV+E2Eb+UAtIJO1oJO1rhA0poa9\/bt4+0jT09hYxZaiqxOAEVZVX85K1bHaaj2apLnzPtOIrzfKJurvUFlKLQJKx6TBvhnKvyePnNB3SaoJvhNhKSEZZ+Cdl+Cdl+4QGhplCUf+0AxOYQ0\/JiK92IrqpcWVPF77+npw8uqJp6XsPoEUGJFdkdpzDehQ5oaTj67fZbU0xSOgleTToHaYQj4TYSygMxlgsNQgsNQuEAJaLOKzWf\/o+pIN3tGz2TU0Jj7rRUsEu\/g\/J\/izFMRqT2L21hSkEIu4pwcRIudbxWCEi7R3jpR3Qx72SJ7sDxL+E2ELzgXtoJ2X4J2X7hAZ5DyvV4L2UjTbfMTNRlwVlkkGIIkt\/VYvYJ76IXUVE6r5fvcx+2tWoDAFaFaLZO1vJw5B3fbXfeObFaJ1qahJvhNhNFhtVyCw1CCw1C4QGNRrcySTkrIddsTkghzBE5yaZovlz823kaODYnxRULrhcdtfhDSmheK1rkdzx6MLgmWRkcqk5yLSRXbV7Sa9hv4TYSUZnN9gnQ9gnQ9uECK3QCjct4kYgqQwECFpzDV6FidxjszhMNuNu5KPckeHeVnNGRrmrvdWVqSm7NdhSk\/GBSTMV30P4Rv7pq1hSjo+E2ENL1ESYILzYILzbhAFgxun0r0zdyAC5SZb67xXu\/2hxGmSEaQZz1XosQe6902lrVgE71jlymkTkVmiGnjo+wcj5gGrpBHOVgGl5DUX\/hNhFCeJFKCdl+Cdl+4QPL7djWpmmTz8plIeSEj91S2rY+aeiMQAn6m9zZuLcDbcgnpEzw4Bbj2GboSA\/6fD1Ct0nUU6+rf7UzNqpXAqYL4TYRvYnEBgnZfgnZfuED0pW7OSkAUUx9PeHXwwyf7mqpd70LmGPSseSc9VRhmuql9pusBMDKDEfCCcSaAIW2BnfDoTpS113ylm2TbVhfWhF4WIGA="}
00905{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":1578508364773,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":386,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":386,"pkt_l4_len":352,"thread_ts_msec":1578508364773,"pkt":"KDc3AG3IEBMx8Tl2CABFGAF0uzdAAC8R9dE2JKDTwKgBuHZfdl8BYMxaEf6gK86OMmqC0hj8YCjT4Kxyd9QhLNhUWv84IcoZEEM5WLaEl0iNjPoH5MGkDBtHCCGzykqH2IyxlA4UZhPcyDumXz\/v4mlSvZfRB2yOu5AYhwCSwbpUWhfp9lpeKanwAQT49Pjt+E2EdbUsoIIrq4Irq7hAjNB3wOfdUkch\/RymD8COogkRfmtGHDZ3JfVp7qPL0g95b9d6Og4eqk7Oc5yCXUjsPCBRZNV\/OEkCcWVLTRMhqvhNhDb\/yRuCdl+Cdl+4QBkaEptJyzZcwNghsa\/yev+qS1D63n8u0YIQqdir49AX7Q7OxcqumEYHw1gpXkn8\/0NtWmRXiIMnyNsmLKeGv434TYQj3LNggnZggnZguEA4nJBTYkTqav4+upLVWlu+s2ggu8pFBH5psWcuz5eAhJOcvW7tSncGp+spv2HIMW\/j4SK81taE+f1zSPKQGx8uhF4WIGA="}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":267,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364776,"flow_last_seen":1578508364776,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508364776,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.97.143.1","src_port":30303,"dst_port":50000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":267,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364776,"flow_last_seen":1578508364776,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508364776,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.97.143.1","src_port":30303,"dst_port":50000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1578508364776,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_msec":1578508364776,"pkt":"EBMx8Tl2KDc3AG3ICABFAACc6zkAAEARbFTAqAG40WGPAXZfw1AAiAuoYX\/X5Uw4lffkPNHSCMW6SrDFB88ojJJssa\/u4MiJ7ftgjBcFdVPuw+tvNym45804Q6\/uLh0oQsOr0riQp0FxmC7+mATc88CsFLix8wyPMseFlTK290MHGwkPORWZli5hAQHdBMuEfwAAAYJ2X4J2X8mE0WGPAYLDUICEXhYgYAU="}
00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":267,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364776,"flow_last_seen":1578508364776,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508364776,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.97.143.1","src_port":30303,"dst_port":50000,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00768{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":267,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364776,"flow_last_seen":1578508364776,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508364776,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.97.143.1","src_port":30303,"dst_port":50000,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1578508364784,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364784,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACsGswg056VswKgBuHZf3SosjczmxQv4NKAS\/ohsIgAAAgQFoAQCCApgPx7\/ItiUTwEDAwc="}
00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":269,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1578508364784,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364784,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGnhDAqAG4NOelbN0qdl\/FC\/g0LI3M54AQEAmIYgAAAQEICiLYlUdgPx7\/"}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":273,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1578508364786,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364786,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAAC0GKKu\/6qLGwKgBuHZf3SxpEHBBX7euwaAS\/ohj6AAAAgQFoAQCCAo0GJnqItiUTwEDAwc="}
00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1578508364786,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364786,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGFbPAqAG4v+qixt0sdl9ft67BaRBwQoAQEAmAJwAAAQEICiLYlUg0GJnq"}
00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":275,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364786,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":450,"flow_tot_l4_payload_len":450,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1578508364786,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":56618,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":285,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364787,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508364787,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"191.234.162.198","src_port":56620,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00769{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":275,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364523,"flow_last_seen":1578508364786,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":450,"flow_tot_l4_payload_len":450,"midstream":0,"thread_ts_msec":1578508364786,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":56618,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":285,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364523,"flow_last_seen":1578508364787,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"midstream":0,"thread_ts_msec":1578508364787,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"191.234.162.198","src_port":56620,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":286,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1578508364789,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364789,"pkt":"KDc3AG3IEBMx8Tl2CABFCAA8AABAADMGVclSkdz5wKgBuHZf3TlFnUTdn3ylU6AScSDFhwAAAgQFrAQCCAqGNr5sItiVBQEDAwc="}
00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":287,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":1578508364789,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364789,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGSNnAqAG4UpHc+d05dl+ffKVTRZ1E3oAQECxU+wAAAQEICiLYlUqGNr5s"}
00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":288,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364714,"flow_last_seen":1578508364790,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":442,"flow_tot_l4_payload_len":442,"flow_avg_l4_payload_len":110,"midstream":0,"thread_ts_msec":1578508364790,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"82.145.220.249","src_port":56633,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00769{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":288,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364714,"flow_last_seen":1578508364790,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":442,"flow_tot_l4_payload_len":442,"midstream":0,"thread_ts_msec":1578508364790,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"82.145.220.249","src_port":56633,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":297,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1578508364817,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364817,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACgG15goQ5CAwKgBuHZf3TZG9x3QfGwlk6AScSARhwAAAgQFoAQCCApyLMYFItiU0QEDAwc="}
00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_last_seen":1578508364817,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364817,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGv6DAqAG4KEOQgN02dl98bCWTRvcd0YAQEAmgwgAAAQEICiLYlWVyLMYF"}
00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":299,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364659,"flow_last_seen":1578508364819,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":431,"flow_tot_l4_payload_len":431,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1578508364819,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"40.67.144.128","src_port":56630,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00768{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":299,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364659,"flow_last_seen":1578508364819,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":431,"flow_tot_l4_payload_len":431,"midstream":0,"thread_ts_msec":1578508364819,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"40.67.144.128","src_port":56630,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":314,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1578508364823,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364823,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACYGE48SimxDwKgBuHZf3S4uwDPtE20MrKAS\/ogQ2gAAAgQFrAQCCAqmusMwItiUTwEDAwc="}
00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":316,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1578508364823,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364823,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+ZbAqAG4EopsQ90udl8TbQysLsAz7oAQECws4QAAAQEICiLYlWmmusMw"}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":328,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364824,"flow_last_seen":1578508364824,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364824,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"159.203.84.31","src_port":56634,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":328,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364824,"flow_last_seen":1578508364824,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364824,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"159.203.84.31","src_port":56634,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":328,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1578508364824,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364824,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGhG3AqAG4n8tUH906dl\/csM+rAAAAALAC\/\/\/IeAAAAgQFtAEDAwUBAQgKItiVagAAAAAEAgAA"}
00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":329,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364825,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":531,"flow_tot_l4_payload_len":531,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1578508364825,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":56622,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00768{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":329,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364523,"flow_last_seen":1578508364825,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":531,"flow_tot_l4_payload_len":531,"midstream":0,"thread_ts_msec":1578508364825,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":56622,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":332,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1578508364831,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364831,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAAOcGbbUSilEcwKgBuHZf3S\/8FjKFFTVZHKASaN8k0QAAAgQFrAQCCApjgYkbItiUTwEDAwc="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":335,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1578508364831,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364831,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGFL7AqAG4EopRHN0vdl8VNVkc\/BYyhoAQECyrKAAAAQEICiLYlW9jgYkb"}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":358,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364832,"flow_last_seen":1578508364832,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364832,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.228.29.160","src_port":56635,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":358,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364832,"flow_last_seen":1578508364832,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364832,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.228.29.160","src_port":56635,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1578508364832,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364832,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGt9PAqAG4ouQdoN07dl+4t7BdAAAAALAC\/\/8\/HwAAAgQFtAEDAwUBAQgKItiVcAAAAAAEAgAA"}
00762{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":359,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364833,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":471,"flow_tot_l4_payload_len":471,"flow_avg_l4_payload_len":117,"midstream":0,"thread_ts_msec":1578508364833,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.81.28","src_port":56623,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00767{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":359,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364523,"flow_last_seen":1578508364833,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":471,"flow_tot_l4_payload_len":471,"midstream":0,"thread_ts_msec":1578508364833,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.81.28","src_port":56623,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1578508364841,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364841,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADcGsuQiYawWwKgBuHZf3SnE3x7vnZqFEqAS\/ojiZQAAAgQFrAQCCAoxzJM4ItiUTwEDAwc="}
00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1578508364841,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364841,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGqezAqAG4ImGsFt0pdl+dmoUSxN8e8IAQECz+XAAAAQEICiLYlXkxzJM4"}
00762{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":363,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364842,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":472,"flow_tot_l4_payload_len":472,"flow_avg_l4_payload_len":118,"midstream":0,"thread_ts_msec":1578508364842,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.97.172.22","src_port":56617,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00767{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":363,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364523,"flow_last_seen":1578508364842,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":472,"flow_tot_l4_payload_len":472,"midstream":0,"thread_ts_msec":1578508364842,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.97.172.22","src_port":56617,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":364,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1578508364862,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364862,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADAGeCSlFmshwKgBuHZf3SJnRYz4cyqhtKAScSBl3gAAAgQFrAQCCAo1gVUZItiUTwEDAwc="}
00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":365,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1578508364862,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364862,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGaCzAqAG4pRZrId0idl9zKqG0Z0WM+YAQECz0WAAAAQEICiLYlY01gVUZ"}
00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":366,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364522,"flow_last_seen":1578508364863,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":574,"flow_tot_l4_payload_len":574,"flow_avg_l4_payload_len":143,"midstream":0,"thread_ts_msec":1578508364863,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"165.22.107.33","src_port":56610,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00768{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":366,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364522,"flow_last_seen":1578508364863,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":574,"flow_tot_l4_payload_len":574,"midstream":0,"thread_ts_msec":1578508364863,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"165.22.107.33","src_port":56610,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":384,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1578508364877,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364877,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACEGk4U0u88bwKgBuHZf3S3Pd7n11PppgaAS\/oiD+wAAAgQFoAQCCApvJb2EItiUTwEDAwc="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":385,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1578508364877,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364877,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGdI3AqAG4NLvPG90tdl\/U+mmBz3e59oAQEAmf6AAAAQEICiLYlZpvJb2E"}
00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":386,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364879,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":525,"flow_tot_l4_payload_len":525,"flow_avg_l4_payload_len":131,"midstream":0,"thread_ts_msec":1578508364879,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.187.207.27","src_port":56621,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":435,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364922,"flow_last_seen":1578508364922,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364922,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.233.197.131","src_port":56637,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00768{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":386,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364523,"flow_last_seen":1578508364879,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":525,"flow_tot_l4_payload_len":525,"midstream":0,"thread_ts_msec":1578508364879,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.187.207.27","src_port":56621,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":435,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364922,"flow_last_seen":1578508364922,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364922,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.233.197.131","src_port":56637,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":435,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1578508364922,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364922,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGjuvAqAG4I+nFg909dl+ptEcpAAAAALAC\/\/+OGAAAAgQFtAEDAwUBAQgKItiVxAAAAAAEAgAA"}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":445,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364924,"flow_last_seen":1578508364924,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364924,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.250.240.205","src_port":56638,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":445,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364924,"flow_last_seen":1578508364924,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364924,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.250.240.205","src_port":56638,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":445,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1578508364924,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364924,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGtY\/AqAG40frwzd0+dl+QvttrAAAAALAC\/\/85bQAAAgQFtAEDAwUBAQgKItiVxgAAAAAEAgAA"}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":447,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364925,"flow_last_seen":1578508364925,"flow_idle_time":200000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"thread_ts_msec":1578508364925,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.180.246.169","src_port":30303,"dst_port":30301,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":447,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364925,"flow_last_seen":1578508364925,"flow_idle_time":200000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"midstream":0,"thread_ts_msec":1578508364925,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.180.246.169","src_port":30303,"dst_port":30301,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":447,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1578508364925,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1578508364925,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHG4wAAEARgdzAqAG4I7T2qXZfdl0As6VnAUq3Z7jOf6Ug2frhkOredmKGawH96dNwPwCsVwwwAuHNRLachJG6Hj8pd5+\/iUKj3xzFalkHy\/4zo7e13\/nakEgcyoOcntMlISOmld4GtANNEoWSHW0IYrUbIiG7qvHSAQP4R7hAGwckxV38aoEQ3R3z6i1sbxgztMaJbhd8mlK6anhGQ6H0+w6JOUS\/FIH4b+eX+gcKRXXgkrfcf69BwK1A+Siq+4ReFiBg"}
00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":447,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364925,"flow_last_seen":1578508364925,"flow_idle_time":200000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"thread_ts_msec":1578508364925,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.180.246.169","src_port":30303,"dst_port":30301,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":447,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364925,"flow_last_seen":1578508364925,"flow_idle_time":200000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"midstream":0,"thread_ts_msec":1578508364925,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.180.246.169","src_port":30303,"dst_port":30301,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":464,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1578508364932,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364932,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGkHGfy1QfwKgBuHZf3TprW2X93LDPrKAScSCdQwAAAgQFrAQCCApPeKo9ItiVagEDAwc="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":465,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":1578508364932,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364932,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGhHnAqAG4n8tUH906dl\/csM+sa1tl\/oAQECwsmQAAAQEICiLYlc1PeKo9"}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":472,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364932,"flow_last_seen":1578508364932,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364932,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":56639,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":472,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364932,"flow_last_seen":1578508364932,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364932,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":56639,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":472,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1578508364932,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364932,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGvd3AqAG4Etunn90\/dl9+5\/UeAAAAALAC\/\/851wAAAgQFtAEDAwUBAQgKItiVzQAAAAAEAgAA"}
00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":473,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364824,"flow_last_seen":1578508364933,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":571,"flow_tot_l4_payload_len":571,"flow_avg_l4_payload_len":142,"midstream":0,"thread_ts_msec":1578508364933,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"159.203.84.31","src_port":56634,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00768{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":473,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364824,"flow_last_seen":1578508364933,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":571,"flow_tot_l4_payload_len":571,"midstream":0,"thread_ts_msec":1578508364933,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"159.203.84.31","src_port":56634,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
01877{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":486,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":1578508364954,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1099,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1099,"pkt_l4_len":1065,"thread_ts_msec":1578508364954,"pkt":"KDc3AG3IEBMx8Tl2CABFAAQ91J1AACwRmVQjtPapwKgBuHZddl8EKaTIL6PiPVD76wxxux15bHRlnSs2av4nBFSV7v4bhHiIpeAMxLmbK8f6wiaJfQicCaKdl2RU3riNA4G85e32CrySn3+r4nugeiGUNmLmJTGwe70KAk\/1yl9pMbVr5iHiC9EbAQT5A7z5A7T4TYSnVnoygnZfgnZfuECQJNyxBglNPC+n9m4t\/W08TtywpdWYdWjkRxmhkajaDCz+gK\/mbTitDTyIYj\/DM6dFql13rAhhOsl+TepFcV7R+E2EVmvzPoJ2X4J2X7hAs1lDgaitKFA3cxLdFsLwt7VebQyms4a6o\/fivZtKo8AkJ6dL4w4Dn4+\/vC\/\/JsKeSIScYYBOpqnxxVMZ+XWFxvhNhIui\/9KCdl+Cdl+4QKesUvPGk3pcExPSpjjyYak+S\/zgRaKyCtkCAnADlTupsK\/kU6vbTyjVeYLvjRqhlLfuaobh1XsP1yYWbMEwCkP4TYROL5ObgnZfgnZfuEBjjxCUsfvwMHRxTE5YrP7+ISCuREmPbKrzjoabqIoNEUz\/YRnAV2w6k47DZjKIksCMD5bt88unhn0EsLYp\/SzX+E2EXkQ3ooJ2X4J2X7hAPuP3gMJbiMdT+jVwpl443XaSBNUfQ0qZUmbru+9L8er4h7zKFM+7c1K4WVxLv0mgiZa++5g5WXQyn8nQTgubb\/hNhIpLq76Cdl+Cdl+4QPw+TE9tCaxzvKUZLrSUydGaIDt2Km6jvC1h7Hg9CIqQESMae7r6mkOxEncigdCNSYhdj\/fphc\/puhfvJzVEsBH4TYQj6yXYgnZfgnZfuEC5nQSZ\/xzD17vSEoHg\/jtmGLuRaM3q97\/3Czva8FggRyrw44MHO8OtruMk8OoTJc88hHmdKvMBoeGC+K0eEhFi+E2Ep1ZKIYJ2XYJ2XbhAYZoPsgtYlBM737vFkYUTo\/9EphiWRNvy3F9PFQKE60Wg2vh7fDKeVFJ2s+C3+rlsvule\/8FMZch7lhCdhu+rUPhNhJ3mmFeCdl+Cdl+4QGQs+WUN2IadQlJdv2hYAS47TWT0deczhHq293QjQaQ5dBSGXZU4dOj17ZGw5OHFM97hStHWuydqVFmyRxRg\/w34TYQ050sDgsVJgsVJuEDzSXu93jNII3idYaebqM1QwrATGCoZMfOLWHKo8\/HNEvGmOW1TsZdycKJciiZgh6ud1sRz67L9tP+HeODfKFTV+E2EDfsOx4J2X4J2X7hAH7mV1eGOz5WoeIocWFwRYF7ZVBDRcdtaFFH5u23BFJ62FH1ch71cEmxc8OtYpiPqb2N3y6mQjsQPeWAgtQws9vhNhCPknjSCdl+Cdl+4QFeAPtyTjNbAmZsxJ+YSStMfUptpi+Ck9CtWlo\/Fnkmot5zzhg4wYebjEaqIDMNNKgYreTwT+o6X4euclIzcKBSEXhYgYA=="}
01017{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":487,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_last_seen":1578508364954,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":467,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":467,"pkt_l4_len":433,"thread_ts_msec":1578508364954,"pkt":"KDc3AG3IEBMx8Tl2CABFAAHF1J5AACwRm8sjtPapwKgBuHZddl8BsQR1SNeP1ZrG\/ZwtEcGW5vGA0sDGp78prdWhxHtDqEDU7PNKL6kZEdICkE\/ClTr5riDvJ\/S0Juy5pZvsiDZ34LyanRNXXRjpzjohXnlvDARKWl\/FPyuFUx\/5q7iG79kKNiaGAAT5AUT5ATz4TYS5GczRgm\/xgm\/xuEBa13f1PeAY+pXn+QDG2H2vRnbUjALc47yKM1DGaLaCBXAmqDZbTzNfSqGBTAVPFFnsJtnCFC0Fv0w0bIIRmdWp+E2EijsROoJ2X4J2X7hAJi3PrTUi8k0+hp72TGveiEIya6qIgjO27CDPgcM2XClPC4ML\/96HDCNIKvA6L6b3KKoTFoGm44u2hTJ2hJ9PJvhNhM+0ztiCdl+Cdl+4QCCTHaJCBMKOiAeM0+J0ILaNmDQGKBpq95aDifzAyS6BBPIijEGzkyTvF6L1V27y7PdVSWOVkbAaliLEx1mlVCv4TYRf2EBxgnX+gnX+uEAuHZY2QcmV8WQCz4M\/VG5LfG7tHam\/sFovnjhq\/yEXmxTFgIMHUbncizgn1Jn7XeiL7CoOoCVHxB7uvvn28VO3hF4WIGA="}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":488,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1578508364957,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364957,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIGw5PR+vDNwKgBuHZf3T7\/g0hGkL7bbKAScSAsgwAAAgQFrAQCCAoN8FcJItiVxgEDAwc="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":489,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_last_seen":1578508364957,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364957,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGtZvAqAG40frwzd0+dl+Qvtts\/4NIR4AQECy8HAAAAQEICiLYleUN8FcJ"}
00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":490,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364924,"flow_last_seen":1578508364958,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":415,"flow_tot_l4_payload_len":415,"flow_avg_l4_payload_len":103,"midstream":0,"thread_ts_msec":1578508364958,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.250.240.205","src_port":56638,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":490,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364924,"flow_last_seen":1578508364958,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":415,"flow_tot_l4_payload_len":415,"midstream":0,"thread_ts_msec":1578508364958,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.250.240.205","src_port":56638,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":491,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":1578508364990,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364990,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADMGxNei5B2gwKgBuHZf3TsLfbp+uLewXqAScSA1yAAAAgQFrAQCCArR1xFdItiVcAEDAwc="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":492,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_last_seen":1578508364990,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364990,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGt9\/AqAG4ouQdoN07dl+4t7BeC326f4AQECzE7QAAAQEICiLYlgPR1xFd"}
00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":493,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364832,"flow_last_seen":1578508364991,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":413,"flow_tot_l4_payload_len":413,"flow_avg_l4_payload_len":103,"midstream":0,"thread_ts_msec":1578508364991,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.228.29.160","src_port":56635,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":567,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365009,"flow_last_seen":1578508365009,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365009,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"144.91.120.135","src_port":56641,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00769{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":493,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364832,"flow_last_seen":1578508364991,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":413,"flow_tot_l4_payload_len":413,"midstream":0,"thread_ts_msec":1578508364991,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.228.29.160","src_port":56635,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":567,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365009,"flow_last_seen":1578508365009,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365009,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"144.91.120.135","src_port":56641,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":567,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1578508365009,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365009,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGb3XAqAG4kFt4h91Bdl90OGLhAAAAALAC\/\/+IEgAAAgQFtAEDAwUBAQgKItiWFAAAAAAEAgAA"}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":568,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365021,"flow_last_seen":1578508365021,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365021,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.10.218","src_port":56642,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":568,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365021,"flow_last_seen":1578508365021,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365021,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.10.218","src_port":56642,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":568,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1578508365021,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365021,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGuz\/AqAG4sj4K2t1Cdl8xVnl5AAAAALAC\/\/8AHAAAAgQFtAEDAwUBAQgKItiWHgAAAAAEAgAA"}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":569,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365029,"flow_last_seen":1578508365029,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365029,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.29.183","src_port":56643,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":569,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365029,"flow_last_seen":1578508365029,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365029,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.29.183","src_port":56643,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":569,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1578508365029,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365029,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGqGLAqAG4sj4dt91Ddl+W2yuDAAAAALAC\/\/\/VpgAAAgQFtAEDAwUBAQgKItiWJgAAAAAEAgAA"}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":598,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365038,"flow_last_seen":1578508365038,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365038,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.230.108.42","src_port":56644,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":598,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365038,"flow_last_seen":1578508365038,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365038,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.230.108.42","src_port":56644,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":598,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1578508365038,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365038,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG\/kfAqAG4DeZsKt1Edl+KMGOvAAAAALAC\/\/8AAwAAAgQFtAEDAwUBAQgKItiWLQAAAAAEAgAA"}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":605,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_last_seen":1578508365039,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365039,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGe3mQW3iHwKgBuHZf3UEpl2emdDhi4qAScSAVuAAAAgQFrAQCCArbhaVwItiWFAEDAwc="}
00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":606,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_last_seen":1578508365039,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365039,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGb4HAqAG4kFt4h91Bdl90OGLiKZdnp4AQECylVgAAAQEICiLYli7bhaVw"}
00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":607,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365009,"flow_last_seen":1578508365040,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":540,"flow_tot_l4_payload_len":540,"flow_avg_l4_payload_len":135,"midstream":0,"thread_ts_msec":1578508365040,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"144.91.120.135","src_port":56641,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":645,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365045,"flow_last_seen":1578508365045,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365045,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"185.219.133.62","src_port":56645,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00769{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":607,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365009,"flow_last_seen":1578508365040,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":540,"flow_tot_l4_payload_len":540,"midstream":0,"thread_ts_msec":1578508365040,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"144.91.120.135","src_port":56641,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":645,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365045,"flow_last_seen":1578508365045,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365045,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"185.219.133.62","src_port":56645,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":645,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1578508365045,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365045,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGOT7AqAG4uduFPt1Fdl+PNscoAAAAALAC\/\/\/ScwAAAgQFtAEDAwUBAQgKItiWMgAAAAAEAgAA"}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":646,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1578508365063,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365063,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACMG2uES26efwKgBuHZf3T9fy8\/Lfuf1H6ASaN8cNgAAAgQFrAQCCAoSyYNbItiVzQEDAwc="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":647,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":1578508365063,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365063,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGvenAqAG4Etunn90\/dl9+5\/UfX8vPzIAQECyjNQAAAQEICiLYlkUSyYNb"}
00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":648,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364932,"flow_last_seen":1578508365065,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":521,"flow_tot_l4_payload_len":521,"flow_avg_l4_payload_len":130,"midstream":0,"thread_ts_msec":1578508365065,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":56639,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00769{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":648,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364932,"flow_last_seen":1578508365065,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":521,"flow_tot_l4_payload_len":521,"midstream":0,"thread_ts_msec":1578508365065,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":56639,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":649,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":1578508365065,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365065,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGx0OyPgrawKgBuHZf3UIGbP5HMVZ5eqAScSDZAAAAAgQFrAQCCAoLgra+ItiWHgEDAwc="}
00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":650,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_last_seen":1578508365065,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365065,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGu0vAqAG4sj4K2t1Cdl8xVnl6Bmz+SIAQECxokQAAAQEICiLYlkYLgra+"}
00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":651,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1578508365065,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1578508365065,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHKIQAAEAR+iHAqAG4QipS9nZfdl8As8h52l5Lj\/FNPSwNskN7KXHg69sINFX5NaCleeEwgXwmONn61xupKUye1QOfHD1DMyDw8Rv4bxSGME4AJ9XC7q+0Pwz+NqNAUtNYGL1TDF+F5wROIhyoide5OcgIFnuRD6baAQP4R7hAggEUSZWpWZm0YK3HCqZiBR7sHJ3wp8USPzyX73HGoWVqts4UjRd8TfDxZuCIPe7jI\/CXMWJB7l7pTCCyfJvg8YReFiBh"}
00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":652,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365021,"flow_last_seen":1578508365066,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":415,"flow_tot_l4_payload_len":415,"flow_avg_l4_payload_len":103,"midstream":0,"thread_ts_msec":1578508365066,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.10.218","src_port":56642,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00768{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":652,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365021,"flow_last_seen":1578508365066,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":415,"flow_tot_l4_payload_len":415,"midstream":0,"thread_ts_msec":1578508365066,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.10.218","src_port":56642,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":671,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1578508365074,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365074,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGtGayPh23wKgBuHZf3UMO43zOltsrhKAScSBk2gAAAgQFrAQCCArDycEqItiWJgEDAwc="}
00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":672,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":3,"flow_last_seen":1578508365074,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365074,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGqG7AqAG4sj4dt91Ddl+W2yuEDuN8z4AQECz0awAAAQEICiLYlk3DycEq"}
00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":673,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365029,"flow_last_seen":1578508365075,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":469,"flow_tot_l4_payload_len":469,"flow_avg_l4_payload_len":117,"midstream":0,"thread_ts_msec":1578508365075,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.29.183","src_port":56643,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":700,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365079,"flow_last_seen":1578508365079,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365079,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"172.105.94.62","src_port":56646,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00768{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":673,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365029,"flow_last_seen":1578508365075,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":469,"flow_tot_l4_payload_len":469,"midstream":0,"thread_ts_msec":1578508365075,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.29.183","src_port":56643,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":700,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365079,"flow_last_seen":1578508365079,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365079,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"172.105.94.62","src_port":56646,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":700,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1578508365079,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365079,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGbbDAqAG4rGlePt1Gdl8dOmrnAAAAALAC\/\/\/VAwAAAgQFtAEDAwUBAQgKItiWUQAAAAAEAgAA"}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":702,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_last_seen":1578508365092,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365092,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADEGSEK524U+wKgBuHZf3UWdKkNsjzbHKaASbCBIRwAAAgQFdAQCCAp\/mc8NItiWMgEDAwc="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":703,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_last_seen":1578508365092,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365092,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGOUrAqAG4uduFPt1Fdl+PNscpnSpDbYAQEAzSvAAAAQEICiLYll1\/mc8N"}
00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":718,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365045,"flow_last_seen":1578508365094,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":410,"flow_tot_l4_payload_len":410,"flow_avg_l4_payload_len":102,"midstream":0,"thread_ts_msec":1578508365094,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"185.219.133.62","src_port":56645,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":728,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365094,"flow_last_seen":1578508365094,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365094,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"182.162.161.61","src_port":56647,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00769{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":718,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365045,"flow_last_seen":1578508365094,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":410,"flow_tot_l4_payload_len":410,"midstream":0,"thread_ts_msec":1578508365094,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"185.219.133.62","src_port":56645,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":728,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365094,"flow_last_seen":1578508365094,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365094,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"182.162.161.61","src_port":56647,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":728,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1578508365094,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365094,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGIHjAqAG4tqKhPd1Hdl8HffxGAAAAALAC\/\/8MGQAAAgQFtAEDAwUBAQgKItiWYAAAAAAEAgAA"}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":755,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_last_seen":1578508365104,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365104,"pkt":"KDc3AG3IEBMx8Tl2CABFCAA8AABAADMGeqysaV4+wKgBuHZf3UajVVX7HTpq6KAS\/ojIGAAAAgQFrAQCCAobAQsKItiWUQEDAwc="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":756,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":3,"flow_last_seen":1578508365104,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365104,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGbbzAqAG4rGlePt1Gdl8dOmroo1VV\/IAQECzlIgAAAQEICiLYlmgbAQsK"}
00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":757,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365079,"flow_last_seen":1578508365105,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":474,"flow_tot_l4_payload_len":474,"flow_avg_l4_payload_len":118,"midstream":0,"thread_ts_msec":1578508365105,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"172.105.94.62","src_port":56646,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":900,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365153,"flow_last_seen":1578508365153,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365153,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.250.140","src_port":56650,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00768{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":757,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365079,"flow_last_seen":1578508365105,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":474,"flow_tot_l4_payload_len":474,"midstream":0,"thread_ts_msec":1578508365105,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"172.105.94.62","src_port":56646,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":900,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365153,"flow_last_seen":1578508365153,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365153,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.250.140","src_port":56650,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":900,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1578508365153,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365153,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGWefAqAG4I+T6jN1Kdl95PEStAAAAALAC\/\/+LMAAAAgQFtAEDAwUBAQgKItiWjwAAAAAEAgAA"}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":904,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365154,"flow_last_seen":1578508365154,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365154,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.201.12.87","src_port":56651,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":904,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365154,"flow_last_seen":1578508365154,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365154,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.201.12.87","src_port":56651,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":904,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1578508365154,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365154,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG4TfAqAG4iskMV91Ldl\/HR3E5AAAAALAC\/\/+X6AAAAgQFtAEDAwUBAQgKItiWjwAAAAAEAgAA"}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":924,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365169,"flow_last_seen":1578508365169,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365169,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"176.9.136.209","src_port":56652,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":924,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365169,"flow_last_seen":1578508365169,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365169,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"176.9.136.209","src_port":56652,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":924,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_last_seen":1578508365169,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365169,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGP33AqAG4sAmI0d1Mdl8ouUvbAAAAALAC\/\/+6CgAAAgQFtAEDAwUBAQgKItiWngAAAAAEAgAA"}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":928,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":1578508365186,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365186,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIG7zuKyQxXwKgBuHZf3Uu6UG6Lx0dxOqAScSDP1QAAAgQFrAQCCAq1b4mgItiWjwEDAwc="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":929,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_last_seen":1578508365186,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365186,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG4UPAqAG4iskMV91Ldl\/HR3E6ulBujIAQECxfbwAAAQEICiLYlq61b4mg"}
00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":932,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365154,"flow_last_seen":1578508365187,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":417,"flow_tot_l4_payload_len":417,"flow_avg_l4_payload_len":104,"midstream":0,"thread_ts_msec":1578508365187,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.201.12.87","src_port":56651,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":954,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365189,"flow_last_seen":1578508365189,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365189,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"85.214.108.52","src_port":56654,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00768{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":932,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365154,"flow_last_seen":1578508365187,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":417,"flow_tot_l4_payload_len":417,"midstream":0,"thread_ts_msec":1578508365187,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.201.12.87","src_port":56651,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":954,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365189,"flow_last_seen":1578508365189,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365189,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"85.214.108.52","src_port":56654,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":954,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1578508365189,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365189,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGtk3AqAG4VdZsNN1Odl+\/h8KiAAAAALAC\/\/8jMQAAAgQFtAEDAwUBAQgKItiWsAAAAAAEAgAA"}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":955,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365189,"flow_last_seen":1578508365189,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508365189,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":955,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365189,"flow_last_seen":1578508365189,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508365189,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":955,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1578508365189,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_msec":1578508365189,"pkt":"EBMx8Tl2KDc3AG3ICABFAACcflcAAEARfx\/AqAG4Etunn3Zfdl8AiGnBB7Pc5ZlsDZTbUrqaaoRxeL1l7Crbcxf\/BOXFZNGdyZsOxpmBlW67u9+KWe59CkWnKw2GIsEnEKk87oxTf3me3BvKcrMQD0jXMXlBXiHkLViPnwRaOVxyx4odh7D\/BO97AAHdBMuEfwAAAYJ2X4J2X8mEEtunn4J2X4CEXhYgYQU="}
00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":955,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365189,"flow_last_seen":1578508365189,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508365189,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":987,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365194,"flow_last_seen":1578508365194,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365194,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":56655,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":955,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365189,"flow_last_seen":1578508365189,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508365189,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":987,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365194,"flow_last_seen":1578508365194,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365194,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":56655,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":987,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1578508365194,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365194,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGkX3AqAG4ynAcat1Pdl84sWAlAAAAALAC\/\/\/nsAAAAgQFtAEDAwUBAQgKItiWswAAAAAEAgAA"}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1015,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_last_seen":1578508365201,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365201,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIGTYGwCYjRwKgBuHZf3UxCOLg9KLlL3KAScSB8NwAAAgQFrAQCCAqsVDbiItiWngEDAwc="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1016,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":3,"flow_last_seen":1578508365202,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365202,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGP4nAqAG4sAmI0d1Mdl8ouUvcQji4PoAQECwL1AAAAQEICiLYlrqsVDbi"}
00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1017,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365169,"flow_last_seen":1578508365203,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":531,"flow_tot_l4_payload_len":531,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1578508365203,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"176.9.136.209","src_port":56652,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00769{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1017,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365169,"flow_last_seen":1578508365203,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":531,"flow_tot_l4_payload_len":531,"midstream":0,"thread_ts_msec":1578508365203,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"176.9.136.209","src_port":56652,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1018,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":1578508365210,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365210,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADYGY+sj5PqMwKgBuHZf3UovaHbWeTxErqASbgBmbgAAAgQFjAQCCAqaQodaItiWjwEDAwc="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1019,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_last_seen":1578508365210,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365210,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGWfPAqAG4I+T6jN1Kdl95PESuL2h214AQECjytwAAAQEICiLYlsKaQoda"}
00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1028,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365153,"flow_last_seen":1578508365212,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":462,"flow_tot_l4_payload_len":462,"flow_avg_l4_payload_len":115,"midstream":0,"thread_ts_msec":1578508365212,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.250.140","src_port":56650,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1028,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365153,"flow_last_seen":1578508365212,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":462,"flow_tot_l4_payload_len":462,"midstream":0,"thread_ts_msec":1578508365212,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.250.140","src_port":56650,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1061,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_last_seen":1578508365223,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365223,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIGxFFV1mw0wKgBuHZf3U5vpmVtv4fCo6ASOJBjegAAAgQFrAQCCApls11ZItiWsAEDAwc="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1062,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":3,"flow_last_seen":1578508365223,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365223,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGtlnAqAG4VdZsNN1Odl+\/h8Kjb6ZlboAQECy6hQAAAQEICiLYls1ls11Z"}
00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1071,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365189,"flow_last_seen":1578508365225,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":508,"flow_tot_l4_payload_len":508,"flow_avg_l4_payload_len":127,"midstream":0,"thread_ts_msec":1578508365225,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"85.214.108.52","src_port":56654,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1083,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365226,"flow_last_seen":1578508365226,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365226,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.75.171.190","src_port":56657,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00769{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1071,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365189,"flow_last_seen":1578508365225,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":508,"flow_tot_l4_payload_len":508,"midstream":0,"thread_ts_msec":1578508365225,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"85.214.108.52","src_port":56654,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1083,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365226,"flow_last_seen":1578508365226,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365226,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.75.171.190","src_port":56657,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1083,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_last_seen":1578508365226,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365226,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGQk7AqAG4ikurvt1Rdl8erUWUAAAAALAC\/\/\/M9wAAAgQFtAEDAwUBAQgKItiW0AAAAAAEAgAA"}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1104,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365239,"flow_last_seen":1578508365239,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365239,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"157.230.152.87","src_port":56658,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1104,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365239,"flow_last_seen":1578508365239,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365239,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"157.230.152.87","src_port":56658,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1104,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_last_seen":1578508365239,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365239,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGQhrAqAG4neaYV91Sdl9OT1qyAAAAALAC\/\/+H9wAAAgQFtAEDAwUBAQgKItiW2wAAAAAEAgAA"}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1189,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365271,"flow_last_seen":1578508365271,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365271,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.161.23.12","src_port":56660,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1189,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365271,"flow_last_seen":1578508365271,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365271,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.161.23.12","src_port":56660,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1189,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_last_seen":1578508365271,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365271,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGLavAqAG4M6EXDN1Udl9XVw7PAAAAALAC\/\/+2RQAAAgQFtAEDAwUBAQgKItiW9wAAAAAEAgAA"}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1195,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365279,"flow_last_seen":1578508365279,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365279,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.9.128.68","src_port":56661,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1195,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365279,"flow_last_seen":1578508365279,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365279,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.9.128.68","src_port":56661,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1195,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_last_seen":1578508365279,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365279,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGxArAqAG4NAmARN1Vdl\/t7etbAAAAALAC\/\/\/ZeQAAAgQFtAEDAwUBAQgKItiW\/gAAAAAEAgAA"}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1208,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365295,"flow_last_seen":1578508365295,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365295,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.229.232.19","src_port":56662,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1208,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365295,"flow_last_seen":1578508365295,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365295,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.229.232.19","src_port":56662,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1208,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_last_seen":1578508365295,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365295,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGbF\/AqAG4I+XoE91Wdl\/o6wkCAAAAALAC\/\/9pGwAAAgQFtAEDAwUBAQgKItiXDAAAAAAEAgAA"}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1220,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365300,"flow_last_seen":1578508365300,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365300,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"124.217.235.180","src_port":56663,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1220,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365300,"flow_last_seen":1578508365300,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365300,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"124.217.235.180","src_port":56663,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1220,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_last_seen":1578508365300,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365300,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGD8rAqAG4fNnrtN1Xdl9L2gYiAAAAALAC\/\/+scgAAAgQFtAEDAwUBAQgKItiXEAAAAAAEAgAA"}
00641{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1239,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_last_seen":1578508365315,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"thread_ts_msec":1578508365315,"pkt":"KDc3AG3IEBMx8Tl2CABFAACymwlAACMRP1cS26efwKgBuHZfdl8AnsFrVj4puAH6ZgARKbHJmno0oUTDSx6ME3WyQvgYFdLFf82IMxF0n+9n2kTCv9WKp0W5OWAeoQIHesUQlOhBZUox8XuUKjSw2r\/cLxIh6clEUwjRudwx4mptlXU2a3WMaDxBAALzy4RPFs69gun3gnZfoAez3OWZbA2U21K6mmqEcXi9Zewq23MX\/wTlxWTRncmbhF4WIGEK"}
00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1240,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":3,"flow_last_seen":1578508365315,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_msec":1578508365315,"pkt":"KDc3AG3IEBMx8Tl2CABFAACcmwpAACMRP2wS26efwKgBuHZfdl8AiLphceZOwZGufNXFAvXWI774ooc6PkwC6kxvzCm0BhiTs\/TWig3gE4P3+Y0lY\/Fll4rTUKnacLSuqKdSUAk7eTbz218E2dS8j3sLMJigll9ziTSt7jKgE6R7GxELpoJhO+ReAQHdBMuEEtunn4J2X4J2X8mETxbOvYLp94CEXhYgYQo="}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1315,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365408,"flow_last_seen":1578508365408,"flow_idle_time":200000,"flow_min_l4_payload_len":129,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":129,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1578508365408,"l3_proto":"ip4","src_ip":"183.129.242.164","dst_ip":"192.168.1.184","src_port":1024,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1315,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365408,"flow_last_seen":1578508365408,"flow_idle_time":200000,"flow_min_l4_payload_len":129,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":129,"midstream":0,"thread_ts_msec":1578508365408,"l3_proto":"ip4","src_ip":"183.129.242.164","dst_ip":"192.168.1.184","src_port":1024,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00616{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1315,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_last_seen":1578508365408,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1578508365408,"pkt":"KDc3AG3IEBMx8Tl2CABFAACdhY9AAC4RWjq3gfKkwKgBuAQAdl8AiS5Y3VkKujBE9K5giYMoNotbt65xxd7ko3VSXKgTCSaupxKnp71rmT0XRsX6xoF5macEurqmdfib0\/9m0ybRIVy\/Qzz+\/\/zwyKtEHKyC9Xjjwvc8TLpzNetXjDWFS0pbC\/Z0AQHeBcuErBRsfYJ2X4J2X8uETxbOvYLp94J2X4ReFiBh"}
00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1315,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365408,"flow_last_seen":1578508365408,"flow_idle_time":200000,"flow_min_l4_payload_len":129,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":129,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1578508365408,"l3_proto":"ip4","src_ip":"183.129.242.164","dst_ip":"192.168.1.184","src_port":1024,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00771{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1315,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365408,"flow_last_seen":1578508365408,"flow_idle_time":200000,"flow_min_l4_payload_len":129,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":129,"midstream":0,"thread_ts_msec":1578508365408,"l3_proto":"ip4","src_ip":"183.129.242.164","dst_ip":"192.168.1.184","src_port":1024,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00642{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1316,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_last_seen":1578508365409,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"thread_ts_msec":1578508365409,"pkt":"EBMx8Tl2KDc3AG3ICABFAACy8oAAAEARGzTAqAG4t4HypHZfBAAAnqbvG70JBv5PXjvCBbR1Rp7tYoTQJi2jMUD7JOn6eWv9REwRmFSXtYoHsvszWP\/amLZkv0asbrMZoJOaxU2yggG3KzVpk0IKmRZiX\/KGqSOqaOPD2NnZ\/WIPpNjQN9gDidCOAQLzy4S3gfKkggQAgnZfoN1ZCrowRPSuYImDKDaLW7euccXe5KN1UlyoEwkmrqcShF4WIGEF"}
00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1317,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":3,"flow_last_seen":1578508365409,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_msec":1578508365409,"pkt":"EBMx8Tl2KDc3AG3ICABFAACc4fIAAEARK9jAqAG4t4HypHZfBAAAiACVOpGBWjTeJor2OHTFdIkJfHanNwusT7Z+X6ZhMccUpEYH1blVudB+7Lhiy59WZ4RAivu0dgr\/6z5c18c2wNa0j2NMO4UV7uXk8QqS8l0iv7COflKJEb7GBR6jLr1IE7ZSAQHdBMuEfwAAAYJ2X4J2X8mEt4HypIIEAICEXhYgYQU="}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1318,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_last_seen":1578508365411,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365411,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADEGPK8zoRcMwKgBuHZf3VQuhVQAV1cO0KAScSARYwAAAgQFrAQCCAo+6INOItiW9wEDAwc="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1319,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":3,"flow_last_seen":1578508365411,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365411,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGLbfAqAG4M6EXDN1Udl9XVw7QLoVUAYAQECygnAAAAQEICiLYl3Y+6INO"}
00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1320,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365271,"flow_last_seen":1578508365413,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":573,"flow_tot_l4_payload_len":573,"flow_avg_l4_payload_len":143,"midstream":0,"thread_ts_msec":1578508365413,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.161.23.12","src_port":56660,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00768{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1320,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365271,"flow_last_seen":1578508365413,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":573,"flow_tot_l4_payload_len":573,"midstream":0,"thread_ts_msec":1578508365413,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.161.23.12","src_port":56660,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1321,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_last_seen":1578508365419,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365419,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADAGUh6d5phXwKgBuHZf3VIVkuQhTk9as6AScSDAlwAAAgQFrAQCCAq827CpItiW2wEDAwc="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1322,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":3,"flow_last_seen":1578508365419,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365419,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGQibAqAG4neaYV91Sdl9OT1qzFZLkIoAQECxPsAAAAQEICiLYl3u827Cp"}
00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1323,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365239,"flow_last_seen":1578508365420,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":583,"flow_tot_l4_payload_len":583,"flow_avg_l4_payload_len":145,"midstream":0,"thread_ts_msec":1578508365420,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"157.230.152.87","src_port":56658,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1323,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365239,"flow_last_seen":1578508365420,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":583,"flow_tot_l4_payload_len":583,"midstream":0,"thread_ts_msec":1578508365420,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"157.230.152.87","src_port":56658,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1339,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_last_seen":1578508365458,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365458,"pkt":"KDc3AG3IEBMx8Tl2CABFCAA8AABAACwG2AY0CYBEwKgBuHZf3VXR7JfX7e3rXKASaN9TlwAAAgQFrAQCCAqDIEEYItiW\/gEDAwc="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1340,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_last_seen":1578508365458,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365458,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGxBbAqAG4NAmARN1Vdl\/t7etc0eyX2IAQECzabQAAAQEICiLYl5+DIEEY"}
00762{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1341,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365279,"flow_last_seen":1578508365460,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":472,"flow_tot_l4_payload_len":472,"flow_avg_l4_payload_len":118,"midstream":0,"thread_ts_msec":1578508365460,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.9.128.68","src_port":56661,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1342,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365461,"flow_last_seen":1578508365461,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508365461,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00767{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1341,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365279,"flow_last_seen":1578508365460,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":472,"flow_tot_l4_payload_len":472,"midstream":0,"thread_ts_msec":1578508365460,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.9.128.68","src_port":56661,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1342,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365461,"flow_last_seen":1578508365461,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508365461,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1342,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_last_seen":1578508365461,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_msec":1578508365461,"pkt":"EBMx8Tl2KDc3AG3ICABFAACcQtMAAEARjkPAqAG4ynAcanZfdl8AiDkPCEixaJX\/9thQC0r9cGcsCeen+iETb10JXBU9BZQL28M1nK8vCE6bMd2SC2XGliMqSbi8oqYHUjyrBa753h2KySNTFNso18+nMzMVWvdibnHX4lluxe+\/vRPiYB2kYX3uAAHdBMuEfwAAAYJ2X4J2X8mEynAcaoJ2X4CEXhYgYQU="}
00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1342,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365461,"flow_last_seen":1578508365461,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508365461,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00771{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1342,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365461,"flow_last_seen":1578508365461,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508365461,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1343,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_last_seen":1578508365465,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365465,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACsGNXy2oqE9wKgBuHZf3Ueh\/8nUB338R6ASOJDbwAAAAgQFrAQCCAo8EmDbItiWYAEDAwc="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1344,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_last_seen":1578508365465,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365465,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGIITAqAG4tqKhPd1Hdl8HffxHof\/J1YAQECwxpAAAAQEICiLYl6U8EmDb"}
00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1345,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365094,"flow_last_seen":1578508365466,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":522,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":130,"midstream":0,"thread_ts_msec":1578508365466,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"182.162.161.61","src_port":56647,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1345,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365094,"flow_last_seen":1578508365466,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":522,"flow_tot_l4_payload_len":522,"midstream":0,"thread_ts_msec":1578508365466,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"182.162.161.61","src_port":56647,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1346,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_last_seen":1578508365485,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365485,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAAC0GVVKKS6u+wKgBuHZf3VEGdfqIHq1FlaAS\/og\/VgAAAgQFrAQCCAqkAfsSItiW0AEDAwc="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1347,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":3,"flow_last_seen":1578508365485,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365485,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGQlrAqAG4ikurvt1Rdl8erUWVBnX6iYAQECxbjgAAAQEICiLYl7mkAfsS"}
00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1348,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365226,"flow_last_seen":1578508365487,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":539,"flow_tot_l4_payload_len":539,"flow_avg_l4_payload_len":134,"midstream":0,"thread_ts_msec":1578508365487,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.75.171.190","src_port":56657,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1373,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365567,"flow_last_seen":1578508365567,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508365567,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"106.12.39.168","src_port":30303,"dst_port":30333,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1348,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365226,"flow_last_seen":1578508365487,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":539,"flow_tot_l4_payload_len":539,"midstream":0,"thread_ts_msec":1578508365487,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.75.171.190","src_port":56657,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1373,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365567,"flow_last_seen":1578508365567,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508365567,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"106.12.39.168","src_port":30303,"dst_port":30333,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1373,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_last_seen":1578508365567,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_msec":1578508365567,"pkt":"EBMx8Tl2KDc3AG3ICABFAACcHIoAAEARCbPAqAG4agwnqHZfdn0AiGszdDnl2LgHwUzwnp\/NUaAjl2\/6ukAyoGtKBC9U9NcJJ2SSjY1bIBQONPG3UmfcMXvTBTN6oZMu6GXIBxr9UadDckfonN6CsHl3H7EBI7wV8mnDuf+AbUa\/i02tPDo+DL09AAHdBMuEfwAAAYJ2X4J2X8mEagwnqIJ2fYCEXhYgYQU="}
00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1373,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365567,"flow_last_seen":1578508365567,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508365567,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"106.12.39.168","src_port":30303,"dst_port":30333,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1385,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365588,"flow_last_seen":1578508365588,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365588,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":56670,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1373,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365567,"flow_last_seen":1578508365567,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508365567,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"106.12.39.168","src_port":30303,"dst_port":30333,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1385,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365588,"flow_last_seen":1578508365588,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365588,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":56670,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1385,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_last_seen":1578508365588,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365588,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGVs\/AqAG4p1Z6Mt1edl9ccbjwAAAAALAC\/\/8vAQAAAgQFtAEDAwUBAQgKItiYGgAAAAAEAgAA"}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1386,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365592,"flow_last_seen":1578508365592,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365592,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"86.107.243.62","src_port":56671,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1386,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365592,"flow_last_seen":1578508365592,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365592,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"86.107.243.62","src_port":56671,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1386,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_last_seen":1578508365592,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365592,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGLq7AqAG4VmvzPt1fdl9sf4vVAAAAALAC\/\/8j6AAAAgQFtAEDAwUBAQgKItiYHgAAAAAEAgAA"}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1387,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_last_seen":1578508365593,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365593,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0AABAADQGeGsj5egTwKgBuHZf3VbzHyaM6OsJA4ASbvDSjgAAAgQFjAEBBAIBAwMH"}
00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1388,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":3,"flow_last_seen":1578508365593,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1578508365593,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGbHfAqAG4I+XoE91Wdl\/o6wkD8x8mjVAQIABiKQAA"}
00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1389,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365295,"flow_last_seen":1578508365594,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":435,"flow_tot_l4_payload_len":435,"flow_avg_l4_payload_len":108,"midstream":0,"thread_ts_msec":1578508365594,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.229.232.19","src_port":56662,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00769{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1389,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365295,"flow_last_seen":1578508365594,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":435,"flow_tot_l4_payload_len":435,"midstream":0,"thread_ts_msec":1578508365594,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.229.232.19","src_port":56662,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1413,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1578508365619,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365619,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGH3XAqAG4BQFT4t0xdl\/cLTE7AAAAALAC\/\/\/\/rwAAAgQFtAEDAwUBAQgKItiYNwAAAAAEAgAA"}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1414,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_last_seen":1578508365628,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365628,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACcGqoHKcBxqwKgBuHZf3U9YWyaeOLFgJqAScSDw0wAAAgQFrAQCCAonH\/CcItiWswEDAwg="}
00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1415,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_last_seen":1578508365628,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365628,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGkYnAqAG4ynAcat1Pdl84sWAmWFsmn4AQECx\/AQAAAQEICiLYmD8nH\/Cc"}
00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1416,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365194,"flow_last_seen":1578508365630,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":494,"flow_tot_l4_payload_len":494,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":1578508365630,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":56655,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1416,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365194,"flow_last_seen":1578508365630,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":494,"flow_tot_l4_payload_len":494,"midstream":0,"thread_ts_msec":1578508365630,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":56655,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1417,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":2,"flow_last_seen":1578508365631,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365631,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIGPLJWa\/M+wKgBuHZf3V\/moIrRbH+L1qAScSBDVwAAAgQFrAQCCApQzL4rItiYHgEDAwc="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1418,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":3,"flow_last_seen":1578508365631,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365631,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGLrrAqAG4VmvzPt1fdl9sf4vW5qCK0oAQECzS7AAAAQEICiLYmEFQzL4r"}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1419,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_last_seen":1578508365631,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365631,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADMGY9OnVnoywKgBuHZf3V5M8kZiXHG48aAScSAfsAAAAgQFrAQCCArTe0haItiYGgEDAwc="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1420,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":3,"flow_last_seen":1578508365631,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365631,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGVtvAqAG4p1Z6Mt1edl9ccbjxTPJGY4AQECyvQQAAAQEICiLYmEHTe0ha"}
00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1421,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365592,"flow_last_seen":1578508365632,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":540,"flow_tot_l4_payload_len":540,"flow_avg_l4_payload_len":135,"midstream":0,"thread_ts_msec":1578508365632,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"86.107.243.62","src_port":56671,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1422,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365588,"flow_last_seen":1578508365633,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":389,"flow_tot_l4_payload_len":389,"flow_avg_l4_payload_len":97,"midstream":0,"thread_ts_msec":1578508365633,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":56670,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00769{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1421,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365592,"flow_last_seen":1578508365632,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":540,"flow_tot_l4_payload_len":540,"midstream":0,"thread_ts_msec":1578508365632,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"86.107.243.62","src_port":56671,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00769{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1422,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365588,"flow_last_seen":1578508365633,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":389,"flow_tot_l4_payload_len":389,"midstream":0,"thread_ts_msec":1578508365633,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":56670,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1463,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_last_seen":1578508365688,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365688,"pkt":"KDc3AG3IEBMx8Tl2CABFCAA8AABAACwGI8Z82eu0wKgBuHZf3VfxiPe9S9oGI6AScSAoCwAAAgQFrAQCCArI+HIBItiXEAEDAwc="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1464,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_last_seen":1578508365688,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365688,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGD9bAqAG4fNnrtN1Xdl9L2gYj8Yj3voAQECy2XAAAAQEICiLYmHfI+HIB"}
00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1465,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365300,"flow_last_seen":1578508365690,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":545,"flow_tot_l4_payload_len":545,"flow_avg_l4_payload_len":136,"midstream":0,"thread_ts_msec":1578508365690,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"124.217.235.180","src_port":56663,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1484,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365701,"flow_last_seen":1578508365701,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365701,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"139.162.255.210","src_port":56672,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00771{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1465,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365300,"flow_last_seen":1578508365690,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":545,"flow_tot_l4_payload_len":545,"midstream":0,"thread_ts_msec":1578508365690,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"124.217.235.180","src_port":56663,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1484,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365701,"flow_last_seen":1578508365701,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365701,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"139.162.255.210","src_port":56672,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1484,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_last_seen":1578508365701,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365701,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG7OLAqAG4i6L\/0t1gdl\/B\/P6FAAAAALAC\/\/8ZigAAAgQFtAEDAwUBAQgKItiYggAAAAAEAgAA"}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1517,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365712,"flow_last_seen":1578508365712,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365712,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"78.47.147.155","src_port":56673,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1517,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365712,"flow_last_seen":1578508365712,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365712,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"78.47.147.155","src_port":56673,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1517,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_last_seen":1578508365712,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365712,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGlo3AqAG4Ti+Tm91hdl8xKZuYAAAAALAC\/\/+26gAAAgQFtAEDAwUBAQgKItiYjAAAAAAEAgAA"}
00669{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1521,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1578508365736,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1578508365736,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHpIMAAEARoqnAqAG4b+UAtHZfTtYAsxSK2l5Lj\/FNPSwNskN7KXHg69sINFX5NaCleeEwgXwmONn61xupKUye1QOfHD1DMyDw8Rv4bxSGME4AJ9XC7q+0Pwz+NqNAUtNYGL1TDF+F5wROIhyoide5OcgIFnuRD6baAQP4R7hAggEUSZWpWZm0YK3HCqZiBR7sHJ3wp8USPzyX73HGoWVqts4UjRd8TfDxZuCIPe7jI\/CXMWJB7l7pTCCyfJvg8YReFiBh"}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1536,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365741,"flow_last_seen":1578508365741,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365741,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"94.68.55.162","src_port":56674,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1536,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365741,"flow_last_seen":1578508365741,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365741,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"94.68.55.162","src_port":56674,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1536,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_last_seen":1578508365741,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365741,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG4nHAqAG4XkQ3ot1idl9YCAHzAAAAALAC\/\/91dwAAAgQFtAEDAwUBAQgKItiYqQAAAAAEAgAA"}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1539,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":2,"flow_last_seen":1578508365742,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365742,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIG+uaLov\/SwKgBuHZf3WDeocLiwfz+hqAS\/ogDJwAAAgQFrAQCCArjm6OzItiYggEDAwc="}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1540,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":3,"flow_last_seen":1578508365742,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365742,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG7O7AqAG4i6L\/0t1gdl\/B\/P6G3qHC44AQECwgIAAAAQEICiLYmKrjm6Oz"}
00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1543,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365701,"flow_last_seen":1578508365744,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":386,"flow_tot_l4_payload_len":386,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1578508365744,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"139.162.255.210","src_port":56672,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1566,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365751,"flow_last_seen":1578508365751,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365751,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.235.37.216","src_port":56675,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00771{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1543,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365701,"flow_last_seen":1578508365744,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":386,"flow_tot_l4_payload_len":386,"midstream":0,"thread_ts_msec":1578508365744,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"139.162.255.210","src_port":56672,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1566,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365751,"flow_last_seen":1578508365751,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365751,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.235.37.216","src_port":56675,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1566,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_last_seen":1578508365751,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365751,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGLpXAqAG4I+sl2N1jdl9d8bObAAAAALAC\/\/8KAAAAAgQFtAEDAwUBAQgKItiYsQAAAAAEAgAA"}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1567,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":2,"flow_last_seen":1578508365752,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365752,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAAC4GqJFOL5ObwKgBuHZf3WHPYyPBMSmbmaAScSA0jAAAAgQFrAQCCApPJ9\/rItiYjAEDAwc="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1568,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":3,"flow_last_seen":1578508365753,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365753,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGlpnAqAG4Ti+Tm91hdl8xKZuZz2MjwoAQECzEHgAAAQEICiLYmLJPJ9\/r"}
00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1569,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365712,"flow_last_seen":1578508365754,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":567,"flow_tot_l4_payload_len":567,"flow_avg_l4_payload_len":141,"midstream":0,"thread_ts_msec":1578508365754,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"78.47.147.155","src_port":56673,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00769{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1569,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365712,"flow_last_seen":1578508365754,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":567,"flow_tot_l4_payload_len":567,"midstream":0,"thread_ts_msec":1578508365754,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"78.47.147.155","src_port":56673,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1581,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":2,"flow_last_seen":1578508365776,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365776,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADsGM5kj6yXYwKgBuHZf3WOqScTQXfGznKAS\/ohykQAAAgQFrAQCCAo1IQWkItiYsQEDAwc="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1582,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":3,"flow_last_seen":1578508365777,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365777,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGLqHAqAG4I+sl2N1jdl9d8bOcqknE0YAQECyPmwAAAQEICiLYmMg1IQWk"}
00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1583,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365751,"flow_last_seen":1578508365778,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":530,"flow_tot_l4_payload_len":530,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1578508365778,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.235.37.216","src_port":56675,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00769{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1583,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365751,"flow_last_seen":1578508365778,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":530,"flow_tot_l4_payload_len":530,"midstream":0,"thread_ts_msec":1578508365778,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.235.37.216","src_port":56675,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00669{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1586,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1578508365781,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1578508365781,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHjqoAAEARyLjAqAG40WGPAXZfw1AAs7BF2l5Lj\/FNPSwNskN7KXHg69sINFX5NaCleeEwgXwmONn61xupKUye1QOfHD1DMyDw8Rv4bxSGME4AJ9XC7q+0Pwz+NqNAUtNYGL1TDF+F5wROIhyoide5OcgIFnuRD6baAQP4R7hAggEUSZWpWZm0YK3HCqZiBR7sHJ3wp8USPzyX73HGoWVqts4UjRd8TfDxZuCIPe7jI\/CXMWJB7l7pTCCyfJvg8YReFiBh"}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1645,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":2,"flow_last_seen":1578508365813,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365813,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADAG8nVeRDeiwKgBuHZf3WKbomHRWAgB9KAScSDEJQAAAgQFrAQCCAppF+qfItiYqQEDAwc="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1646,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":3,"flow_last_seen":1578508365813,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365813,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG4n3AqAG4XkQ3ot1idl9YCAH0m6Jh0oAQECxToAAAAQEICiLYmOdpF+qf"}
00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1647,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365741,"flow_last_seen":1578508365814,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"thread_ts_msec":1578508365814,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"94.68.55.162","src_port":56674,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1664,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365828,"flow_last_seen":1578508365828,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365828,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.251.14.199","src_port":56678,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00768{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1647,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365741,"flow_last_seen":1578508365814,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"midstream":0,"thread_ts_msec":1578508365814,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"94.68.55.162","src_port":56674,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1664,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365828,"flow_last_seen":1578508365828,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365828,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.251.14.199","src_port":56678,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1664,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_last_seen":1578508365828,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365828,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGW5bAqAG4DfsOx91mdl9PCwRhAAAAALAC\/\/\/02wAAAgQFtAEDAwUBAQgKItiY9AAAAAAEAgAA"}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1691,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365846,"flow_last_seen":1578508365846,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365846,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.158.52","src_port":56679,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1691,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365846,"flow_last_seen":1578508365846,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365846,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.158.52","src_port":56679,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1691,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_last_seen":1578508365846,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365846,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGtj\/AqAG4I+SeNN1ndl9FuX9aAAAAALAC\/\/\/dzAAAAgQFtAEDAwUBAQgKItiZBAAAAAAEAgAA"}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1710,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365852,"flow_last_seen":1578508365852,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365852,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.59.17.58","src_port":56680,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1710,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365852,"flow_last_seen":1578508365852,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365852,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.59.17.58","src_port":56680,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1710,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_last_seen":1578508365852,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365852,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG3OLAqAG4ijsROt1odl\/ttHvbAAAAALAC\/\/9f7QAAAgQFtAEDAwUBAQgKItiZCQAAAAAEAgAA"}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1750,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365885,"flow_last_seen":1578508365885,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365885,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"207.180.206.216","src_port":56681,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1750,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365885,"flow_last_seen":1578508365885,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365885,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"207.180.206.216","src_port":56681,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1750,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_last_seen":1578508365885,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365885,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG2crAqAG4z7TO2N1pdl+dzwtmAAAAALAC\/\/8dEQAAAgQFtAEDAwUBAQgKItiZJwAAAAAEAgAA"}
00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1770,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_last_seen":1578508365899,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":191,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":191,"pkt_l4_len":157,"thread_ts_msec":1578508365899,"pkt":"KDc3AG3IEBMx8Tl2CABFAACxNvdAACcRcwrKcBxqwKgBuHZfdl8AnfAw9M4wDHlezlLb\/XVAde5xoPK0MYWPqo8wL1hvUi9RDAnTme70\/IGTzT1fYmed3PImx\/QlqjXSlKRDpOJrSqown1EL4xkYxe9gDpH7mkxI5SW3Td37cSNZr69+s5vwesE7AQLyy4RPFs69gun3gnZfoAhIsWiV\/\/bYUAtK\/XBnLAnnp\/ohE29dCVwVPQWUC9vDhF4WIGE="}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1771,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":2,"flow_last_seen":1578508365903,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365903,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADUGwUMj5J40wKgBuHZf3Weyx8H3Rbl\/W6AS\/ogN9wAAAgQFrAQCCAqAlezxItiZBAEDAwc="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1772,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":3,"flow_last_seen":1578508365903,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365903,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGtkvAqAG4I+SeNN1ndl9FuX9bssfB+IAQECwq5AAAAQEICiLYmTiAlezx"}
00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1773,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365846,"flow_last_seen":1578508365904,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":386,"flow_tot_l4_payload_len":386,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1578508365904,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.158.52","src_port":56679,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1774,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365919,"flow_last_seen":1578508365919,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508365919,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00769{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1773,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365846,"flow_last_seen":1578508365904,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":386,"flow_tot_l4_payload_len":386,"midstream":0,"thread_ts_msec":1578508365904,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.158.52","src_port":56679,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1774,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365919,"flow_last_seen":1578508365919,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508365919,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1774,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_last_seen":1578508365919,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_msec":1578508365919,"pkt":"EBMx8Tl2KDc3AG3ICABFAACc44MAAEARsuTAqAG4p1Z6MnZfdl8AiFGIcmRL\/sJ+HmBFF7n+UfEKJLvDdBgdKzSECJqxpMbuAWJCFnSyz1LOPGHXvK4XvgJfd8y9TVVaoZxiY0SgM1nuu1KcsxmveZ1Iboux45kEq0UHna5hbl98Bua+Zy2zz7pAAAHdBMuEfwAAAYJ2X4J2X8mEp1Z6MoJ2X4CEXhYgYQU="}
00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1774,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365919,"flow_last_seen":1578508365919,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508365919,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1774,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365919,"flow_last_seen":1578508365919,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508365919,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1775,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":2,"flow_last_seen":1578508365925,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365925,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADMG5s7PtM7YwKgBuHZf3WknDwC1nc8LZ6AScSCqDAAAAgQFrAQCCApcfI6dItiZJwEDAwc="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1776,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":3,"flow_last_seen":1578508365926,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365926,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG2dbAqAG4z7TO2N1pdl+dzwtnJw8AtoAQECw5oAAAAQEICiLYmUxcfI6d"}
00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1777,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365885,"flow_last_seen":1578508365927,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":125,"midstream":0,"thread_ts_msec":1578508365927,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"207.180.206.216","src_port":56681,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00771{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1777,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365885,"flow_last_seen":1578508365927,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"midstream":0,"thread_ts_msec":1578508365927,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"207.180.206.216","src_port":56681,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00636{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1780,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":2,"flow_last_seen":1578508365951,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":189,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":189,"pkt_l4_len":155,"thread_ts_msec":1578508365951,"pkt":"KDc3AG3IEBMx8Tl2CABFAACvrTpAADMRthqnVnoywKgBuHZfdl8AmyGXAff4avCCJKd8iLkYnGp5WBGcR5kwKjaGYfuGK7O5Pxha3PZrVargsE3sp+V969kCE0ZShXRyP212X0\/ogX+KLxU0BMrg9yur0MCSn4OC+hF8e78p1SovnEhcJv1j5UvsAALwyYSnVnoygnZfgKByZEv+wn4eYEUXuf5R8Qoku8N0GB0rNIQImrGkxu4BYoReFiBh"}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1835,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508366005,"flow_last_seen":1578508366005,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508366005,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.83.237.44","src_port":56684,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1835,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508366005,"flow_last_seen":1578508366005,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508366005,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.83.237.44","src_port":56684,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1835,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_last_seen":1578508366005,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508366005,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGV9jAqAG4M1PtLN1sdl8dp4x2AAAAALAC\/\/+ZwwAAAgQFtAEDAwUBAQgKItiZlwAAAAAEAgAA"}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1857,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508366020,"flow_last_seen":1578508366020,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508366020,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"88.99.93.219","src_port":56685,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1857,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508366020,"flow_last_seen":1578508366020,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508366020,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"88.99.93.219","src_port":56685,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1857,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_last_seen":1578508366020,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508366020,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGwhnAqAG4WGNd291tdl+CSdQcAAAAALAC\/\/9XrgAAAgQFtAEDAwUBAQgKItiZpAAAAAAEAgAA"}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1862,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1578508366029,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508366029,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGjuvAqAG4I+nFg909dl+ptEcpAAAAALAC\/\/+KMAAAAgQFtAEDAwUBAQgKItiZrAAAAAAEAgAA"}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1883,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":2,"flow_last_seen":1578508366047,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508366047,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAAC4GadwzU+0swKgBuHZf3WzP3gWFHaeMd6AScSA1dQAAAgQFrAQCCAppVMVvItiZlwEDAwc="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1884,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":3,"flow_last_seen":1578508366048,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508366048,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGV+TAqAG4M1PtLN1sdl8dp4x3z94FhoAQECzFBwAAAQEICiLYmb1pVMVv"}
00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1885,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508366005,"flow_last_seen":1578508366049,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":561,"flow_tot_l4_payload_len":561,"flow_avg_l4_payload_len":140,"midstream":0,"thread_ts_msec":1578508366049,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.83.237.44","src_port":56684,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00768{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1885,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508366005,"flow_last_seen":1578508366049,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":561,"flow_tot_l4_payload_len":561,"midstream":0,"thread_ts_msec":1578508366049,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.83.237.44","src_port":56684,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1886,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":2,"flow_last_seen":1578508366053,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508366053,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQG6OaKOxE6wKgBuHZf3Wh1cVfy7bR73KAScSDVxwAAAgQFrAQCCArYuYPhItiZCQEDAwc="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1887,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":3,"flow_last_seen":1578508366053,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508366053,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG3O7AqAG4ijsROt1odl\/ttHvcdXFX84AQECxkxwAAAQEICiLYmcLYuYPh"}
00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1888,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365852,"flow_last_seen":1578508366055,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":447,"flow_tot_l4_payload_len":447,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1578508366055,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.59.17.58","src_port":56680,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00768{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1888,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365852,"flow_last_seen":1578508366055,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":447,"flow_tot_l4_payload_len":447,"midstream":0,"thread_ts_msec":1578508366055,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.59.17.58","src_port":56680,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1889,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":2,"flow_last_seen":1578508366058,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508366058,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADEG0R1YY13bwKgBuHZf3W1kMpWvgknUHaAScSBLTAAAAgQFrAQCCApXTVsMItiZpAEDAwc="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1890,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":3,"flow_last_seen":1578508366058,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508366058,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGwiXAqAG4WGNd291tdl+CSdQdZDKVsIAQECza4gAAAQEICiLYmcZXTVsM"}
00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1891,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508366020,"flow_last_seen":1578508366059,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":580,"flow_tot_l4_payload_len":580,"flow_avg_l4_payload_len":145,"midstream":0,"thread_ts_msec":1578508366059,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"88.99.93.219","src_port":56685,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1930,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508366073,"flow_last_seen":1578508366073,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508366073,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"206.189.107.35","src_port":56686,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00768{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1891,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508366020,"flow_last_seen":1578508366059,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":580,"flow_tot_l4_payload_len":580,"midstream":0,"thread_ts_msec":1578508366059,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"88.99.93.219","src_port":56685,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1930,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508366073,"flow_last_seen":1578508366073,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508366073,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"206.189.107.35","src_port":56686,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1930,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_last_seen":1578508366073,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508366073,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGPnfAqAG4zr1rI91udl8AOSk+AAAAALAC\/\/8AywAAAgQFtAEDAwUBAQgKItiZ0wAAAAAEAgAA"}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1939,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":2,"flow_last_seen":1578508366081,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508366081,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8jPoAACgGJqAN+w7HwKgBuHZf3WZ3LeB+TwsEYqASaN+zCgAAAgQFrAQCCAoTnX6eItiY9AEDAws="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1941,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":3,"flow_last_seen":1578508366081,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508366081,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGW6LAqAG4DfsOx91mdl9PCwRidy3gf4AQECw5oQAAAQEICiLYmdkTnX6e"}
00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1951,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365828,"flow_last_seen":1578508366083,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":404,"flow_tot_l4_payload_len":404,"flow_avg_l4_payload_len":101,"midstream":0,"thread_ts_msec":1578508366083,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.251.14.199","src_port":56678,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00769{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1951,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365828,"flow_last_seen":1578508366083,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":404,"flow_tot_l4_payload_len":404,"midstream":0,"thread_ts_msec":1578508366083,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.251.14.199","src_port":56678,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1968,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":2,"flow_last_seen":1578508366117,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508366117,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGSnvOvWsjwKgBuHZf3W6FBUsAADkpP6AScSCofQAAAgQFrAQCCApn2sBGItiZ0wEDAwc="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1969,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":3,"flow_last_seen":1578508366117,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508366117,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGPoPAqAG4zr1rI91udl8AOSk\/hQVLAYAQECw4DwAAAQEICiLYmfpn2sBG"}
00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1970,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508366073,"flow_last_seen":1578508366119,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":407,"flow_tot_l4_payload_len":407,"flow_avg_l4_payload_len":101,"midstream":0,"thread_ts_msec":1578508366119,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"206.189.107.35","src_port":56686,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1578508365226,"flow_last_seen":1578508366012,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":539,"flow_tot_l4_payload_len":1302,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.75.171.190","src_port":56657,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00802{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1578508365852,"flow_last_seen":1578508366055,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":447,"flow_tot_l4_payload_len":447,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.59.17.58","src_port":56680,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":61,"flow_first_seen":1578508365045,"flow_last_seen":1578508365241,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":410,"flow_tot_l4_payload_len":1560,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"185.219.133.62","src_port":56645,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":54,"flow_first_seen":1578508365153,"flow_last_seen":1578508365387,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":462,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.250.140","src_port":56650,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00807{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1578508365189,"flow_last_seen":1578508365942,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":1057,"flow_tot_l4_payload_len":2209,"flow_avg_l4_payload_len":315,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1578508365846,"flow_last_seen":1578508366076,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":386,"flow_tot_l4_payload_len":1268,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.158.52","src_port":56679,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00802{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_packets_processed":50,"flow_first_seen":1578508365741,"flow_last_seen":1578508366031,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":1803,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"94.68.55.162","src_port":56674,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":37,"flow_first_seen":1578508364832,"flow_last_seen":1578508365305,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":413,"flow_tot_l4_payload_len":1122,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.228.29.160","src_port":56635,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00805{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1578508365885,"flow_last_seen":1578508366042,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":1332,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"207.180.206.216","src_port":56681,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1578508365295,"flow_last_seen":1578508365885,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":435,"flow_tot_l4_payload_len":1172,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.229.232.19","src_port":56662,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00807{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1578508364925,"flow_last_seen":1578508364954,"flow_idle_time":200000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":1057,"flow_tot_l4_payload_len":1653,"flow_avg_l4_payload_len":551,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.180.246.169","src_port":30303,"dst_port":30301,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00806{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1578508364697,"flow_last_seen":1578508364773,"flow_idle_time":200000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":1136,"flow_tot_l4_payload_len":1651,"flow_avg_l4_payload_len":550,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"54.36.160.211","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00804{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1578508365567,"flow_last_seen":1578508365567,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"106.12.39.168","src_port":30303,"dst_port":30333,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00804{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1578508366073,"flow_last_seen":1578508366119,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":407,"flow_tot_l4_payload_len":407,"flow_avg_l4_payload_len":101,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"206.189.107.35","src_port":56686,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":42,"flow_first_seen":1578508364522,"flow_last_seen":1578508364664,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":495,"flow_tot_l4_payload_len":1247,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.158.244.151","src_port":56615,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00659{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365038,"flow_last_seen":1578508365038,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.230.108.42","src_port":56644,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Mining.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365038,"flow_last_seen":1578508365038,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.230.108.42","src_port":56644,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00801{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":38,"flow_first_seen":1578508364632,"flow_last_seen":1578508364787,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":421,"flow_tot_l4_payload_len":1065,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.60.79","src_port":56629,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00802{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":41,"flow_first_seen":1578508364682,"flow_last_seen":1578508364899,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":479,"flow_tot_l4_payload_len":1222,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.81.180","src_port":56632,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00801{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1578508364523,"flow_last_seen":1578508364743,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":473,"flow_tot_l4_payload_len":1432,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"89.38.99.34","src_port":56624,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1578508365189,"flow_last_seen":1578508365331,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":508,"flow_tot_l4_payload_len":1435,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"85.214.108.52","src_port":56654,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00802{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1578508364272,"flow_last_seen":1578508364272,"flow_idle_time":200000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"3.112.138.57","dst_ip":"192.168.1.184","src_port":25516,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":45,"flow_first_seen":1578508364522,"flow_last_seen":1578508365440,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":574,"flow_tot_l4_payload_len":1274,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"165.22.107.33","src_port":56610,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00802{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1578508362274,"flow_last_seen":1578508363333,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"87.14.222.25","dst_ip":"192.168.1.184","src_port":56693,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":64,"flow_first_seen":1578508365239,"flow_last_seen":1578508365961,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":583,"flow_tot_l4_payload_len":1758,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"157.230.152.87","src_port":56658,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1578508365021,"flow_last_seen":1578508365192,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":415,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.10.218","src_port":56642,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":54,"flow_first_seen":1578508365029,"flow_last_seen":1578508365211,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":469,"flow_tot_l4_payload_len":1379,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.29.183","src_port":56643,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1578508365588,"flow_last_seen":1578508365744,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":389,"flow_tot_l4_payload_len":1238,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":56670,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00804{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1578508364732,"flow_last_seen":1578508365736,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"111.229.0.180","src_port":30303,"dst_port":20182,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":41,"flow_first_seen":1578508364523,"flow_last_seen":1578508364723,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":1218,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.255.23.113","src_port":56627,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":42,"flow_first_seen":1578508364523,"flow_last_seen":1578508365220,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":453,"flow_tot_l4_payload_len":1207,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":56618,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_packets_processed":37,"flow_first_seen":1578508365712,"flow_last_seen":1578508366123,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":567,"flow_tot_l4_payload_len":1842,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"78.47.147.155","src_port":56673,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00804{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1578508365919,"flow_last_seen":1578508365951,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":275,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00803{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1578508364776,"flow_last_seen":1578508365781,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.97.143.1","src_port":30303,"dst_port":50000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00806{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1578508364382,"flow_last_seen":1578508364651,"flow_idle_time":200000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":1057,"flow_tot_l4_payload_len":3306,"flow_avg_l4_payload_len":551,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00802{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1578508363692,"flow_last_seen":1578508363692,"flow_idle_time":200000,"flow_min_l4_payload_len":129,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":129,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"60.191.32.71","dst_ip":"192.168.1.184","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00805{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1578508365408,"flow_last_seen":1578508365790,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":554,"flow_avg_l4_payload_len":138,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"183.129.242.164","dst_ip":"192.168.1.184","src_port":1024,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00805{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":69,"flow_first_seen":1578508364523,"flow_last_seen":1578508364687,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":546,"flow_tot_l4_payload_len":1846,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.128.195.220","src_port":56626,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00805{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1578508365194,"flow_last_seen":1578508366069,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":494,"flow_tot_l4_payload_len":1326,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":56655,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00764{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1578508364523,"flow_last_seen":1578508365619,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"5.1.83.226","src_port":56625,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1578508364523,"flow_last_seen":1578508365619,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"5.1.83.226","src_port":56625,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00801{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":42,"flow_first_seen":1578508364523,"flow_last_seen":1578508364937,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":470,"flow_tot_l4_payload_len":1169,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":56628,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00802{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1578508364523,"flow_last_seen":1578508365656,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":472,"flow_tot_l4_payload_len":1379,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.97.172.22","src_port":56617,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00662{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1578508364922,"flow_last_seen":1578508366029,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.233.197.131","src_port":56637,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Mining.GoogleCloud","breed":"Acceptable","category":"Cloud"}}
00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1578508364922,"flow_last_seen":1578508366029,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.233.197.131","src_port":56637,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00802{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":65,"flow_first_seen":1578508365271,"flow_last_seen":1578508365838,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":573,"flow_tot_l4_payload_len":1762,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.161.23.12","src_port":56660,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00801{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":53,"flow_first_seen":1578508365279,"flow_last_seen":1578508366038,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":472,"flow_tot_l4_payload_len":1652,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.9.128.68","src_port":56661,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1578508364714,"flow_last_seen":1578508364919,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":442,"flow_tot_l4_payload_len":1168,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"82.145.220.249","src_port":56633,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00805{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1578508365300,"flow_last_seen":1578508366073,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":545,"flow_tot_l4_payload_len":1177,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"124.217.235.180","src_port":56663,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1578508365154,"flow_last_seen":1578508365257,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":417,"flow_tot_l4_payload_len":1048,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.201.12.87","src_port":56651,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00805{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1578508364654,"flow_last_seen":1578508364729,"flow_idle_time":200000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":1055,"flow_tot_l4_payload_len":1651,"flow_avg_l4_payload_len":550,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"128.0.51.140","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":52,"flow_first_seen":1578508365079,"flow_last_seen":1578508365297,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":474,"flow_tot_l4_payload_len":1734,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"172.105.94.62","src_port":56646,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":35,"flow_first_seen":1578508365169,"flow_last_seen":1578508365272,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":531,"flow_tot_l4_payload_len":1263,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"176.9.136.209","src_port":56652,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00805{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1578508365461,"flow_last_seen":1578508365899,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":138,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":42,"flow_first_seen":1578508364523,"flow_last_seen":1578508365331,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":531,"flow_tot_l4_payload_len":1153,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":56622,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00802{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":43,"flow_first_seen":1578508364523,"flow_last_seen":1578508365354,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":471,"flow_tot_l4_payload_len":1197,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.81.28","src_port":56623,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00800{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1578508364522,"flow_last_seen":1578508364841,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":429,"flow_tot_l4_payload_len":429,"flow_avg_l4_payload_len":85,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"66.42.82.246","src_port":56612,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00803{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1578508364382,"flow_last_seen":1578508364519,"flow_idle_time":200000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":1055,"flow_tot_l4_payload_len":1651,"flow_avg_l4_payload_len":550,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":42,"flow_first_seen":1578508364522,"flow_last_seen":1578508365097,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":490,"flow_tot_l4_payload_len":1261,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"104.42.217.25","src_port":56611,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00804{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1578508364421,"flow_last_seen":1578508364694,"flow_idle_time":200000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":1136,"flow_tot_l4_payload_len":1651,"flow_avg_l4_payload_len":550,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.97.172.22","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00805{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1578508365701,"flow_last_seen":1578508365828,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":386,"flow_tot_l4_payload_len":1046,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"139.162.255.210","src_port":56672,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00805{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":42,"flow_first_seen":1578508364523,"flow_last_seen":1578508365223,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":1275,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"191.234.162.198","src_port":56620,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1578508365094,"flow_last_seen":1578508365839,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":522,"flow_tot_l4_payload_len":1202,"flow_avg_l4_payload_len":75,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"182.162.161.61","src_port":56647,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00805{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":62,"flow_first_seen":1578508364924,"flow_last_seen":1578508365071,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":494,"flow_tot_l4_payload_len":2045,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.250.240.205","src_port":56638,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":39,"flow_first_seen":1578508364932,"flow_last_seen":1578508365309,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":521,"flow_tot_l4_payload_len":1315,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":56639,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":35,"flow_first_seen":1578508364659,"flow_last_seen":1578508365043,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":431,"flow_tot_l4_payload_len":1158,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"40.67.144.128","src_port":56630,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":42,"flow_first_seen":1578508364523,"flow_last_seen":1578508365511,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":525,"flow_tot_l4_payload_len":1280,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.187.207.27","src_port":56621,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00803{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1578508365828,"flow_last_seen":1578508366083,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":404,"flow_tot_l4_payload_len":404,"flow_avg_l4_payload_len":101,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.251.14.199","src_port":56678,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00805{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1578508364382,"flow_last_seen":1578508364650,"flow_idle_time":200000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":1057,"flow_tot_l4_payload_len":1653,"flow_avg_l4_payload_len":551,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1578508365751,"flow_last_seen":1578508365853,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":530,"flow_tot_l4_payload_len":1396,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.235.37.216","src_port":56675,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00802{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1578508366005,"flow_last_seen":1578508366135,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":561,"flow_tot_l4_payload_len":1439,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.83.237.44","src_port":56684,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00802{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1578508364422,"flow_last_seen":1578508365065,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":448,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"66.42.82.246","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_packets_processed":48,"flow_first_seen":1578508365592,"flow_last_seen":1578508365773,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":540,"flow_tot_l4_payload_len":1832,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"86.107.243.62","src_port":56671,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00803{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1578508366020,"flow_last_seen":1578508366101,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":580,"flow_tot_l4_payload_len":1153,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"88.99.93.219","src_port":56685,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1578508364522,"flow_last_seen":1578508365036,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":458,"flow_tot_l4_payload_len":1241,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.243.160.83","src_port":56613,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1578508365009,"flow_last_seen":1578508365126,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":540,"flow_tot_l4_payload_len":1312,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"144.91.120.135","src_port":56641,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":44,"flow_first_seen":1578508364824,"flow_last_seen":1578508365152,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":571,"flow_tot_l4_payload_len":1388,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"159.203.84.31","src_port":56634,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1970,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508366073,"flow_last_seen":1578508366119,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":407,"flow_tot_l4_payload_len":407,"midstream":0,"thread_ts_msec":1578508366119,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"206.189.107.35","src_port":56686,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00811{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":16,"flow_first_seen":1578508365226,"flow_last_seen":1578508366012,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":539,"flow_tot_l4_payload_len":1302,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.75.171.190","src_port":56657,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00807{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365852,"flow_last_seen":1578508366055,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":447,"flow_tot_l4_payload_len":447,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.59.17.58","src_port":56680,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00811{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_src_packets_processed":34,"flow_dst_packets_processed":27,"flow_first_seen":1578508365045,"flow_last_seen":1578508365241,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":410,"flow_tot_l4_payload_len":1560,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"185.219.133.62","src_port":56645,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00811{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":24,"flow_first_seen":1578508365153,"flow_last_seen":1578508365387,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":462,"flow_tot_l4_payload_len":1656,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.250.140","src_port":56650,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00812{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1578508365189,"flow_last_seen":1578508365942,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":1057,"flow_tot_l4_payload_len":2209,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00810{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":13,"flow_first_seen":1578508365846,"flow_last_seen":1578508366076,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":386,"flow_tot_l4_payload_len":1268,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.158.52","src_port":56679,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_src_packets_processed":29,"flow_dst_packets_processed":21,"flow_first_seen":1578508365741,"flow_last_seen":1578508366031,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":1803,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"94.68.55.162","src_port":56674,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00811{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":16,"flow_first_seen":1578508364832,"flow_last_seen":1578508365305,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":413,"flow_tot_l4_payload_len":1122,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.228.29.160","src_port":56635,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00812{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":13,"flow_first_seen":1578508365885,"flow_last_seen":1578508366042,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":1332,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"207.180.206.216","src_port":56681,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":9,"flow_first_seen":1578508365295,"flow_last_seen":1578508365885,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":435,"flow_tot_l4_payload_len":1172,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.229.232.19","src_port":56662,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00812{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1578508364925,"flow_last_seen":1578508364954,"flow_idle_time":200000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":1057,"flow_tot_l4_payload_len":1653,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.180.246.169","src_port":30303,"dst_port":30301,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00811{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1578508364697,"flow_last_seen":1578508364773,"flow_idle_time":200000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":1136,"flow_tot_l4_payload_len":1651,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"54.36.160.211","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00809{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365567,"flow_last_seen":1578508365567,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"106.12.39.168","src_port":30303,"dst_port":30333,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00809{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508366073,"flow_last_seen":1578508366119,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":407,"flow_tot_l4_payload_len":407,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"206.189.107.35","src_port":56686,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00811{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":21,"flow_first_seen":1578508364522,"flow_last_seen":1578508364664,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":495,"flow_tot_l4_payload_len":1247,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.158.244.151","src_port":56615,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00666{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365038,"flow_last_seen":1578508365038,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.230.108.42","src_port":56644,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Mining.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365038,"flow_last_seen":1578508365038,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.230.108.42","src_port":56644,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00808{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":19,"flow_first_seen":1578508364632,"flow_last_seen":1578508364787,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":421,"flow_tot_l4_payload_len":1065,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.60.79","src_port":56629,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":20,"flow_first_seen":1578508364682,"flow_last_seen":1578508364899,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":479,"flow_tot_l4_payload_len":1222,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.81.180","src_port":56632,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00808{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":13,"flow_first_seen":1578508364523,"flow_last_seen":1578508364743,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":473,"flow_tot_l4_payload_len":1432,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"89.38.99.34","src_port":56624,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00810{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":14,"flow_first_seen":1578508365189,"flow_last_seen":1578508365331,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":508,"flow_tot_l4_payload_len":1435,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"85.214.108.52","src_port":56654,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00807{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364272,"flow_last_seen":1578508364272,"flow_idle_time":200000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"3.112.138.57","dst_ip":"192.168.1.184","src_port":25516,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00810{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":24,"flow_first_seen":1578508364522,"flow_last_seen":1578508365440,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":574,"flow_tot_l4_payload_len":1274,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"165.22.107.33","src_port":56610,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00807{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1578508362274,"flow_last_seen":1578508363333,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":299,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"87.14.222.25","dst_ip":"192.168.1.184","src_port":56693,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00811{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_src_packets_processed":37,"flow_dst_packets_processed":27,"flow_first_seen":1578508365239,"flow_last_seen":1578508365961,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":583,"flow_tot_l4_payload_len":1758,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"157.230.152.87","src_port":56658,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00810{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":12,"flow_first_seen":1578508365021,"flow_last_seen":1578508365192,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":415,"flow_tot_l4_payload_len":1260,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.10.218","src_port":56642,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00810{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_src_packets_processed":31,"flow_dst_packets_processed":23,"flow_first_seen":1578508365029,"flow_last_seen":1578508365211,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":469,"flow_tot_l4_payload_len":1379,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.29.183","src_port":56643,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00810{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":13,"flow_first_seen":1578508365588,"flow_last_seen":1578508365744,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":389,"flow_tot_l4_payload_len":1238,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":56670,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00809{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1578508364732,"flow_last_seen":1578508365736,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":299,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"111.229.0.180","src_port":30303,"dst_port":20182,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00810{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":20,"flow_first_seen":1578508364523,"flow_last_seen":1578508364723,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":1218,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.255.23.113","src_port":56627,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00811{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":21,"flow_first_seen":1578508364523,"flow_last_seen":1578508365220,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":453,"flow_tot_l4_payload_len":1207,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":56618,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":9,"flow_first_seen":1578508365712,"flow_last_seen":1578508366123,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":567,"flow_tot_l4_payload_len":1842,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"78.47.147.155","src_port":56673,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00809{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1578508365919,"flow_last_seen":1578508365951,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":275,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00808{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1578508364776,"flow_last_seen":1578508365781,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":299,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.97.143.1","src_port":30303,"dst_port":50000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00811{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":4,"flow_first_seen":1578508364382,"flow_last_seen":1578508364651,"flow_idle_time":200000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":1057,"flow_tot_l4_payload_len":3306,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00807{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508363692,"flow_last_seen":1578508363692,"flow_idle_time":200000,"flow_min_l4_payload_len":129,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":129,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"60.191.32.71","dst_ip":"192.168.1.184","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00810{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1578508365408,"flow_last_seen":1578508365790,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":554,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"183.129.242.164","dst_ip":"192.168.1.184","src_port":1024,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00812{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":37,"flow_first_seen":1578508364523,"flow_last_seen":1578508364687,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":546,"flow_tot_l4_payload_len":1846,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.128.195.220","src_port":56626,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00811{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":6,"flow_first_seen":1578508365194,"flow_last_seen":1578508366069,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":494,"flow_tot_l4_payload_len":1326,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":56655,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00771{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1578508364523,"flow_last_seen":1578508365619,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"5.1.83.226","src_port":56625,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00588{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1578508364523,"flow_last_seen":1578508365619,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"5.1.83.226","src_port":56625,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00808{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":21,"flow_first_seen":1578508364523,"flow_last_seen":1578508364937,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":470,"flow_tot_l4_payload_len":1169,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":56628,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":12,"flow_first_seen":1578508364523,"flow_last_seen":1578508365656,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":472,"flow_tot_l4_payload_len":1379,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.97.172.22","src_port":56617,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00669{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1578508364922,"flow_last_seen":1578508366029,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.233.197.131","src_port":56637,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Mining.GoogleCloud","breed":"Acceptable","category":"Cloud"}}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1578508364922,"flow_last_seen":1578508366029,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.233.197.131","src_port":56637,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_src_packets_processed":36,"flow_dst_packets_processed":29,"flow_first_seen":1578508365271,"flow_last_seen":1578508365838,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":573,"flow_tot_l4_payload_len":1762,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.161.23.12","src_port":56660,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00808{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":23,"flow_first_seen":1578508365279,"flow_last_seen":1578508366038,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":472,"flow_tot_l4_payload_len":1652,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.9.128.68","src_port":56661,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00811{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1578508364714,"flow_last_seen":1578508364919,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":442,"flow_tot_l4_payload_len":1168,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"82.145.220.249","src_port":56633,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00811{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":5,"flow_first_seen":1578508365300,"flow_last_seen":1578508366073,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":545,"flow_tot_l4_payload_len":1177,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"124.217.235.180","src_port":56663,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00810{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":18,"flow_first_seen":1578508365154,"flow_last_seen":1578508365257,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":417,"flow_tot_l4_payload_len":1048,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.201.12.87","src_port":56651,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00810{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1578508364654,"flow_last_seen":1578508364729,"flow_idle_time":200000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":1055,"flow_tot_l4_payload_len":1651,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"128.0.51.140","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00810{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":24,"flow_first_seen":1578508365079,"flow_last_seen":1578508365297,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":474,"flow_tot_l4_payload_len":1734,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"172.105.94.62","src_port":56646,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00810{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":17,"flow_first_seen":1578508365169,"flow_last_seen":1578508365272,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":531,"flow_tot_l4_payload_len":1263,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"176.9.136.209","src_port":56652,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00810{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1578508365461,"flow_last_seen":1578508365899,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":277,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00810{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":21,"flow_first_seen":1578508364523,"flow_last_seen":1578508365331,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":531,"flow_tot_l4_payload_len":1153,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":56622,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":22,"flow_first_seen":1578508364523,"flow_last_seen":1578508365354,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":471,"flow_tot_l4_payload_len":1197,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.81.28","src_port":56623,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00806{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1578508364522,"flow_last_seen":1578508364841,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":429,"flow_tot_l4_payload_len":429,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"66.42.82.246","src_port":56612,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00808{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1578508364382,"flow_last_seen":1578508364519,"flow_idle_time":200000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":1055,"flow_tot_l4_payload_len":1651,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00810{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":21,"flow_first_seen":1578508364522,"flow_last_seen":1578508365097,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":490,"flow_tot_l4_payload_len":1261,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"104.42.217.25","src_port":56611,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00809{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1578508364421,"flow_last_seen":1578508364694,"flow_idle_time":200000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":1136,"flow_tot_l4_payload_len":1651,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.97.172.22","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00812{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":18,"flow_first_seen":1578508365701,"flow_last_seen":1578508365828,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":386,"flow_tot_l4_payload_len":1046,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"139.162.255.210","src_port":56672,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00812{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":21,"flow_first_seen":1578508364523,"flow_last_seen":1578508365223,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":1275,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"191.234.162.198","src_port":56620,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00810{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":5,"flow_first_seen":1578508365094,"flow_last_seen":1578508365839,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":522,"flow_tot_l4_payload_len":1202,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"182.162.161.61","src_port":56647,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00812{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":34,"flow_dst_packets_processed":28,"flow_first_seen":1578508364924,"flow_last_seen":1578508365071,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":494,"flow_tot_l4_payload_len":2045,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.250.240.205","src_port":56638,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00811{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":19,"flow_first_seen":1578508364932,"flow_last_seen":1578508365309,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":521,"flow_tot_l4_payload_len":1315,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":56639,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00810{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":17,"flow_first_seen":1578508364659,"flow_last_seen":1578508365043,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":431,"flow_tot_l4_payload_len":1158,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"40.67.144.128","src_port":56630,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00810{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":21,"flow_first_seen":1578508364523,"flow_last_seen":1578508365511,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":525,"flow_tot_l4_payload_len":1280,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.187.207.27","src_port":56621,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00808{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365828,"flow_last_seen":1578508366083,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":404,"flow_tot_l4_payload_len":404,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.251.14.199","src_port":56678,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00810{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1578508364382,"flow_last_seen":1578508364650,"flow_idle_time":200000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":1057,"flow_tot_l4_payload_len":1653,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00810{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":13,"flow_first_seen":1578508365751,"flow_last_seen":1578508365853,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":530,"flow_tot_l4_payload_len":1396,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.235.37.216","src_port":56675,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00808{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":7,"flow_first_seen":1578508366005,"flow_last_seen":1578508366135,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":561,"flow_tot_l4_payload_len":1439,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.83.237.44","src_port":56684,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00807{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1578508364422,"flow_last_seen":1578508365065,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":448,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"66.42.82.246","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00810{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":20,"flow_first_seen":1578508365592,"flow_last_seen":1578508365773,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":540,"flow_tot_l4_payload_len":1832,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"86.107.243.62","src_port":56671,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00808{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":3,"flow_first_seen":1578508366020,"flow_last_seen":1578508366101,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":580,"flow_tot_l4_payload_len":1153,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"88.99.93.219","src_port":56685,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00811{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":14,"flow_first_seen":1578508364522,"flow_last_seen":1578508365036,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":458,"flow_tot_l4_payload_len":1241,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.243.160.83","src_port":56613,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00811{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":14,"flow_first_seen":1578508365009,"flow_last_seen":1578508365126,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":540,"flow_tot_l4_payload_len":1312,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"144.91.120.135","src_port":56641,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00810{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":23,"flow_first_seen":1578508364824,"flow_last_seen":1578508365152,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":571,"flow_tot_l4_payload_len":1388,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"159.203.84.31","src_port":56634,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00568{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","packets-captured":2000,"packets-processed":2000,"total-skipped-flows":0,"total-l4-payload-len":86968,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":71,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":74,"total-idle-flows":74,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":432,"global_ts_msec":1578508366135}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 2000/2000
@@ -438,8 +438,8 @@
~~ total active/idle flows...: 74/74
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6146721 bytes
~~ total memory freed........: 6146721 bytes
~~ total memory allocated....: 6147313 bytes
~~ total memory freed........: 6147313 bytes
~~ total allocations/frees...: 123172/123172
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 459 chars

28
test/results/ethernetIP.pcap.out
View File

@@ -1,29 +1,29 @@
00461{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ethernetIP.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00550{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"ethernetIP.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1352718180263}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1352718180263,"flow_last_seen":1352718180263,"flow_idle_time":7580000,"flow_min_l4_payload_len":82,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":82,"flow_avg_l4_payload_len":82,"midstream":1,"thread_ts_msec":1352718180263,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.83","src_port":50275,"dst_port":44818,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1352718180263,"flow_last_seen":1352718180263,"flow_idle_time":7580000,"flow_min_l4_payload_len":82,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":82,"midstream":1,"thread_ts_msec":1352718180263,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.83","src_port":50275,"dst_port":44818,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1352718180263,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":136,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":136,"pkt_l4_len":102,"thread_ts_msec":1352718180263,"pkt":"AAC80WDaeOfR4AJeCABFAAB6cCZAAIAGAACNUQAKjVEAU8RjrxLdiI2HlJVDUVAY+XQbbAAAcAA6AAABAhAAAAAAGjkvAAAAAAAAAAAAAAAAAAoAAgChAAQACRM1ALEAJgDkagoCIAIkAQIABgASAEwCIHIkAADOBAABAEwCIHIkACw9BAABAA=="}
00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1352718180263,"flow_last_seen":1352718180263,"flow_idle_time":7580000,"flow_min_l4_payload_len":82,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":82,"flow_avg_l4_payload_len":82,"midstream":1,"thread_ts_msec":1352718180263,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.83","src_port":50275,"dst_port":44818,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"EthernetIP","breed":"Acceptable","category":"Network"}}
00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1352718180263,"flow_last_seen":1352718180263,"flow_idle_time":7580000,"flow_min_l4_payload_len":82,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":82,"midstream":1,"thread_ts_msec":1352718180263,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.83","src_port":50275,"dst_port":44818,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"EthernetIP","breed":"Acceptable","category":"Network"}}
00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1352718180264,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1352718180264,"pkt":"eOfR4AJeAAC80WDaCABFAAAowW9AAEAGXmGNUQBTjVEACq8SxGOUlUNR3YiN2VAQD8bOTwAAAAAAAI1R"}
02070{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1352718180264,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1258,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1258,"pkt_l4_len":1224,"thread_ts_msec":1352718180264,"pkt":"AAC80WDaeOfR4AJeCABFAATccChAAIAGAACNUQAKjVEAU8RjrxLdiI3ZlJVDUVAY+XQfzgAAcAAsAAABAhAAAAAAGzkvAAAAAAAAAAAAAAAAAAoAAgChAAQAChU1ALEAGACvuAoCIAIkAQEABABMAiByJAAEggYAAQBwADoAAAECEAAAAAAcOS8AAAAAAAAAAAAAAAAACgACAKEABAAFCzUAsQAmAHuyCgIgAiQBAgAGABIATAIgciQAGLcEAAEATAIgciQAvFQGAAEAcAAsAAABAhAAAAAAHTkvAAAAAAAAAAAAAAAAAAoAAgChAAQABg01ALEAGAAHpAoCIAIkAQEABABMAiByJAAEggYAAQBwAKoAAAECEAAAAAAeOS8AAAAAAAAAAAAAAAAACgACAKEABAABAzUAsQCWABkzCgIgAiQBCgAWACIALgA6AEYAUgBeAGoAdgCCAEwCIHIkAHR\/BwABAEwCIHIkANiMBAABAEwCIHIkAITEBAABAEwCIHIkAAznBQABAEwCIHIkABh0BwABAEwCIHIkADS+BgABAEwCIHIkABDjBAABAEwCIHIkADQ\/BgABAEwCIHIkADS8BQABAEwCIHIkADTGBgABAHAA4gAAAQIQAAAAAB85LwAAAAAAAAAAAAAAAAAKAAIAoQAEAAIFNQCxAM4AoxkKAiACJAEOAB4AKgA2AEIATgBaAGYAcgB+AIoAlgCiAK4AugBMAiByJACUpgQAAQBMAiByJABAoQYAAQBMAiByJADc\/QUAAQBMAiByJAD0hgUABgBMAiByJAAs5QUAAQBMAiByJACYFAcAAQBMAiByJACkkwYAAQBMAiByJABstwQABABMAiByJAA8cgQAAQBMAiByJAC8oAQAAQBMAiByJABQpQUAAQBMAiByJABY4wQAAQBMAiByJAC4xwcAAwBMAiByJAC0zwQAAQBwACwAAAECEAAAAAAgOS8AAAAAAAAAAAAAAAAACgACAKEABAADBzUAsQAYAHenCgIgAiQBAQAEAEwCIHIkAGiiBwAJAHAAwgEAAQIQAAAAACE5LwAAAAAAAAAAAAAAAAAKAAIAoQAEAAQJNQCxAK4Bf58KAiACJAEeAD4ASgBWAGIAbgB6AIYAkgCeAKoAtgDCAM4A2gDmAPIA\/gAKARYBIgEuAToBRgFSAV4BagF2AYIBjgGaAUwCIHIkAIx0BwABAEwCIHIkAKiiBwABAEwCIHIkAJg0BAABAEwCIHIkADgxBwABAEwCIHIkAChvBgABAEwCIHIkACiNBgABAEwCIHIkAAgQBgABAEwCIHIkANRpBwABAEwCIHIkAEB1BgABAEwCIHIkAPQcBgABAEwCIHIkAOwZBgABAEwCIHIkAIizBwABAEwCIHIkAOQgBgABAEwCIHIkAMgaBgABAEwCIHIkAGQ5BwABAEwCIHIkADi\/BgABAEwCIHIkACivBQABAEwCIHIkABwhBgABAEwCIHIkAEj1BQABAEwCIHIkAFT1BgABAEwCIHIkAAA8BgABAEwCIHIkAMRfBwABAEwCIHIkALCqBQABAEwCIHIkAKC1BgABAEwCIHIkAMT8BwABAEwCIHIkAMB0BgABAEwCIHIkAEzoBwABAEwCIHIkAGguBAABAEwCIHIkAHyvBQABAEwCIHIkALwJBgABAA=="}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1352718180265,"flow_last_seen":1352718180265,"flow_idle_time":7580000,"flow_min_l4_payload_len":72,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":72,"midstream":1,"thread_ts_msec":1352718180265,"l3_proto":"ip4","src_ip":"141.81.0.63","dst_ip":"141.81.0.10","src_port":44818,"dst_port":52593,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1352718180265,"flow_last_seen":1352718180265,"flow_idle_time":7580000,"flow_min_l4_payload_len":72,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":72,"midstream":1,"thread_ts_msec":1352718180265,"l3_proto":"ip4","src_ip":"141.81.0.63","dst_ip":"141.81.0.10","src_port":44818,"dst_port":52593,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1352718180265,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_msec":1352718180265,"pkt":"eOfR4AJeAAC8x85WCABFAABwk1RAAEAGjEiNUQA\/jVEACq8SzXF9dCfmE+ef0VAYEACJaQAAcAAwAAAFAhMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgChAAQAncYAgLEAHAAzNYoAAAACAAYADgDMAAAAAQAAAMwAAAAFAAAA"}
00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1352718180265,"flow_last_seen":1352718180265,"flow_idle_time":7580000,"flow_min_l4_payload_len":72,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":72,"midstream":1,"thread_ts_msec":1352718180265,"l3_proto":"ip4","src_ip":"141.81.0.63","dst_ip":"141.81.0.10","src_port":44818,"dst_port":52593,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"EthernetIP","breed":"Acceptable","category":"Network"}}
00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1352718180265,"flow_last_seen":1352718180265,"flow_idle_time":7580000,"flow_min_l4_payload_len":72,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":72,"midstream":1,"thread_ts_msec":1352718180265,"l3_proto":"ip4","src_ip":"141.81.0.63","dst_ip":"141.81.0.10","src_port":44818,"dst_port":52593,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"EthernetIP","breed":"Acceptable","category":"Network"}}
00900{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1352718180265,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":386,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":386,"pkt_l4_len":352,"thread_ts_msec":1352718180265,"pkt":"AAC8x85WeOfR4AJeCABFAAF0cCpAAIAGAACNUQAKjVEAP81xrxIT55\/RfXQoLlAY9kIcUgAAcAA6AAAFAhMAAAAAZsC+AAAAAAAAAAAAAAAAAAoAAgChAAQABy8uALEAJgDoRwoCIAIkAQIABgASAEwCIHIkABi3BAABAEwCIHIkADxUBgABAHAA4gAABQITAAAAAGfAvgAAAAAAAAAAAAAAAAAKAAIAoQAEAAMnLgCxAM4AUkkKAiACJAEOAB4AKgA2AEIATgBaAGYAcgB+AIoAlgCiAK4AugBMAiByJACUpgQAAQBMAiByJABEoQYAAQBMAiByJABc\/QUAAQBMAiByJAB0hgUABgBMAiByJACs5AUAAQBMAiByJACcFAcAAQBMAiByJACokwYAAQBMAiByJABstwQABABMAiByJAA8cgQAAQBMAiByJAC8oAQAAQBMAiByJADQpAUAAQBMAiByJABY4wQAAQBMAiByJAC8xwcAAwBMAiByJAC0zwQAAQA="}
00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1352718180276,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_msec":1352718180276,"pkt":"eOfR4AJeAAC8x85WCABFAABwk1ZAAEAGjEaNUQA\/jVEACq8SzXF9dCguE+ehHVAYEADbwgAAcAAwAAAFAhMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgChAAQAlcYAgLEAHADoR4oAAAACAAYADgDMAAAAAAAAAMwAAAAFAAAA"}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1352718180390,"flow_last_seen":1352718180390,"flow_idle_time":7580000,"flow_min_l4_payload_len":194,"flow_max_l4_payload_len":194,"flow_tot_l4_payload_len":194,"flow_avg_l4_payload_len":194,"midstream":1,"thread_ts_msec":1352718180390,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.43","src_port":52594,"dst_port":44818,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1352718180390,"flow_last_seen":1352718180390,"flow_idle_time":7580000,"flow_min_l4_payload_len":194,"flow_max_l4_payload_len":194,"flow_tot_l4_payload_len":194,"midstream":1,"thread_ts_msec":1352718180390,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.43","src_port":52594,"dst_port":44818,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00715{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1352718180390,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":248,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":248,"pkt_l4_len":214,"thread_ts_msec":1352718180390,"pkt":"AAC8X0j6eOfR4AJeCABFAADqcEVAAIAGAACNUQAKjVEAK81yrxIurdArV0tI1VAY+M4btAAAcACqAAAEAhAAAAAAVgG6AAAAAAAAAAAAAAAAAAoAAgChAAQAASuWALEAlgBI5QoCIAIkAQoAFgAiAC4AOgBGAFIAXgBqAHYAggBMAiByJABI8gcAAQBMAiByJAAY8QQAAQBMAiByJABUPgUAAQBMAiByJAB42QcAAQBMAiByJAC8YQYAAQBMAiByJAAgzgQAAQBMAiByJAC8LgUAAQBMAiByJACcBgQAAQBMAiByJACwAQYAAQBMAiByJAD8DwQAAQA="}
00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1352718180390,"flow_last_seen":1352718180390,"flow_idle_time":7580000,"flow_min_l4_payload_len":194,"flow_max_l4_payload_len":194,"flow_tot_l4_payload_len":194,"flow_avg_l4_payload_len":194,"midstream":1,"thread_ts_msec":1352718180390,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.43","src_port":52594,"dst_port":44818,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"EthernetIP","breed":"Acceptable","category":"Network"}}
00656{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1352718180390,"flow_last_seen":1352718180390,"flow_idle_time":7580000,"flow_min_l4_payload_len":194,"flow_max_l4_payload_len":194,"flow_tot_l4_payload_len":194,"midstream":1,"thread_ts_msec":1352718180390,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.43","src_port":52594,"dst_port":44818,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"EthernetIP","breed":"Acceptable","category":"Network"}}
00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1352718180392,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1352718180392,"pkt":"eOfR4AJeAAC8X0j6CABFAADAqJJAAEAGds6NUQArjVEACq8SzXJXS0jVLq3Q7VAYEAA2UAAAcACAAAAEAhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgChAAQApcYAgLEAbABI5YoAAAAKABYAHgAmAC4ANgA+AEYATgBWAF4AzAAAAGC0GD\/MAAAAM1O1QswAAAC1P4xBzAAAAAAAAADMAAAAYLQYP8wAAAAAAKBAzAAAAAAAAEDMAAAAAAAAAMwAAAAAAAAAzAAAAAAAAAA="}
01087{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1352718180392,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":528,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":528,"pkt_l4_len":494,"thread_ts_msec":1352718180392,"pkt":"AAC8X0j6eOfR4AJeCABFAAICcEdAAIAGAACNUQAKjVEAK81yrxIurdDtV0tJbVAY+DYczAAAcADCAQAEAhAAAAAAVwG6AAAAAAAAAAAAAAAAAAoAAgChAAQAAi2WALEArgFJUwoCIAIkAR4APgBKAFYAYgBuAHoAhgCSAJ4AqgC2AMIAzgDaAOYA8gD+AAoBFgEiAS4BOgFGAVIBXgFqAXYBggGOAZoBTAIgciQALBwHAAEATAIgciQA0BsGAAEATAIgciQAsBQHAAEATAIgciQA3PMHAAEATAIgciQAnDYFAAEATAIgciQAvAcHAAEATAIgciQAkNEFAAEATAIgciQAAH8HAAEATAIgciQATCMGAAEATAIgciQAOEkGAAEATAIgciQALIcEAAEATAIgciQAALQFAAEATAIgciQAqHwFAAEATAIgciQATJYHAAEATAIgciQAaBgHAAEATAIgciQA3PsGAAEATAIgciQATLwGAAEATAIgciQAGB0IAAEATAIgciQAcFMHAAEATAIgciQAvIMFAAEATAIgciQAvBkGAAEATAIgciQAOJQFAAEATAIgciQATLEFAAEATAIgciQA9HoGAAEATAIgciQApPIGAAEATAIgciQAFIEEAAEATAIgciQA2PAEAAEATAIgciQA+FMGAAEATAIgciQA2PUGAAEATAIgciQApF8HAAEA"}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1352718180397,"flow_last_seen":1352718180397,"flow_idle_time":7580000,"flow_min_l4_payload_len":194,"flow_max_l4_payload_len":194,"flow_tot_l4_payload_len":194,"flow_avg_l4_payload_len":194,"midstream":1,"thread_ts_msec":1352718180397,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.23","src_port":62717,"dst_port":44818,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1352718180397,"flow_last_seen":1352718180397,"flow_idle_time":7580000,"flow_min_l4_payload_len":194,"flow_max_l4_payload_len":194,"flow_tot_l4_payload_len":194,"midstream":1,"thread_ts_msec":1352718180397,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.23","src_port":62717,"dst_port":44818,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00716{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1352718180397,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":248,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":248,"pkt_l4_len":214,"thread_ts_msec":1352718180397,"pkt":"AAC8X0lReOfR4AJeCABFAADqcEpAAIAGAACNUQAKjVEAF\/T9rxIm2H0TxmFi41AY9W4boAAAcACqAAABAhAAAAAAo6iTAAAAAAAAAAAAAAAAAAoAAgChAAQAAQOLALEAlgBx7AoCIAIkAQQACgAoAEYAagBODJEWTE1TX0RJU0FCTEVfMkRTQ0FOTkVSMQEAAf9ODJEWTE1TX0RJU0FCTEVfMkRTQ0FOTkVSMgEAAf9OD5EbTE1TX0RJU0FCTEVfQkFSQ09ERV9TQ0FOTkVSAAEAAP5OD5EbTE1TX1NFVFBPSU5UQ0hBTkdFX1JFQ0VJVkVEAAEAAP4="}
00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1352718180397,"flow_last_seen":1352718180397,"flow_idle_time":7580000,"flow_min_l4_payload_len":194,"flow_max_l4_payload_len":194,"flow_tot_l4_payload_len":194,"flow_avg_l4_payload_len":194,"midstream":1,"thread_ts_msec":1352718180397,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.23","src_port":62717,"dst_port":44818,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"EthernetIP","breed":"Acceptable","category":"Network"}}
00656{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1352718180397,"flow_last_seen":1352718180397,"flow_idle_time":7580000,"flow_min_l4_payload_len":194,"flow_max_l4_payload_len":194,"flow_tot_l4_payload_len":194,"midstream":1,"thread_ts_msec":1352718180397,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.23","src_port":62717,"dst_port":44818,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"EthernetIP","breed":"Acceptable","category":"Network"}}
00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1352718180400,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_msec":1352718180400,"pkt":"eOfR4AJeAAC8X0lRCABFAAB0TSZAAEAG0pqNUQAXjVEACq8S9P3GYWLjJth91VAYEADGbgAAcAA0AAABAhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgChAAQAtccAgLEAIABx7IoAAAAEAAoADgASABYAzgAAAM4AAADOAAAAzgAAAA=="}
00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1352718180599,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1352718180599,"pkt":"AAC8X0lReOfR4AJeCABFAAAocJ5AAIAGAACNUQAKjVEAF\/T9rxIm2H3VxmFjL1AQ+vAa3gAA"}
00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1352718180263,"flow_last_seen":1352718180959,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1204,"flow_tot_l4_payload_len":3766,"flow_avg_l4_payload_len":134,"midstream":1,"thread_ts_msec":1352718181050,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.83","src_port":50275,"dst_port":44818,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EthernetIP","breed":"Acceptable","category":"Network"}}
00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1352718180397,"flow_last_seen":1352718181046,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":474,"flow_tot_l4_payload_len":2398,"flow_avg_l4_payload_len":109,"midstream":1,"thread_ts_msec":1352718181050,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.23","src_port":62717,"dst_port":44818,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EthernetIP","breed":"Acceptable","category":"Network"}}
00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1352718180265,"flow_last_seen":1352718181047,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":474,"flow_tot_l4_payload_len":3114,"flow_avg_l4_payload_len":107,"midstream":1,"thread_ts_msec":1352718181050,"l3_proto":"ip4","src_ip":"141.81.0.63","dst_ip":"141.81.0.10","src_port":44818,"dst_port":52593,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EthernetIP","breed":"Acceptable","category":"Network"}}
00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1352718180390,"flow_last_seen":1352718181050,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":474,"flow_tot_l4_payload_len":2598,"flow_avg_l4_payload_len":123,"midstream":1,"thread_ts_msec":1352718181050,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.43","src_port":52594,"dst_port":44818,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EthernetIP","breed":"Acceptable","category":"Network"}}
00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":16,"flow_first_seen":1352718180263,"flow_last_seen":1352718180959,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1204,"flow_tot_l4_payload_len":3766,"midstream":1,"thread_ts_msec":1352718181050,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.83","src_port":50275,"dst_port":44818,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EthernetIP","breed":"Acceptable","category":"Network"}}
00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":11,"flow_first_seen":1352718180397,"flow_last_seen":1352718181046,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":474,"flow_tot_l4_payload_len":2398,"midstream":1,"thread_ts_msec":1352718181050,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.23","src_port":62717,"dst_port":44818,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EthernetIP","breed":"Acceptable","category":"Network"}}
00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":13,"flow_first_seen":1352718180265,"flow_last_seen":1352718181047,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":474,"flow_tot_l4_payload_len":3114,"midstream":1,"thread_ts_msec":1352718181050,"l3_proto":"ip4","src_ip":"141.81.0.63","dst_ip":"141.81.0.10","src_port":44818,"dst_port":52593,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EthernetIP","breed":"Acceptable","category":"Network"}}
00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":12,"flow_first_seen":1352718180390,"flow_last_seen":1352718181050,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":474,"flow_tot_l4_payload_len":2598,"midstream":1,"thread_ts_msec":1352718181050,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.43","src_port":52594,"dst_port":44818,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EthernetIP","breed":"Acceptable","category":"Network"}}
00563{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"ethernetIP.pcap","alias":"nDPId-test","packets-captured":100,"packets-processed":100,"total-skipped-flows":0,"total-l4-payload-len":11876,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":27,"global_ts_msec":1352718181050}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 100/100
@@ -33,8 +33,8 @@
~~ total active/idle flows...: 4/4
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6009157 bytes
~~ total memory freed........: 6009157 bytes
~~ total memory allocated....: 6009189 bytes
~~ total memory freed........: 6009189 bytes
~~ total allocations/frees...: 120988/120988
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 458 chars

16
test/results/exe_download.pcap.out
View File

@@ -1,12 +1,12 @@
00463{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"exe_download.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00552{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"exe_download.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1569434051004}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569434051004,"flow_last_seen":1569434051004,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569434051004,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569434051004,"flow_last_seen":1569434051004,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569434051004,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1569434051004,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569434051004,"pkt":"IOUqtpPxAAgCHEeuCABFAAA0AI9AAIAGAKkKCRllkFtFw8ANAFC+hvgeAAAAAIACIADegAAAAgQFtAEDAwgBAQQC"}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1569434051324,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1569434051324,"pkt":"AAgCHEeuIOUqtpPxCABFAAAsBbAAAIAGO5CQW0XDCgkZZQBQwA0+79i4vob4H2AS+vAU7QAAAgQFtA=="}
00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1569434051324,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1569434051324,"pkt":"IOUqtpPxAAgCHEeuCABFAAAoALJAAIAGAJIKCRllkFtFw8ANAFC+hvgfPu\/YuVAQ+vAsqgAA"}
01022{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569434051004,"flow_last_seen":1569434051324,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":153,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1569434051324,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"144.91.69.195","url":"144.91.69.195\/solar.php","code":0,"content_type":"","user_agent":"pwtyyEKzNtGatwnJjmCcBLbOveCVpc"}}
01174{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569434051004,"flow_last_seen":1569434051623,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1613,"flow_avg_l4_payload_len":268,"midstream":0,"thread_ts_msec":1569434051623,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Download"},"http": {"hostname":"144.91.69.195","url":"144.91.69.195\/solar.php","code":200,"content_type":"application\/octet-stream","user_agent":"pwtyyEKzNtGatwnJjmCcBLbOveCVpc"}}
01040{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":703,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":703,"flow_first_seen":1569434051004,"flow_last_seen":1569434056186,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":679485,"flow_avg_l4_payload_len":966,"midstream":0,"thread_ts_msec":1569434056186,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Download"}}
01028{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569434051004,"flow_last_seen":1569434051324,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":153,"midstream":0,"thread_ts_msec":1569434051324,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"144.91.69.195","url":"144.91.69.195\/solar.php","code":0,"content_type":"","user_agent":"pwtyyEKzNtGatwnJjmCcBLbOveCVpc"}}
01179{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569434051004,"flow_last_seen":1569434051623,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1613,"midstream":0,"thread_ts_msec":1569434051623,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Download"},"http": {"hostname":"144.91.69.195","url":"144.91.69.195\/solar.php","code":200,"content_type":"application\/octet-stream","user_agent":"pwtyyEKzNtGatwnJjmCcBLbOveCVpc"}}
01047{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":703,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":203,"flow_dst_packets_processed":500,"flow_first_seen":1569434051004,"flow_last_seen":1569434056186,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":679485,"midstream":0,"thread_ts_msec":1569434056186,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Download"}}
00566{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":703,"source":"exe_download.pcap","alias":"nDPId-test","packets-captured":703,"packets-processed":703,"total-skipped-flows":0,"total-l4-payload-len":679485,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_msec":1569434056186}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 703/703
@@ -16,10 +16,10 @@
~~ total active/idle flows...: 1/1
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6023631 bytes
~~ total memory freed........: 6023631 bytes
~~ total memory allocated....: 6023639 bytes
~~ total memory freed........: 6023639 bytes
~~ total allocations/frees...: 121585/121585
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 459 chars
~~ json string max len.......: 1179 chars
~~ json string avg len.......: 795 chars
~~ json string max len.......: 1184 chars
~~ json string avg len.......: 797 chars

16
test/results/exe_download_as_png.pcap.out
View File

@@ -1,12 +1,12 @@
00470{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"exe_download_as_png.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00559{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"exe_download_as_png.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1569434903040}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569434903040,"flow_last_seen":1569434903040,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569434903040,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"185.98.87.185","src_port":49197,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569434903040,"flow_last_seen":1569434903040,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569434903040,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"185.98.87.185","src_port":49197,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1569434903040,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569434903040,"pkt":"IOUqtpPxAAgCHEeuCABFAAA0Bk9AAIAGv+sKCRlluWJXucAtAFB7PMGWAAAAAIACIAAdNgAAAgQFtAEDAwgBAQQC"}
00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1569434903440,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1569434903440,"pkt":"AAgCHEeuIOUqtpPxCABFAAAsESIAAIAG9SC5Yle5CgkZZQBQwC0vLgrVezzBl2AS+vAxRwAAAgQFtA=="}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1569434903440,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1569434903440,"pkt":"IOUqtpPxAAgCHEeuCABFAAAoBlJAAIAGv\/QKCRlluWJXucAtAFB7PMGXLy4K1lAQ+vBJBAAA"}
00905{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569434903040,"flow_last_seen":1569434903441,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1569434903441,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"185.98.87.185","src_port":49197,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"185.98.87.185","url":"185.98.87.185\/tablone.png","code":0,"content_type":"","user_agent":"WinHTTP loader\/1.0"}}
01037{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569434903040,"flow_last_seen":1569434904053,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1609,"flow_avg_l4_payload_len":268,"midstream":0,"thread_ts_msec":1569434904053,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"185.98.87.185","src_port":49197,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"185.98.87.185","url":"185.98.87.185\/tablone.png","code":200,"content_type":"image\/png","user_agent":"WinHTTP loader\/1.0"}}
00927{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":534,"source":"exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":534,"flow_first_seen":1569434903040,"flow_last_seen":1569434972556,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":500597,"flow_avg_l4_payload_len":937,"midstream":0,"thread_ts_msec":1569434972556,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"185.98.87.185","src_port":49197,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
00911{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569434903040,"flow_last_seen":1569434903441,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"midstream":0,"thread_ts_msec":1569434903441,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"185.98.87.185","src_port":49197,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"185.98.87.185","url":"185.98.87.185\/tablone.png","code":0,"content_type":"","user_agent":"WinHTTP loader\/1.0"}}
01042{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569434903040,"flow_last_seen":1569434904053,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1609,"midstream":0,"thread_ts_msec":1569434904053,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"185.98.87.185","src_port":49197,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"185.98.87.185","url":"185.98.87.185\/tablone.png","code":200,"content_type":"image\/png","user_agent":"WinHTTP loader\/1.0"}}
00934{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":534,"source":"exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":163,"flow_dst_packets_processed":371,"flow_first_seen":1569434903040,"flow_last_seen":1569434972556,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":500597,"midstream":0,"thread_ts_msec":1569434972556,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"185.98.87.185","src_port":49197,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
00573{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":534,"source":"exe_download_as_png.pcap","alias":"nDPId-test","packets-captured":534,"packets-processed":534,"total-skipped-flows":0,"total-l4-payload-len":500597,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_msec":1569434972556}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 534/534
@@ -16,10 +16,10 @@
~~ total active/idle flows...: 1/1
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6018661 bytes
~~ total memory freed........: 6018661 bytes
~~ total memory allocated....: 6018669 bytes
~~ total memory freed........: 6018669 bytes
~~ total allocations/frees...: 121415/121415
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 466 chars
~~ json string max len.......: 1042 chars
~~ json string avg len.......: 735 chars
~~ json string max len.......: 1047 chars
~~ json string avg len.......: 737 chars

26
test/results/facebook.pcap.out
View File

@@ -1,20 +1,20 @@
00459{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"facebook.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00548{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"facebook.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1472393122365}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1472393122365,"flow_last_seen":1472393122365,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1472393122365,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1472393122365,"flow_last_seen":1472393122365,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1472393122365,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1472393122365,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1472393122365,"pkt":"mAyC0zx8MFLLbJwbCABFAAA84M9AAEAGjxHAqCsSQtycRMtiAbv14btyAAAAAKACchDLCQAAAgQFtAQCCAoAS1u9AAAAAAEDAwc="}
00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1472393122668,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1472393122668,"pkt":"MFLLbJwbmAyC0zx8CABFAAA8AABAAE0GYuFC3JxEwKgrEgG7y2LsHfNy9eG7c6ASNpzIhwAAAgQFeAQCCAq7uwhkAEtbvQEDAwg="}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1472393122668,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1472393122668,"pkt":"mAyC0zx8MFLLbJwbCABFAAA04NBAAEAGjxjAqCsSQtycRMtiAbv14btz7B3zc4AQAOXLAQAAAQEICgBLXBi7uwhk"}
00859{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1472393122365,"flow_last_seen":1472393122668,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":196,"flow_tot_l4_payload_len":196,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1472393122668,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"facebook.com","ja3":"bfcc1a3891601edb4f137ab7ab25b840","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,spdy\/3.1,http\/1.1"}}
00918{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1472393122365,"flow_last_seen":1472393122981,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1584,"flow_avg_l4_payload_len":264,"midstream":0,"thread_ts_msec":1472393122981,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"facebook.com","ja3":"bfcc1a3891601edb4f137ab7ab25b840","ja3s":"2d1eb5817ece335c24904f516ad5da12","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"h2,spdy\/3.1,http\/1.1"}}
01363{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1472393122365,"flow_last_seen":1472393122982,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":3369,"flow_avg_l4_payload_len":336,"midstream":0,"thread_ts_msec":1472393122982,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"facebook.com","server_names":"*.facebook.com,*.facebook.net,*.fb.com,*.fbcdn.net,*.fbsbx.com,*.m.facebook.com,*.messenger.com,*.xx.fbcdn.net,*.xy.fbcdn.net,*.xz.fbcdn.net,facebook.com,fb.com,messenger.com","ja3":"bfcc1a3891601edb4f137ab7ab25b840","ja3s":"2d1eb5817ece335c24904f516ad5da12","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","alpn":"h2,spdy\/3.1,http\/1.1","fingerprint":"A0:4E:AF:B3:48:C2:6B:15:A8:C1:AA:87:A3:33:CA:A3:CD:EE:C9:C9"}}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1472393123550,"flow_last_seen":1472393123550,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1472393123550,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"31.13.86.36","src_port":44614,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00865{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1472393122365,"flow_last_seen":1472393122668,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":196,"flow_tot_l4_payload_len":196,"midstream":0,"thread_ts_msec":1472393122668,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"facebook.com","ja3":"bfcc1a3891601edb4f137ab7ab25b840","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,spdy\/3.1,http\/1.1"}}
00923{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1472393122365,"flow_last_seen":1472393122981,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1584,"midstream":0,"thread_ts_msec":1472393122981,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"facebook.com","ja3":"bfcc1a3891601edb4f137ab7ab25b840","ja3s":"2d1eb5817ece335c24904f516ad5da12","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"h2,spdy\/3.1,http\/1.1"}}
01367{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1472393122365,"flow_last_seen":1472393122982,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":3369,"midstream":0,"thread_ts_msec":1472393122982,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"facebook.com","server_names":"*.facebook.com,*.facebook.net,*.fb.com,*.fbcdn.net,*.fbsbx.com,*.m.facebook.com,*.messenger.com,*.xx.fbcdn.net,*.xy.fbcdn.net,*.xz.fbcdn.net,facebook.com,fb.com,messenger.com","ja3":"bfcc1a3891601edb4f137ab7ab25b840","ja3s":"2d1eb5817ece335c24904f516ad5da12","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","alpn":"h2,spdy\/3.1,http\/1.1","fingerprint":"A0:4E:AF:B3:48:C2:6B:15:A8:C1:AA:87:A3:33:CA:A3:CD:EE:C9:C9"}}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1472393123550,"flow_last_seen":1472393123550,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1472393123550,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"31.13.86.36","src_port":44614,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1472393123550,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1472393123550,"pkt":"mAyC0zx8MFLLbJwbCABFAAA8dR1AAEAGZLPAqCsSHw1WJK5GAbsvASg9AAAAAKACchBhGgAAAgQFtAQCCAoAS10gAAAAAAEDAwc="}
00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1472393123682,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1472393123682,"pkt":"MFLLbJwbmAyC0zx8CABFAAA8AABAAFMGxtAfDVYkwKgrEgG7rkZw6dh2LwEoPqASNpwMewAAAgQFeAQCCAolRdDWAEtdIAEDAwg="}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1472393123682,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1472393123682,"pkt":"mAyC0zx8MFLLbJwbCABFAAA0dR5AAEAGZLrAqCsSHw1WJK5GAbsvASg+cOnYd4AQAOVhEgAAAQEICgBLXUglRdDW"}
00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1472393123550,"flow_last_seen":1472393123683,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1472393123683,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"31.13.86.36","src_port":44614,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.facebook.com","ja3":"5c60e71f1b8cd40e4d40ed5b6d666e3f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,spdy\/3.1,http\/1.1"}}
00919{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1472393123550,"flow_last_seen":1472393123838,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":663,"flow_avg_l4_payload_len":110,"midstream":0,"thread_ts_msec":1472393123838,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"31.13.86.36","src_port":44614,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.facebook.com","ja3":"5c60e71f1b8cd40e4d40ed5b6d666e3f","ja3s":"96681175a9547081bf3d417f1a572091","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"h2,spdy\/3.1,http\/1.1"}}
00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1472393122365,"flow_last_seen":1472393123665,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":4475,"flow_avg_l4_payload_len":235,"midstream":0,"thread_ts_msec":1472393124229,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":41,"flow_first_seen":1472393123550,"flow_last_seen":1472393124229,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":22044,"flow_avg_l4_payload_len":537,"midstream":0,"thread_ts_msec":1472393124229,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"31.13.86.36","src_port":44614,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
00868{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1472393123550,"flow_last_seen":1472393123683,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"midstream":0,"thread_ts_msec":1472393123683,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"31.13.86.36","src_port":44614,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.facebook.com","ja3":"5c60e71f1b8cd40e4d40ed5b6d666e3f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,spdy\/3.1,http\/1.1"}}
00924{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1472393123550,"flow_last_seen":1472393123838,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":663,"midstream":0,"thread_ts_msec":1472393123838,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"31.13.86.36","src_port":44614,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.facebook.com","ja3":"5c60e71f1b8cd40e4d40ed5b6d666e3f","ja3s":"96681175a9547081bf3d417f1a572091","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"h2,spdy\/3.1,http\/1.1"}}
00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":10,"flow_first_seen":1472393122365,"flow_last_seen":1472393123665,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":4475,"midstream":0,"thread_ts_msec":1472393124229,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":22,"flow_first_seen":1472393123550,"flow_last_seen":1472393124229,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":22044,"midstream":0,"thread_ts_msec":1472393124229,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"31.13.86.36","src_port":44614,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
00558{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":60,"source":"facebook.pcap","alias":"nDPId-test","packets-captured":60,"packets-processed":60,"total-skipped-flows":0,"total-l4-payload-len":26519,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":18,"global_ts_msec":1472393124229}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 60/60
@@ -24,10 +24,10 @@
~~ total active/idle flows...: 2/2
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6017198 bytes
~~ total memory freed........: 6017198 bytes
~~ total memory allocated....: 6017214 bytes
~~ total memory freed........: 6017214 bytes
~~ total allocations/frees...: 120961/120961
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 464 chars
~~ json string max len.......: 1368 chars
~~ json string avg len.......: 915 chars
~~ json string max len.......: 1372 chars
~~ json string avg len.......: 917 chars

56
test/results/firefox.pcap.out
View File

@@ -1,28 +1,28 @@
00458{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"firefox.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00547{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"firefox.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1620927997754}
00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620927997754,"flow_last_seen":1620927997754,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620927997754,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51577,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1620927997754,"flow_last_seen":1620927997754,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620927997754,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51577,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1620927997754,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620927997754,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6Esl5AbuZmizAAAAAALAC\/\/9OVwAAAgQFtAEDAwUBAQgKNAyUbQAAAAAEAgAA"}
00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1620927997781,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620927997781,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7yXkJiZGFmZoswaAS\/oiCawAAAgQFrAQCCAo8IAcuNAyUbQEDAwc="}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1620927997781,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620927997781,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6Esl5AbuZmizBCYmRhoAQECyfcgAAAQEICjQMlIc8IAcu"}
00875{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620927997754,"flow_last_seen":1620927997782,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1620927997782,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51577,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"aa7744226c695c0b2e440419848cf700","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00916{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620927997754,"flow_last_seen":1620927997814,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1620927997814,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51577,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"aa7744226c695c0b2e440419848cf700","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620927998782,"flow_last_seen":1620927998782,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620927998782,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51583,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00880{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1620927997754,"flow_last_seen":1620927997782,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"midstream":0,"thread_ts_msec":1620927997782,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51577,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"aa7744226c695c0b2e440419848cf700","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00921{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1620927997754,"flow_last_seen":1620927997814,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"midstream":0,"thread_ts_msec":1620927997814,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51577,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"aa7744226c695c0b2e440419848cf700","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1620927998782,"flow_last_seen":1620927998782,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620927998782,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51583,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1620927998782,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620927998782,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6Esl\/AbveSGQcAAAAALAC\/\/\/OTgAAAgQFtAEDAwUBAQgKNAyYZQAAAAAEAgAA"}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620927998806,"flow_last_seen":1620927998806,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620927998806,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51588,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1620927998806,"flow_last_seen":1620927998806,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620927998806,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51588,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1620927998806,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620927998806,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EsmEAbtCftk8AAAAALAC\/\/\/03wAAAgQFtAEDAwUBAQgKNAyYeQAAAAAEAgAA"}
00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1620927998817,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620927998817,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7yX\/JSxfE3khkHaAS\/oi4VgAAAgQFrAQCCAo8IAs5NAyYZQEDAwc="}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1620927998817,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620927998817,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6Esl\/AbveSGQdyUsXxYAQECzVWgAAAQEICjQMmII8IAs5"}
00876{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620927998782,"flow_last_seen":1620927998820,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":680,"flow_avg_l4_payload_len":170,"midstream":0,"thread_ts_msec":1620927998820,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51583,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00881{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1620927998782,"flow_last_seen":1620927998820,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":680,"midstream":0,"thread_ts_msec":1620927998820,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51583,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1620927998833,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620927998833,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7yYRFBnlrQn7ZPaAS\/ogBdQAAAgQFrAQCCAo8IAtKNAyYeQEDAwc="}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1620927998833,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620927998833,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EsmEAbtCftk9RQZ5bIAQECwefwAAAQEICjQMmJA8IAtK"}
00876{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620927998806,"flow_last_seen":1620927998850,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":680,"flow_avg_l4_payload_len":170,"midstream":0,"thread_ts_msec":1620927998850,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51588,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00915{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":63,"source":"firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620927998782,"flow_last_seen":1620927998850,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":940,"flow_avg_l4_payload_len":156,"midstream":0,"thread_ts_msec":1620927998850,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51583,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00915{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":68,"source":"firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620927998806,"flow_last_seen":1620927998877,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":940,"flow_avg_l4_payload_len":156,"midstream":0,"thread_ts_msec":1620927998877,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51588,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":84,"source":"firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620927999109,"flow_last_seen":1620927999109,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620927999109,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51599,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00881{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1620927998806,"flow_last_seen":1620927998850,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":680,"midstream":0,"thread_ts_msec":1620927998850,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51588,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00920{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":63,"source":"firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1620927998782,"flow_last_seen":1620927998850,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":940,"midstream":0,"thread_ts_msec":1620927998850,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51583,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00920{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":68,"source":"firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1620927998806,"flow_last_seen":1620927998877,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":940,"midstream":0,"thread_ts_msec":1620927998877,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51588,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":84,"source":"firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1620927999109,"flow_last_seen":1620927999109,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620927999109,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51599,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1620927999109,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620927999109,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EsmPAbugsPXqAAAAALAC\/\/947AAAAgQFtAEDAwUBAQgKNAyZgQAAAAAEAgAA"}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620927999111,"flow_last_seen":1620927999111,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620927999111,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51600,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1620927999111,"flow_last_seen":1620927999111,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620927999111,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51600,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1620927999111,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620927999111,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EsmQAbsCvXBwAAAAALAC\/\/+cWAAAAgQFtAEDAwUBAQgKNAyZggAAAAAEAgAA"}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":86,"source":"firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620927999112,"flow_last_seen":1620927999112,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620927999112,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51601,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":86,"source":"firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1620927999112,"flow_last_seen":1620927999112,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620927999112,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51601,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1620927999112,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620927999112,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EsmRAbvLRPiuAAAAALAC\/\/9LkAAAAgQFtAEDAwUBAQgKNAyZgwAAAAAEAgAA"}
00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1620927999138,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620927999138,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7yY9yeaT2oLD166AS\/ogrVAAAAgQFrAQCCAo8IAx5NAyZgQEDAwc="}
00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1620927999138,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620927999138,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7yZBJLtVRAr1wcaAS\/ohHrwAAAgQFrAQCCAo8IAx6NAyZggEDAwc="}
@@ -30,18 +30,18 @@
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1620927999138,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620927999138,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EsmQAbsCvXBxSS7VUoAQECxktgAAAQEICjQMmZw8IAx6"}
00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1620927999140,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620927999140,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7yZFyBGfZy0T4r6AS\/og7hgAAAgQFrAQCCAo8IAx9NAyZgwEDAwc="}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1620927999140,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620927999140,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EsmRAbvLRPivcgRn2oAQECxYiwAAAQEICjQMmZ88IAx9"}
00877{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":124,"source":"firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620927999111,"flow_last_seen":1620927999141,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":680,"flow_avg_l4_payload_len":170,"midstream":0,"thread_ts_msec":1620927999141,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51600,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00877{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":125,"source":"firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620927999109,"flow_last_seen":1620927999143,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":680,"flow_avg_l4_payload_len":170,"midstream":0,"thread_ts_msec":1620927999143,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51599,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00877{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":126,"source":"firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620927999112,"flow_last_seen":1620927999148,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":680,"flow_avg_l4_payload_len":170,"midstream":0,"thread_ts_msec":1620927999148,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51601,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00916{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":156,"source":"firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620927999111,"flow_last_seen":1620927999169,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":940,"flow_avg_l4_payload_len":156,"midstream":0,"thread_ts_msec":1620927999169,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51600,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00916{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":159,"source":"firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620927999109,"flow_last_seen":1620927999170,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":940,"flow_avg_l4_payload_len":156,"midstream":0,"thread_ts_msec":1620927999170,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51599,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00916{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":163,"source":"firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620927999112,"flow_last_seen":1620927999179,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":940,"flow_avg_l4_payload_len":156,"midstream":0,"thread_ts_msec":1620927999179,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51601,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1065,"flow_first_seen":1620927997754,"flow_last_seen":1620927999853,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":891202,"flow_avg_l4_payload_len":836,"midstream":0,"thread_ts_msec":1620927999948,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51577,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1031,"flow_first_seen":1620927998782,"flow_last_seen":1620927999948,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":869503,"flow_avg_l4_payload_len":843,"midstream":0,"thread_ts_msec":1620927999948,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51583,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":1387,"flow_first_seen":1620927998806,"flow_last_seen":1620927999915,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1189641,"flow_avg_l4_payload_len":857,"midstream":0,"thread_ts_msec":1620927999948,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51588,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":434,"flow_first_seen":1620927999109,"flow_last_seen":1620927999830,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":353696,"flow_avg_l4_payload_len":814,"midstream":0,"thread_ts_msec":1620927999948,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51599,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":646,"flow_first_seen":1620927999111,"flow_last_seen":1620927999879,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":545091,"flow_avg_l4_payload_len":843,"midstream":0,"thread_ts_msec":1620927999948,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51600,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":878,"flow_first_seen":1620927999112,"flow_last_seen":1620927999897,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":744373,"flow_avg_l4_payload_len":847,"midstream":0,"thread_ts_msec":1620927999948,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51601,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
00882{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":124,"source":"firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1620927999111,"flow_last_seen":1620927999141,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":680,"midstream":0,"thread_ts_msec":1620927999141,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51600,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00882{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":125,"source":"firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1620927999109,"flow_last_seen":1620927999143,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":680,"midstream":0,"thread_ts_msec":1620927999143,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51599,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00882{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":126,"source":"firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1620927999112,"flow_last_seen":1620927999148,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":680,"midstream":0,"thread_ts_msec":1620927999148,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51601,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00921{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":156,"source":"firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1620927999111,"flow_last_seen":1620927999169,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":940,"midstream":0,"thread_ts_msec":1620927999169,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51600,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00921{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":159,"source":"firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1620927999109,"flow_last_seen":1620927999170,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":940,"midstream":0,"thread_ts_msec":1620927999170,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51599,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00921{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":163,"source":"firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1620927999112,"flow_last_seen":1620927999179,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":940,"midstream":0,"thread_ts_msec":1620927999179,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51601,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":436,"flow_dst_packets_processed":629,"flow_first_seen":1620927997754,"flow_last_seen":1620927999853,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":891202,"midstream":0,"thread_ts_msec":1620927999948,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51577,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":408,"flow_dst_packets_processed":623,"flow_first_seen":1620927998782,"flow_last_seen":1620927999948,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":869503,"midstream":0,"thread_ts_msec":1620927999948,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51583,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":544,"flow_dst_packets_processed":843,"flow_first_seen":1620927998806,"flow_last_seen":1620927999915,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1189641,"midstream":0,"thread_ts_msec":1620927999948,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51588,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":180,"flow_dst_packets_processed":254,"flow_first_seen":1620927999109,"flow_last_seen":1620927999830,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":353696,"midstream":0,"thread_ts_msec":1620927999948,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51599,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":255,"flow_dst_packets_processed":391,"flow_first_seen":1620927999111,"flow_last_seen":1620927999879,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":545091,"midstream":0,"thread_ts_msec":1620927999948,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51600,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":350,"flow_dst_packets_processed":528,"flow_first_seen":1620927999112,"flow_last_seen":1620927999897,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":744373,"midstream":0,"thread_ts_msec":1620927999948,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51601,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
00565{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","packets-captured":5441,"packets-processed":5441,"total-skipped-flows":0,"total-l4-payload-len":4593506,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":6,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":45,"global_ts_msec":1620927999948}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 5441/5441
@@ -51,10 +51,10 @@
~~ total active/idle flows...: 6/6
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6178622 bytes
~~ total memory freed........: 6178622 bytes
~~ total memory allocated....: 6178670 bytes
~~ total memory freed........: 6178670 bytes
~~ total allocations/frees...: 126355/126355
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 463 chars
~~ json string max len.......: 921 chars
~~ json string avg len.......: 691 chars
~~ json string max len.......: 926 chars
~~ json string avg len.......: 693 chars

80
test/results/fix.pcap.out
View File

@@ -1,77 +1,77 @@
00454{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"fix.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00543{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"fix.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1493755109242}
00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"fix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109242,"flow_last_seen":1493755109242,"flow_idle_time":7580000,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":1,"thread_ts_msec":1493755109242,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":43594,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"fix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1493755109242,"flow_last_seen":1493755109242,"flow_idle_time":7580000,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"midstream":1,"thread_ts_msec":1493755109242,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":43594,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"fix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1493755109242,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":152,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":152,"pkt_l4_len":118,"thread_ts_msec":1493755109242,"pkt":"THK5MeMlACJNe\/gxCABFAACKT3MAAPUGlw4IERYfwKgAFA+gqko3bYCMRQ1qAYAY\/\/+s3wAAAQEICsq+JozkIvOrOD1PATk9MDA3NQEzNT1HAQIgAAANgQxAKWj1wo9cKQAAAAEAABRnDEBj4euA7PpqAAAAAQAADiEMQENwo99tuUEAAAABAAAMAwxAYm64YJmdywAAAAE="}
00621{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"fix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109242,"flow_last_seen":1493755109242,"flow_idle_time":7580000,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":1,"thread_ts_msec":1493755109242,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":43594,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"fix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1493755109242,"flow_last_seen":1493755109242,"flow_idle_time":7580000,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"midstream":1,"thread_ts_msec":1493755109242,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":43594,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"fix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1493755109243,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1493755109243,"pkt":"ACJNe\/gxTHK5MeMlCABFAAA04yxAAEAGeKvAqAAUCBEWH6pKD6BFDWoBN22A4oAQ\/+CtQgAAAQEICuQi8\/bKviaM"}
00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"fix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1493755109243,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"thread_ts_msec":1493755109243,"pkt":"THK5MeMlACJNe\/gxCABFAABNT3sAAPUGl0MIERYfwKgAFA+gqko3bYDiRQ1qAYAY\/\/8cMQAAAQEICsq+JozkIvOrOD1PATk9MDAxNAEzNT1QAQA4AAAUjFEGgw=="}
00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"fix.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109264,"flow_last_seen":1493755109264,"flow_idle_time":7580000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":1,"thread_ts_msec":1493755109264,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47968,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"fix.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1493755109264,"flow_last_seen":1493755109264,"flow_idle_time":7580000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"midstream":1,"thread_ts_msec":1493755109264,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47968,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"fix.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1493755109264,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_msec":1493755109264,"pkt":"THK5MeMlACJNe\/gxCABFAABSVaMAAPUGkRYIERYfwKgAFA+gu2Bwv8eLGL2htoAY\/\/8FlAAAAQEICsq+JqLD2CKPOD1PATk9MDAxOQEzNT1QAQBgAAAA1ygEAAAC+SgE"}
00621{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"fix.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109264,"flow_last_seen":1493755109264,"flow_idle_time":7580000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":1,"thread_ts_msec":1493755109264,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47968,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"fix.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1493755109264,"flow_last_seen":1493755109264,"flow_idle_time":7580000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"midstream":1,"thread_ts_msec":1493755109264,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47968,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"fix.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1493755109265,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1493755109265,"pkt":"ACJNe\/gxTHK5MeMlCABFAAA0nQVAAEAGvtLAqAAUCBEWH7tgD6AYvaG2cL\/HqYAQ\/+ACDgAAAQEICsPYIsvKviai"}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"fix.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109301,"flow_last_seen":1493755109301,"flow_idle_time":7580000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755109301,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45578,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"fix.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1493755109301,"flow_last_seen":1493755109301,"flow_idle_time":7580000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755109301,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45578,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"fix.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1493755109301,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_msec":1493755109301,"pkt":"THK5MeMlACJNe\/gxCABFAABPilIAADIGAaLQ9WsDwKgAFA+gsgqYEHEay+C1D1AYXjiwMAAAOD1GSVguNC4xATk9MDAwMTQBMzU9MQExMTI9ZmFybQExMD0yMTcB"}
00624{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"fix.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109301,"flow_last_seen":1493755109301,"flow_idle_time":7580000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755109301,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45578,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"fix.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1493755109301,"flow_last_seen":1493755109301,"flow_idle_time":7580000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755109301,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45578,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"fix.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1493755109301,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1493755109301,"pkt":"ACJNe\/gxTHK5MeMlCABFAAAoLPdAAEAGESTAqAAU0PVrA7IKD6DL4LUPmBBxQVAQ\/\/9nMgAAAAAAAAAA"}
00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"fix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109301,"flow_last_seen":1493755109301,"flow_idle_time":7580000,"flow_min_l4_payload_len":67,"flow_max_l4_payload_len":67,"flow_tot_l4_payload_len":67,"flow_avg_l4_payload_len":67,"midstream":1,"thread_ts_msec":1493755109301,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47952,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"fix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1493755109301,"flow_last_seen":1493755109301,"flow_idle_time":7580000,"flow_min_l4_payload_len":67,"flow_max_l4_payload_len":67,"flow_tot_l4_payload_len":67,"midstream":1,"thread_ts_msec":1493755109301,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47952,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"fix.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1493755109301,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"thread_ts_msec":1493755109301,"pkt":"THK5MeMlACJNe\/gxCABFAAB3JWUAAPUGwS8IERYfwKgAFA+gu1Cc6Eb967pj5oAY\/\/+1oAAAAQEICsq+Jsaxc69UOD1GSVguNC4xATk9MDAwMDQxATM1PTABMzQ9MDA2MTI3ATQzPU4BNTI9MjAxNzA1MDItMTk6NTg6MjkBMTA9MTEzAQ=="}
00621{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"fix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109301,"flow_last_seen":1493755109301,"flow_idle_time":7580000,"flow_min_l4_payload_len":67,"flow_max_l4_payload_len":67,"flow_tot_l4_payload_len":67,"flow_avg_l4_payload_len":67,"midstream":1,"thread_ts_msec":1493755109301,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47952,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"fix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1493755109301,"flow_last_seen":1493755109301,"flow_idle_time":7580000,"flow_min_l4_payload_len":67,"flow_max_l4_payload_len":67,"flow_tot_l4_payload_len":67,"midstream":1,"thread_ts_msec":1493755109301,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47952,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"fix.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1493755109301,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_msec":1493755109301,"pkt":"ACJNe\/gxTHK5MeMlCABFAAB+LPhAAEAGEM3AqAAU0PVrA7IKD6DL4LUPmBBxQVAY\/\/8uDQAAOD1GSVhDT01QATk9NzEBeJwNx7ENgDAMBED9QER+x684kdwisQEtDR0N+xdw3WXtx9miEbPMQugqQ48\/iuGQlxuHyXzjXMrlCdLrvt4HtKKED90WDdY="}
00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"fix.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1493755109301,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1493755109301,"pkt":"ACJNe\/gxTHK5MeMlCABFAAA04B5AAEAGe7nAqAAUCBEWH7tQD6DrumPmnOhHQIAQ\/+BBSgAAAQEICrFztPLKvibG"}
00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"fix.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1493755109365,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"thread_ts_msec":1493755109365,"pkt":"THK5MeMlACJNe\/gxCABFAABXdbIAAPUGcQIIERYfwKgAFA+gu2Bwv8epGL2htoAY\/\/9rRwAAAQEICsq+JwbD2CLLOD1PATk9MDAyNAEzNT1HAQCIAAAA1gw\/8YUeuFHrhQAAAAE="}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"fix.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109440,"flow_last_seen":1493755109440,"flow_idle_time":7580000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":1,"thread_ts_msec":1493755109440,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45584,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"fix.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1493755109440,"flow_last_seen":1493755109440,"flow_idle_time":7580000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"midstream":1,"thread_ts_msec":1493755109440,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45584,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"fix.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1493755109440,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1493755109440,"pkt":"THK5MeMlACJNe\/gxCABFAABLyzMAADIGwMTQ9WsDwKgAFA+gshDsZRC0r0wvBlAYWghECQAAOD1PATk9MDAyNAEzNT1HAQCIAAAAVgxAWLVwoAAAAAAAAAE="}
00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"fix.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109440,"flow_last_seen":1493755109440,"flow_idle_time":7580000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":1,"thread_ts_msec":1493755109440,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45584,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"fix.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1493755109440,"flow_last_seen":1493755109440,"flow_idle_time":7580000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"midstream":1,"thread_ts_msec":1493755109440,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45584,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"fix.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1493755109440,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1493755109440,"pkt":"ACJNe\/gxTHK5MeMlCABFAAAoPkFAAEAG\/9nAqAAU0PVrA7IQD6CvTC8G7GUQ11AQo65yMAAAAAAAAAAA"}
00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"fix.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109654,"flow_last_seen":1493755109654,"flow_idle_time":7580000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755109654,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47962,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"fix.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1493755109654,"flow_last_seen":1493755109654,"flow_idle_time":7580000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755109654,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47962,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"fix.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1493755109654,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1493755109654,"pkt":"THK5MeMlACJNe\/gxCABFAABbr+gAAPUGNsgIERYfwKgAFA+gu1oMn5kifDan54AY\/\/9QgQAAAQEICsq+KCgaP0xfOD1GSVguNC4xATk9MDAwMTQBMzU9MQExMTI9ZmFybQExMD0yMTcB"}
00622{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"fix.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109654,"flow_last_seen":1493755109654,"flow_idle_time":7580000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755109654,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47962,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00628{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"fix.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1493755109654,"flow_last_seen":1493755109654,"flow_idle_time":7580000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755109654,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47962,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"fix.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1493755109655,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1493755109655,"pkt":"ACJNe\/gxTHK5MeMlCABFAAA07JVAAEAGb0LAqAAUCBEWH7taD6B8NqfnDJ+ZSYAQhgAbHwAAAQEICho\/VIrKvigo"}
00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"fix.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1493755109655,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":152,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":152,"pkt_l4_len":118,"thread_ts_msec":1493755109655,"pkt":"ACJNe\/gxTHK5MeMlCABFAACK7JZAAEAGbuvAqAAUCBEWH7taD6B8NqfnDJ+ZSYAYhgDh+QAAAQEICho\/VIrKvigoOD1GSVhDT01QATk9NzEBeJwNx7ENgDAMBED9QER+x684kdwisQEtDR0N+xdw3WXtx9miEbPMQugqQ48\/iuGQlxuHyXzjXMrlCdLrvt4HtKKED90WDdY="}
00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"fix.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1493755109941,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1493755109941,"pkt":"THK5MeMlACJNe\/gxCABFAABLyzQAADIGwMPQ9WsDwKgAFA+gshDsZRDXr0wvBlAYWgiDjAAAOD1PATk9MDAyNAEzNT1HAQCIAAAAWQxAldWZn+Q2dgAAAAE="}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":87,"source":"fix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755110320,"flow_last_seen":1493755110320,"flow_idle_time":7580000,"flow_min_l4_payload_len":77,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":77,"flow_avg_l4_payload_len":77,"midstream":1,"thread_ts_msec":1493755110320,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38652,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":87,"source":"fix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1493755110320,"flow_last_seen":1493755110320,"flow_idle_time":7580000,"flow_min_l4_payload_len":77,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":77,"midstream":1,"thread_ts_msec":1493755110320,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38652,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"fix.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1493755110320,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":131,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":131,"pkt_l4_len":97,"thread_ts_msec":1493755110320,"pkt":"THK5MeMlACJNe\/gxCABFAAB1U\/wAADIGN9LQ9WsDwKgAFA+glvwzTd9PWnk+l1AYb96N\/wAAOD1PATk9MDA2NgEzNT1HAQHYAAAABVkI5OEMFeFiPZCEMAATlYJyAAAABFkI5OEMFVZHfdCEMAATwIJ3AAAABlkI5OEIW+2APQJxEAQ="}
00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"fix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755110320,"flow_last_seen":1493755110320,"flow_idle_time":7580000,"flow_min_l4_payload_len":77,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":77,"flow_avg_l4_payload_len":77,"midstream":1,"thread_ts_msec":1493755110320,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38652,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":88,"source":"fix.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755110328,"flow_last_seen":1493755110328,"flow_idle_time":7580000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755110328,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40918,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"fix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1493755110320,"flow_last_seen":1493755110320,"flow_idle_time":7580000,"flow_min_l4_payload_len":77,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":77,"midstream":1,"thread_ts_msec":1493755110320,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38652,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":88,"source":"fix.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1493755110328,"flow_last_seen":1493755110328,"flow_idle_time":7580000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755110328,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40918,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"fix.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1493755110328,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1493755110328,"pkt":"THK5MeMlACJNe\/gxCABFAABb5\/wAAPUG\/rMIERYfwKgAFA+gn9aNJ1RO\/ryrG4AY\/\/8NBQAAAQEICsq+KsnWRqh9OD1PATk9MDAyOAEzNT1HAQCoAAAAAVkI5OEMBKkS\/dCEMAAJlIEx"}
00622{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"fix.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755110328,"flow_last_seen":1493755110328,"flow_idle_time":7580000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755110328,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40918,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00628{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"fix.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1493755110328,"flow_last_seen":1493755110328,"flow_idle_time":7580000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755110328,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40918,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"fix.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1493755110328,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1493755110328,"pkt":"ACJNe\/gxTHK5MeMlCABFAAA0b9ZAAEAG7AHAqAAUCBEWH5\/WD6D+vKsbjSdUdYAQ\/\/\/knQAAAQEICtZGrHjKvirJ"}
00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"fix.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1493755110362,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1493755110362,"pkt":"ACJNe\/gxTHK5MeMlCABFAAAouAtAAEAGhg\/AqAAU0PVrA5b8D6BaeT6XM03fnFAQ\/GxkGwAAAAAAAAAA"}
00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"fix.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1493755111422,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_msec":1493755111422,"pkt":"THK5MeMlACJNe\/gxCABFAABwiaEAAPUGXPoIERYfwKgAFA+gn9aNJ1R1\/ryrG4AY\/\/+zfAAAAQEICsq+Lw\/WRqx4OD1PATk9MDA0OQEzNT1HAQFQAAAADVkI5OEMFgYg3VCIUAATiYF3AAAADFkI5OEMB9wg3RAAEAATiYAA"}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":155,"source":"fix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755111956,"flow_last_seen":1493755111956,"flow_idle_time":7580000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755111956,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38646,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":155,"source":"fix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1493755111956,"flow_last_seen":1493755111956,"flow_idle_time":7580000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755111956,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38646,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"fix.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1493755111956,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_msec":1493755111956,"pkt":"THK5MeMlACJNe\/gxCABFAABP7\/wAADIGm\/fQ9WsDwKgAFA+glvYLJrChYuT9OVAYYmg1SgAAOD1GSVguNC4xATk9MDAwMTQBMzU9MQExMTI9ZmFybQExMD0yMTcB"}
00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":155,"source":"fix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755111956,"flow_last_seen":1493755111956,"flow_idle_time":7580000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755111956,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38646,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":155,"source":"fix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1493755111956,"flow_last_seen":1493755111956,"flow_idle_time":7580000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755111956,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38646,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"fix.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1493755111956,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1493755111956,"pkt":"ACJNe\/gxTHK5MeMlCABFAAAoPOZAAEAGATXAqAAU0PVrA5b2D6Bi5P05CyawyFAQ\/Gz0DgAAAAAAAAAA"}
00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"fix.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1493755111956,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"thread_ts_msec":1493755111956,"pkt":"ACJNe\/gxTHK5MeMlCABFAAB9POdAAEAGAN\/AqAAU0PVrA5b2D6Bi5P05CyawyFAY\/GyQmgAAOD1GSVhDT01QATk9NzABeJwFwTEKgEAMBEDyII\/dJIu5g7SCP7C1sbPx\/4Uz1cd5jRy02UDKQg2LbFAVafJ2cIfgG+dSraCR3s\/9vUY05fYD3SIN0A=="}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":209,"source":"fix.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755113353,"flow_last_seen":1493755113353,"flow_idle_time":7580000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755113353,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":39094,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":209,"source":"fix.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1493755113353,"flow_last_seen":1493755113353,"flow_idle_time":7580000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755113353,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":39094,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":209,"source":"fix.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1493755113353,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_msec":1493755113353,"pkt":"THK5MeMlACJNe\/gxCABFAABP8tQAADIGmR\/Q9WsDwKgAFA+gmLZKUJEYQJIHD1AYWpQ0OgAAOD1GSVguNC4xATk9MDAwMTQBMzU9MQExMTI9ZmFybQExMD0yMTcB"}
00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":209,"source":"fix.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755113353,"flow_last_seen":1493755113353,"flow_idle_time":7580000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755113353,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":39094,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":209,"source":"fix.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1493755113353,"flow_last_seen":1493755113353,"flow_idle_time":7580000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755113353,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":39094,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"fix.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1493755113353,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_msec":1493755113353,"pkt":"ACJNe\/gxTHK5MeMlCABFAAB8GO1AAEAGJNrAqAAU0PVrA5i2D6BAkgcPSlCRP1AY\/\/\/ZrgAAOD1GSVhDT01QATk9NjkBeJwFwTsKgEAQA1ByICWZnbAfmFbwBrY2djbev\/C9Ucd57bkLs8g0motoWZR7Co4KqtOMTXN5rBaQop77eyGWTPzcug3M"}
00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"fix.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1493755113404,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1493755113404,"pkt":"THK5MeMlACJNe\/gxCABFAAAo8tUAADIGmUXQ9WsDwKgAFA+gmLZKUJE\/QJIHY1AQWpSMrwAA"}
00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"fix.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1493755114507,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"thread_ts_msec":1493755114507,"pkt":"ACJNe\/gxTHK5MeMlCABFAACB4B9AAEAGe2vAqAAUCBEWH7tQD6DrumPmnOhHQIAY\/+BrUwAAAQEICrFzuwzKvibGOD1GSVhDT01QATk9NjIBeJwNx8ENwDAIA0B5oEYGQxMi8Y3UDbr\/JO39bvV53hHDUE3qhrIJxZ+smkhvp00m\/bLaubYEYzOED2YPC2I="}
00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":282,"source":"fix.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1493755115297,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":135,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":135,"pkt_l4_len":101,"thread_ts_msec":1493755115297,"pkt":"THK5MeMlACJNe\/gxCABFAAB5U\/0AADIGN83Q9WsDwKgAFA+glvwzTd+cWnk+l1AYb976PQAAOD1PATk9MDA3MAEzNT1HAQH4AAAABVkI5OYMFeFg3lAEMAATioF3AAAABFkI5OYMFVZgnhAAEAATiYAAAAAABlkI5OYMW+2AXhAAEAQTiIAA"}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":344,"source":"fix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755116662,"flow_last_seen":1493755116662,"flow_idle_time":7580000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755116662,"l3_proto":"ip4","src_ip":"217.192.86.32","dst_ip":"192.168.0.20","src_port":4000,"dst_port":53330,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":344,"source":"fix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1493755116662,"flow_last_seen":1493755116662,"flow_idle_time":7580000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755116662,"l3_proto":"ip4","src_ip":"217.192.86.32","dst_ip":"192.168.0.20","src_port":4000,"dst_port":53330,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"fix.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1493755116662,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_msec":1493755116662,"pkt":"THK5MeMlACJNe\/gxCABFAABP0h0AAC8GyO7ZwFYgwKgAFA+g0FJoqda4F+2kj1AYRRhFXQAAOD1GSVguNC4xATk9MDAwMTQBMzU9MQExMTI9ZmFybQExMD0yMTcB"}
00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":344,"source":"fix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755116662,"flow_last_seen":1493755116662,"flow_idle_time":7580000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755116662,"l3_proto":"ip4","src_ip":"217.192.86.32","dst_ip":"192.168.0.20","src_port":4000,"dst_port":53330,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":344,"source":"fix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1493755116662,"flow_last_seen":1493755116662,"flow_idle_time":7580000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755116662,"l3_proto":"ip4","src_ip":"217.192.86.32","dst_ip":"192.168.0.20","src_port":4000,"dst_port":53330,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"fix.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1493755116662,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"thread_ts_msec":1493755116662,"pkt":"ACJNe\/gxTHK5MeMlCABFAAB9Lt9AAEAGGv\/AqAAU2cBWINBSD6AX7aSPaKnW31AYhgAmIwAAOD1GSVhDT01QATk9NzABeJwFwTsKgEAMBFByIJeZJMN+IK2wN7C1sbPx\/oXvjTr31bLRZgEpCxUsskD1SJOXgx2CH5xLY4WM9Hru7zWiKNkP3UcN1g=="}
00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"fix.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1493755116788,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1493755116788,"pkt":"THK5MeMlACJNe\/gxCABFAAAo0h4AAC8GyRTZwFYgwKgAFA+g0FJoqdbfF+2k5FAQRRid0QAA"}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":419,"source":"fix.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755117668,"flow_last_seen":1493755117668,"flow_idle_time":7580000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755117668,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40928,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":419,"source":"fix.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1493755117668,"flow_last_seen":1493755117668,"flow_idle_time":7580000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755117668,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40928,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":419,"source":"fix.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1493755117668,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1493755117668,"pkt":"THK5MeMlACJNe\/gxCABFAABb6MoAAPUG\/eUIERYfwKgAFA+gn+AbjTX8bvFE4oAY\/\/8xhAAAAQEICsq+R3VyD9Q7OD1GSVguNC4xATk9MDAwMTQBMzU9MQExMTI9ZmFybQExMD0yMTcB"}
00624{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":419,"source":"fix.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755117668,"flow_last_seen":1493755117668,"flow_idle_time":7580000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755117668,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40928,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":419,"source":"fix.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1493755117668,"flow_last_seen":1493755117668,"flow_idle_time":7580000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755117668,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40928,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00588{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":420,"source":"fix.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1493755117668,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":152,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":152,"pkt_l4_len":118,"thread_ts_msec":1493755117668,"pkt":"ACJNe\/gxTHK5MeMlCABFAACK1yxAAEAGhFXAqAAUCBEWH5\/gD6Bu8UTiG402I4AY\/+CkEwAAAQEICnIP3\/PKvkd1OD1GSVhDT01QATk9NzEBeJwFwbENgDAMBEB5IKJ\/Ow5OpG+R2ICWho6G\/QvuSsd5td5oU0BPixQsusCsLEuXgzsSvnGurBXDSNdzf68R4gj7Ad5tDd0="}
00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"fix.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1493755117687,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1493755117687,"pkt":"THK5MeMlACJNe\/gxCABFAAA09L8AAPUG8hcIERYfwKgAFA+gn+AbjTYjbvFFOIAQ\/\/9+KwAAAQEICsq+R4lyD9\/z"}
00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":456,"flow_first_seen":1493755109301,"flow_last_seen":1493755132102,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":457,"flow_tot_l4_payload_len":14279,"flow_avg_l4_payload_len":31,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45578,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":70,"flow_first_seen":1493755109440,"flow_last_seen":1493755131870,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":87,"flow_tot_l4_payload_len":1392,"flow_avg_l4_payload_len":19,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45584,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1493755110328,"flow_last_seen":1493755132019,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":920,"flow_avg_l4_payload_len":25,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40918,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1493755117668,"flow_last_seen":1493755127687,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":249,"flow_avg_l4_payload_len":41,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40928,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1493755116662,"flow_last_seen":1493755126832,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":401,"flow_avg_l4_payload_len":36,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"217.192.86.32","dst_ip":"192.168.0.20","src_port":4000,"dst_port":53330,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":222,"flow_first_seen":1493755109242,"flow_last_seen":1493755131889,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":9909,"flow_avg_l4_payload_len":44,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":43594,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1493755109301,"flow_last_seen":1493755128771,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":113,"flow_tot_l4_payload_len":401,"flow_avg_l4_payload_len":40,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47952,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1493755109654,"flow_last_seen":1493755129718,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":375,"flow_avg_l4_payload_len":37,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47962,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":401,"flow_first_seen":1493755109264,"flow_last_seen":1493755132120,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":8240,"flow_avg_l4_payload_len":20,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47968,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1493755111956,"flow_last_seen":1493755132007,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":372,"flow_avg_l4_payload_len":37,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38646,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1493755110320,"flow_last_seen":1493755130355,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":647,"flow_avg_l4_payload_len":35,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38652,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1493755113353,"flow_last_seen":1493755123449,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":401,"flow_avg_l4_payload_len":36,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":39094,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":228,"flow_dst_packets_processed":228,"flow_first_seen":1493755109301,"flow_last_seen":1493755132102,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":457,"flow_tot_l4_payload_len":14279,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45578,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":35,"flow_dst_packets_processed":35,"flow_first_seen":1493755109440,"flow_last_seen":1493755131870,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":87,"flow_tot_l4_payload_len":1392,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45584,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":18,"flow_first_seen":1493755110328,"flow_last_seen":1493755132019,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":920,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40918,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1493755117668,"flow_last_seen":1493755127687,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":249,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40928,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1493755116662,"flow_last_seen":1493755126832,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":401,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"217.192.86.32","dst_ip":"192.168.0.20","src_port":4000,"dst_port":53330,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":111,"flow_dst_packets_processed":111,"flow_first_seen":1493755109242,"flow_last_seen":1493755131889,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":9909,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":43594,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1493755109301,"flow_last_seen":1493755128771,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":113,"flow_tot_l4_payload_len":401,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47952,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1493755109654,"flow_last_seen":1493755129718,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":375,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47962,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":201,"flow_dst_packets_processed":200,"flow_first_seen":1493755109264,"flow_last_seen":1493755132120,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":8240,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47968,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1493755111956,"flow_last_seen":1493755132007,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":372,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38646,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":9,"flow_first_seen":1493755110320,"flow_last_seen":1493755130355,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":647,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38652,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1493755113353,"flow_last_seen":1493755123449,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":401,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":39094,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00562{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","packets-captured":1261,"packets-processed":1261,"total-skipped-flows":0,"total-l4-payload-len":37586,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":12,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":75,"global_ts_msec":1493755132120}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 1261/1261
@@ -81,10 +81,10 @@
~~ total active/idle flows...: 12/12
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6075882 bytes
~~ total memory freed........: 6075882 bytes
~~ total memory allocated....: 6075978 bytes
~~ total memory freed........: 6075978 bytes
~~ total allocations/frees...: 122193/122193
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 453 chars
~~ json string max len.......: 676 chars
~~ json string avg len.......: 563 chars
~~ json string max len.......: 684 chars
~~ json string avg len.......: 567 chars

20
test/results/fix2.pcap.out
View File

@@ -1,17 +1,17 @@
00455{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"fix2.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00544{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"fix2.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1614758889587}
00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"fix2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614758889588,"flow_last_seen":1614758889588,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614758889588,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":34962,"dst_port":1024,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"fix2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614758889588,"flow_last_seen":1614758889588,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614758889588,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":34962,"dst_port":1024,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"fix2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1614758889588,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614758889588,"pkt":"5kBKB+riApXG95NLCABFAAAweTwAAIAGAAAKZQACCmYAAoiSBAAt1D8pAAAAAHACgAEU8QAAAgQFtAMDAQA="}
00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"fix2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614758889589,"flow_last_seen":1614758889589,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614758889589,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.9","src_port":34963,"dst_port":1024,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"fix2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614758889589,"flow_last_seen":1614758889589,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614758889589,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.9","src_port":34963,"dst_port":1024,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"fix2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1614758889589,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614758889589,"pkt":"5kBKB+riApXG95NLCABFAAAweT0AAIAGAAAKZQACCmYACYiTBAAt1EIqAAAAAHACgAEU+AAAAgQFtAMDAQA="}
00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"fix2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1614758889589,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614758889589,"pkt":"WgXZu6TVApXG95WRCABFAAAweT4AAIAGrLsKZgACCmUAAgQAiJIt1EL8LdQ\/KnASgAGE3gAAAgQFtAMDAQA="}
00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"fix2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1614758889589,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1614758889589,"pkt":"5kBKB+riApXG95NLCABFAAAoeT4AAIAGAAAKZQACCmYAAoiSBAAt1D8qLdRC\/VAQgAEU6QAAAAAAAAAA"}
00619{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"fix2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614758889588,"flow_last_seen":1614758889589,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":85,"flow_avg_l4_payload_len":21,"midstream":0,"thread_ts_msec":1614758889589,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":34962,"dst_port":1024,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"fix2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1614758889588,"flow_last_seen":1614758889589,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":85,"midstream":0,"thread_ts_msec":1614758889589,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":34962,"dst_port":1024,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"fix2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1614758889589,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614758889589,"pkt":"WgXZu6TVApXG95WRCABFAAAweT8AAIAGrLMKZgAJCmUAAgQAiJMt1EWWLdRCK3ASgAF\/OwAAAgQFtAMDAQA="}
00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"fix2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1614758889589,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1614758889589,"pkt":"5kBKB+riApXG95NLCABFAAAoeUAAAIAGAAAKZQACCmYACYiTBAAt1EIrLdRFl1AQgAEU8AAAAAAAAAAA"}
00620{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"fix2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614758889589,"flow_last_seen":1614758889589,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":85,"flow_avg_l4_payload_len":21,"midstream":0,"thread_ts_msec":1614758889589,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.9","src_port":34963,"dst_port":1024,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00667{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3049,"source":"fix2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1987,"flow_first_seen":1614758889588,"flow_last_seen":1614758889595,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":39543,"flow_avg_l4_payload_len":19,"midstream":0,"thread_ts_msec":1614758889595,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":34962,"dst_port":1024,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00667{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3049,"source":"fix2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1059,"flow_first_seen":1614758889589,"flow_last_seen":1614758889595,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":28413,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1614758889595,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.9","src_port":34963,"dst_port":1024,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"fix2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1614758889589,"flow_last_seen":1614758889589,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":85,"midstream":0,"thread_ts_msec":1614758889589,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.9","src_port":34963,"dst_port":1024,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00675{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3049,"source":"fix2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":683,"flow_dst_packets_processed":1304,"flow_first_seen":1614758889588,"flow_last_seen":1614758889595,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":39543,"midstream":0,"thread_ts_msec":1614758889595,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":34962,"dst_port":1024,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00674{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3049,"source":"fix2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":411,"flow_dst_packets_processed":648,"flow_first_seen":1614758889589,"flow_last_seen":1614758889595,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":28413,"midstream":0,"thread_ts_msec":1614758889595,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.9","src_port":34963,"dst_port":1024,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00560{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3049,"source":"fix2.pcap","alias":"nDPId-test","packets-captured":3049,"packets-processed":3046,"total-skipped-flows":0,"total-l4-payload-len":67956,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_msec":1614758889595}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 3049/3046
@@ -21,10 +21,10 @@
~~ total active/idle flows...: 2/2
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6096567 bytes
~~ total memory freed........: 6096567 bytes
~~ total memory allocated....: 6096583 bytes
~~ total memory freed........: 6096583 bytes
~~ total allocations/frees...: 123928/123928
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 459 chars
~~ json string max len.......: 672 chars
~~ json string avg len.......: 561 chars
~~ json string max len.......: 680 chars
~~ json string avg len.......: 565 chars

Some files were not shown because too many files have changed in this diff Show More